{"vulnerability": "CVE-2025-4770", "sightings": [{"uuid": "f447812a-2709-4dfd-9edb-d2895cddb084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47701", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16348", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47701\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.\n\ud83d\udccf Published: 2025-05-14T17:01:18.960Z\n\ud83d\udccf Modified: 2025-05-14T17:01:18.960Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-047", "creation_timestamp": "2025-05-14T17:32:20.000000Z"}, {"uuid": "5efb60d8-b731-43c4-a8c4-ff123b2d5a58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47707", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5oiz2mo62e", "content": "", "creation_timestamp": "2025-05-14T18:57:13.704031Z"}, {"uuid": "0d9e77c7-15d1-4fad-a5c1-06c8f49632ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47704", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5oizeczd2l", "content": "", "creation_timestamp": "2025-05-14T18:57:14.406032Z"}, {"uuid": "d8b54005-2726-4a6d-a3a3-8dd5904b3587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47708", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5oizhqf72h", "content": "", "creation_timestamp": "2025-05-14T18:57:14.942640Z"}, {"uuid": "8e70db4a-8559-499a-8815-93aa27b45b6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47709", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5oizl3ac2o", "content": "", "creation_timestamp": "2025-05-14T18:57:15.542046Z"}, {"uuid": "f2755685-aa7a-4d2e-89b0-475019760cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47705", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5oizrvlh2h", "content": "", "creation_timestamp": "2025-05-14T18:57:16.668165Z"}, {"uuid": "6fc20fd9-941a-4166-b9c2-f031daffb8fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47706", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5oizvdwt2l", "content": "", "creation_timestamp": "2025-05-14T18:57:17.284068Z"}, {"uuid": "a9a98f99-5125-444f-b7c2-01b2705ee8ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47705", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16344", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47705\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5.\n\ud83d\udccf Published: 2025-05-14T17:02:25.341Z\n\ud83d\udccf Modified: 2025-05-14T17:02:25.341Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-051", "creation_timestamp": "2025-05-14T17:32:15.000000Z"}, {"uuid": "a52d668d-1083-4376-bb84-0b6df5a38191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47703", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16346", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47703\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14.\n\ud83d\udccf Published: 2025-05-14T17:01:49.816Z\n\ud83d\udccf Modified: 2025-05-14T17:01:49.816Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-049", "creation_timestamp": "2025-05-14T17:32:18.000000Z"}, {"uuid": "56830abf-cb27-4437-adef-82168e608dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47709", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16340", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47709\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.\n\ud83d\udccf Published: 2025-05-14T17:03:28.895Z\n\ud83d\udccf Modified: 2025-05-14T17:03:28.895Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-055", "creation_timestamp": "2025-05-14T17:32:10.000000Z"}, {"uuid": "3a07ca9c-8ce4-4817-975b-8496de28c350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47704", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16345", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47704\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5.\n\ud83d\udccf Published: 2025-05-14T17:02:09.877Z\n\ud83d\udccf Modified: 2025-05-14T17:02:09.877Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-050", "creation_timestamp": "2025-05-14T17:32:16.000000Z"}, {"uuid": "f35161b7-e292-4ca1-84cd-aa1630ef14ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47702", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16347", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47702\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2.\n\ud83d\udccf Published: 2025-05-14T17:01:36.012Z\n\ud83d\udccf Modified: 2025-05-14T17:01:36.012Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-048", "creation_timestamp": "2025-05-14T17:32:19.000000Z"}, {"uuid": "be082def-d257-415b-bf79-5828a4b9f282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47706", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16343", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47706\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.\n\ud83d\udccf Published: 2025-05-14T17:02:44.744Z\n\ud83d\udccf Modified: 2025-05-14T17:02:44.744Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-052", "creation_timestamp": "2025-05-14T17:32:14.000000Z"}, {"uuid": "c11240ba-d823-4045-a56c-a51911cde37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47707", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16342", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47707\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.\n\ud83d\udccf Published: 2025-05-14T17:03:02.330Z\n\ud83d\udccf Modified: 2025-05-14T17:03:02.330Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-053", "creation_timestamp": "2025-05-14T17:32:13.000000Z"}, {"uuid": "66bf2277-a0e0-456d-9ed0-77f860781330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47708", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16341", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47708\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.\n\ud83d\udccf Published: 2025-05-14T17:03:14.838Z\n\ud83d\udccf Modified: 2025-05-14T17:03:14.838Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-054", "creation_timestamp": "2025-05-14T17:32:12.000000Z"}, {"uuid": "337d0688-0714-45dc-827e-6b48c94e542b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4770", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16674", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4770\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T11:00:07.999Z\n\ud83d\udccf Modified: 2025-05-16T11:00:07.999Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309071\n2. https://vuldb.com/?ctiid.309071\n3. https://vuldb.com/?submit.572134\n4. https://github.com/f1rstb100d/myCVE/issues/2\n5. https://phpgurukul.com/", "creation_timestamp": "2025-05-16T11:34:54.000000Z"}]}