{"vulnerability": "CVE-2025-4794", "sightings": [{"uuid": "1217d85c-4e42-44cc-a689-84f47bf63e80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpp4jblwwfg2", "content": "", "creation_timestamp": "2025-05-21T17:23:13.463882Z"}, {"uuid": "e1f4d75b-1008-4778-a948-1f050e9235b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-47946", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3lpjjr442kx2g", "content": "", "creation_timestamp": "2025-05-19T12:04:13.314638Z"}, {"uuid": "a09e756c-464a-47e5-98ae-0c2a3e3312eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47942", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114548111014247564", "content": "", "creation_timestamp": "2025-05-21T22:11:04.013131Z"}, {"uuid": "9a4dfe20-bb93-4e7d-9b7f-e261123ad7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47947", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114548409339459848", "content": "", "creation_timestamp": "2025-05-21T23:26:56.301159Z"}, {"uuid": "fc37c33e-5133-438a-b315-77c2cad06433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47947", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114614778635202833", "content": "", "creation_timestamp": "2025-06-02T16:45:31.774241Z"}, {"uuid": "59aa19f4-46af-4714-910b-85a676c692c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lppn6jybxu23", "content": "", "creation_timestamp": "2025-05-21T22:21:23.921481Z"}, {"uuid": "22537b79-d799-4e2f-8f0a-14722185f96b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47942", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lppwwojqjv2j", "content": "", "creation_timestamp": "2025-05-22T01:15:57.518375Z"}, {"uuid": "cda61746-0077-44f9-a5a0-936eec3b743c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47947", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lppxa2bovk2r", "content": "", "creation_timestamp": "2025-05-22T01:21:11.941896Z"}, {"uuid": "4c5f5b17-782a-4c9d-8369-e906b9ccbb12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3lpk3uxh4c22q", "content": "", "creation_timestamp": "2025-05-19T17:28:32.341032Z"}, {"uuid": "e7291f31-b0d2-4d09-8364-54e3b3bdf5c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47947", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lpwdavsffs2l", "content": "", "creation_timestamp": "2025-05-24T14:12:25.032903Z"}, {"uuid": "165c2709-d81e-4395-9768-fbfa338013a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpql3xtf6gc2", "content": "", "creation_timestamp": "2025-05-22T07:19:35.580946Z"}, {"uuid": "7f55dc6f-b887-4c62-9577-29894260a3d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpqy6pgm6mg2", "content": "", "creation_timestamp": "2025-05-22T11:12:22.547905Z"}, {"uuid": "cbea888a-227b-4324-a156-d1d23aac2c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4794", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcpzdjjth2h", "content": "", "creation_timestamp": "2025-05-16T19:07:35.236835Z"}, {"uuid": "cf2bcea5-1818-46e2-8051-d2b76fc8f3dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114536554270426361", "content": "", "creation_timestamp": "2025-05-19T21:12:02.349484Z"}, {"uuid": "7fe62860-930d-401d-8948-9b065d45cf33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://bsky.app/profile/mbissey.bsky.social/post/3lpr6lhhhir24", "content": "", "creation_timestamp": "2025-05-22T13:05:31.446393Z"}, {"uuid": "9fea5d57-a8ac-4f62-8f41-630e19ec36ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114566054356767623", "content": "", "creation_timestamp": "2025-05-25T02:14:21.054303Z"}, {"uuid": "3976783b-99b5-47a7-b01c-17a992e7a6c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkigpb7rp2s", "content": "", "creation_timestamp": "2025-05-19T21:13:10.753832Z"}, {"uuid": "e0f8522b-7968-4709-a31e-f1643a8df569", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkigphtmz2v", "content": "", "creation_timestamp": "2025-05-19T21:13:12.034227Z"}, {"uuid": "a9e4af79-4796-44e7-88c9-f4975b4bc06d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47946", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpkigplesg2h", "content": "", "creation_timestamp": "2025-05-19T21:13:12.672713Z"}, {"uuid": "24156072-812c-4d1e-bc69-06934602063b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://bsky.app/profile/j4vv4d.com/post/3lqcydrnwnt27", "content": "", "creation_timestamp": "2025-05-29T15:01:46.633492Z"}, {"uuid": "f876757f-8b4a-452a-a63b-be3ca64f14c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47945", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpfh7bsdbr2o", "content": "", "creation_timestamp": "2025-05-17T21:07:49.932068Z"}, {"uuid": "17f1b0ee-15fb-447e-a4b4-c65a647098ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lprzzxmmtwc2", "content": "", "creation_timestamp": "2025-05-22T21:19:50.405920Z"}, {"uuid": "1ccc0a96-0489-4af6-873f-752bbf623bf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47948", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpfh7c4aev2w", "content": "", "creation_timestamp": "2025-05-17T21:07:51.770583Z"}, {"uuid": "85483e44-c686-4927-a95a-ee668d025a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47945", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpfeutnaoyj2", "content": "", "creation_timestamp": "2025-05-17T20:26:39.534809Z"}, {"uuid": "a618a191-aae1-4184-ae19-79ab6d2bc05d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47941", "type": "seen", "source": "https://bsky.app/profile/OpenSource.activitypub.awakari.com.ap.brid.gy/post/3lpmgr7qhiut2", "content": "", "creation_timestamp": "2025-05-20T15:48:48.738631Z"}, {"uuid": "b94f12cf-612b-4033-91f9-a5045c593fd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47948", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpff5yjn5jj2", "content": "", "creation_timestamp": "2025-05-17T20:31:28.693136Z"}, {"uuid": "a8b08427-cc9e-4fd8-a615-6caae3f07ce0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47941", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpmerr5usp2p", "content": "", "creation_timestamp": "2025-05-20T15:13:06.964802Z"}, {"uuid": "d9f9108b-5466-435c-a749-9c961827f1c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47940", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpmerrhrd62h", "content": "", "creation_timestamp": "2025-05-20T15:13:08.556876Z"}, {"uuid": "f09aa8e0-2abd-4cbd-87a5-f28057d17254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47940", "type": "seen", "source": "https://bsky.app/profile/OpenSource.activitypub.awakari.com.ap.brid.gy/post/3lpmgrimwpws2", "content": "", "creation_timestamp": "2025-05-20T15:48:49.507221Z"}, {"uuid": "35f77c2a-e17a-4cef-8f6d-b3798c57b24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47947", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lqst3bcevk2b", "content": "", "creation_timestamp": "2025-06-04T22:10:10.346386Z"}, {"uuid": "385d536d-2d78-413f-a417-7828db600d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lptgvef3a22p", "content": "", "creation_timestamp": "2025-05-23T10:39:33.439169Z"}, {"uuid": "0f423eb1-b6d9-4fc8-acd6-427d3a899392", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lpmxrwpmss25", "content": "", "creation_timestamp": "2025-05-20T20:53:13.527817Z"}, {"uuid": "8f3729cb-b312-44b8-94e4-4dc9f97a5349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://bsky.app/profile/royans.bsky.social/post/3lptvoaxlda25", "content": "", "creation_timestamp": "2025-05-23T15:04:00.738878Z"}, {"uuid": "aa736067-b9ed-431c-9220-b68e6cec894b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lposvng3cie2", "content": "", "creation_timestamp": "2025-05-21T14:31:39.847722Z"}, {"uuid": "a49d0105-89c8-492c-b71f-a1ad771fae35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpo2rtegzfl2", "content": "", "creation_timestamp": "2025-05-21T07:19:32.327860Z"}, {"uuid": "0cc15f60-cdbd-4140-806a-0c2ec4b307d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpogpz3pnwx2", "content": "", "creation_timestamp": "2025-05-21T10:56:18.088769Z"}, {"uuid": "cfdb9fe2-661d-4356-bbcb-6a50b9538541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-47947", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "50e726ee-80f9-469f-9161-50be7d93b4e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16911", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47949\n\ud83d\udd25 CVSS Score: 9.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N)\n\ud83d\udd39 Description: samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.\n\ud83d\udccf Published: 2025-05-19T19:28:45.476Z\n\ud83d\udccf Modified: 2025-05-19T19:28:45.476Z\n\ud83d\udd17 References:\n1. https://github.com/tngan/samlify/security/advisories/GHSA-r683-v43c-6xqv\n2. https://github.com/tngan/samlify/commit/115679acd89f0a37ea3ebd8fff7db54fca3e8af3", "creation_timestamp": "2025-05-19T19:38:59.000000Z"}, {"uuid": "e43afa8e-2956-4537-8133-31964aec5db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47946", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16915", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47946\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering `{{ attributes }}` or using any method that returns a `ComponentAttributes` instance (e.g. `only()`, `defaults()`, `without()`) ouputs attribute values directly without escaping. If these values are unsafe (e.g. contain user input), this can lead to HTML attribute injection and XSS vulnerabilities. The issue is fixed in version `2.25.1` of `symfony/ux-twig-component` Those who use `symfony/ux-live-component` must also update it to `2.25.1` to benefit from the fix, as it reuses the `ComponentAttributes` class internally. As a workaround, avoid rendering `{{ attributes }}` or derived objects directly if it may contain untrusted values.\nInstead, use `{{ attributes.render('name') }}` for safe output of individual attributes.\n\ud83d\udccf Published: 2025-05-19T19:25:19.350Z\n\ud83d\udccf Modified: 2025-05-19T19:25:19.350Z\n\ud83d\udd17 References:\n1. https://github.com/symfony/ux/security/advisories/GHSA-5j3w-5pcr-f8hg\n2. https://github.com/symfony/ux/commit/b5d1c85995c128cb926d47a96cfbfbd500b643a8", "creation_timestamp": "2025-05-19T19:39:06.000000Z"}, {"uuid": "b33d3893-ebee-48e6-9994-027404814923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47944", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16917", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47944\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.\n\ud83d\udccf Published: 2025-05-19T19:20:45.401Z\n\ud83d\udccf Modified: 2025-05-19T19:20:45.401Z\n\ud83d\udd17 References:\n1. https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h\n2. https://github.com/expressjs/multer/issues/1176\n3. https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", "creation_timestamp": "2025-05-19T19:39:08.000000Z"}, {"uuid": "8614369e-d97b-4518-9719-0edc1d7bb51c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47941", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16980", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47941\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem.\n\ud83d\udccf Published: 2025-05-20T14:07:33.017Z\n\ud83d\udccf Modified: 2025-05-20T14:34:13.675Z\n\ud83d\udd17 References:\n1. https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9\n2. https://typo3.org/security/advisory/typo3-core-sa-2025-015", "creation_timestamp": "2025-05-20T14:40:38.000000Z"}, {"uuid": "ba0ca7f3-ece1-49b7-b24b-d390e7313016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47943", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19308", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47943\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.\n\ud83d\udccf Published: 2025-06-24T03:48:06.012Z\n\ud83d\udccf Modified: 2025-06-24T03:48:06.012Z\n\ud83d\udd17 References:\n1. https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v\n2. https://github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40\n3. https://github.com/gogs/gogs/releases/tag/v0.13.3", "creation_timestamp": "2025-06-24T04:48:48.000000Z"}, {"uuid": "3ae68400-6f78-47c5-85ef-5a88646aefcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://t.me/S_E_Reborn/5642", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u0430\u043c\u0438. \u0412 \u043d\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0435:\n\n1. Pentestpartners \u043d\u0430\u0448\u043b\u0438 \u0441\u043f\u043e\u0441\u043e\u0431 \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u00a0\u0438 \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Microsoft SharePoint, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0431\u043c\u0430\u043d \u0430\u0433\u0435\u043d\u0442\u0430 \u0418\u0418.\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Project Discovery \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u043e\u0440\u043a\u0435\u0441\u0442\u0440\u043e\u0432\u043a\u0438 \u0441\u0435\u0442\u0438 Versa Concerto, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Concerto.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 - \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CVE-2025-34027) \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 10/10. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0438 Versa Networks \u043e \u0442\u0440\u0435\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435, \u043d\u043e \u043d\u0435\u044f\u0441\u043d\u043e, \u0431\u044b\u043b\u0438 \u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n3. \u041e\u043c\u0435\u0440 \u041c\u0430\u0439\u0440\u0430\u0437 \u0438\u0437 Legit Security \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0438 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043c\u043e\u0449\u043d\u0438\u043a\u0430 GitLab Duo AI, \u0447\u0442\u043e\u0431\u044b \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 CVE-2025-32756, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FortiVoice.\n\n5. Profero \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0434\u0432\u0443\u0445 0-day Ivanti, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 (CVE-2025-4427 \u0438 CVE-2025-4428) \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u041a\u041d\u0420 UNC5221, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0442\u0430\u043a\u0436\u0435 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Palo Alto Networks \u0438 SAP \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043c\u0430\u044f\u043a\u043e\u0432 KrustyLoader \u0438 Sliver.\n\n6. Rhino Security \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0434\u043b\u044f CVE-2025-26147, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Denode Scheduler.\n\n7. 8Com \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 CVE-2025-26817, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Netwrix Password Secure, \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u0440\u043e\u043b\u0435\u0439.\n\n8. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Samlify Node.js \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043f\u0430\u043a\u043e\u0432\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML SSO (CVE-2025-47949).\n\n9. CISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Commvault (CVE-2025-3928 \u0441 CVSS 8,7) \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0440\u0435\u0434 Azure.\n\nCommvault \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u043d\u043e \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0434\u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0443 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b Commvault \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0432\u043e\u0438\u0445 \u0441\u0440\u0435\u0434 M365.\n\n10. \u0411\u043e\u043b\u0435\u0435 100 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 AutomationDirect MB-Gateway \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0438\u0437-\u0437\u0430 CVE-2025-36535 (CVSS 10). \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0448\u043b\u044e\u0437 Modbus \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n11. Atlassian\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0432\u043e\u0441\u0435\u043c\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0448\u0435\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Bamboo, Confluence, Fisheye/Crucible \u0438 Jira. \u0412\u0441\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0431\u044b\u043b\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438\u043b\u0438 EoP \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n12. GitLab\u00a0\u043e\u0431\u044a\u044f\u0432\u0438\u043b\u00a0\u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 10 \u043e\u0448\u0438\u0431\u043e\u043a, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 GitLab Community Edition (CE) \u0438 Enterprise Edition (EE). \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u0430\u044f CVE-2025-0993 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f DoS.\n\n13. Cisco \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0434\u0435\u0441\u044f\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Identity Services Engine (ISE) \u0438 Unified Intelligence Center - CVE-2025-20152 \u0438 CVE-2025-20113.", "creation_timestamp": "2025-05-24T10:35:39.000000Z"}, {"uuid": "e0b6e536-dcc1-49d6-9ef4-a91f66087c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47947", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17210", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47947\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.\n\ud83d\udccf Published: 2025-05-21T22:08:31.982Z\n\ud83d\udccf Modified: 2025-05-21T22:08:31.982Z\n\ud83d\udd17 References:\n1. https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r\n2. https://github.com/owasp-modsecurity/ModSecurity/pull/3389", "creation_timestamp": "2025-05-21T22:41:54.000000Z"}, {"uuid": "ae24ab9e-0c7f-4d12-9a96-7aa6cef82689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47949", "type": "seen", "source": "https://t.me/true_secator/7066", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u0430\u043c\u0438. \u0412 \u043d\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0435:\n\n1. Pentestpartners \u043d\u0430\u0448\u043b\u0438 \u0441\u043f\u043e\u0441\u043e\u0431 \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u00a0\u0438 \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Microsoft SharePoint, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0431\u043c\u0430\u043d \u0430\u0433\u0435\u043d\u0442\u0430 \u0418\u0418.\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Project Discovery \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u043e\u0440\u043a\u0435\u0441\u0442\u0440\u043e\u0432\u043a\u0438 \u0441\u0435\u0442\u0438 Versa Concerto, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Concerto.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 - \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CVE-2025-34027) \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 10/10. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0438 Versa Networks \u043e \u0442\u0440\u0435\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435, \u043d\u043e \u043d\u0435\u044f\u0441\u043d\u043e, \u0431\u044b\u043b\u0438 \u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n3. \u041e\u043c\u0435\u0440 \u041c\u0430\u0439\u0440\u0430\u0437 \u0438\u0437 Legit Security \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0438 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043c\u043e\u0449\u043d\u0438\u043a\u0430 GitLab Duo AI, \u0447\u0442\u043e\u0431\u044b \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 CVE-2025-32756, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FortiVoice.\n\n5. Profero \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0434\u0432\u0443\u0445 0-day Ivanti, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 (CVE-2025-4427 \u0438 CVE-2025-4428) \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u041a\u041d\u0420 UNC5221, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0442\u0430\u043a\u0436\u0435 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Palo Alto Networks \u0438 SAP \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043c\u0430\u044f\u043a\u043e\u0432 KrustyLoader \u0438 Sliver.\n\n6. Rhino Security \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0434\u043b\u044f CVE-2025-26147, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Denode Scheduler.\n\n7. 8Com \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 CVE-2025-26817, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Netwrix Password Secure, \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u0440\u043e\u043b\u0435\u0439.\n\n8. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Samlify Node.js \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043f\u0430\u043a\u043e\u0432\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML SSO (CVE-2025-47949).\n\n9. CISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Commvault (CVE-2025-3928 \u0441 CVSS 8,7) \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0440\u0435\u0434 Azure.\n\nCommvault \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u043d\u043e \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0434\u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0443 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b Commvault \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0432\u043e\u0438\u0445 \u0441\u0440\u0435\u0434 M365.\n\n10. \u0411\u043e\u043b\u0435\u0435 100 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 AutomationDirect MB-Gateway \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0438\u0437-\u0437\u0430 CVE-2025-36535 (CVSS 10). \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0448\u043b\u044e\u0437 Modbus \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n11. Atlassian\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0432\u043e\u0441\u0435\u043c\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0448\u0435\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Bamboo, Confluence, Fisheye/Crucible \u0438 Jira. \u0412\u0441\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0431\u044b\u043b\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438\u043b\u0438 EoP \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n12. GitLab\u00a0\u043e\u0431\u044a\u044f\u0432\u0438\u043b\u00a0\u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 10 \u043e\u0448\u0438\u0431\u043e\u043a, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 GitLab Community Edition (CE) \u0438 Enterprise Edition (EE). \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u0430\u044f CVE-2025-0993 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f DoS.\n\n13. Cisco \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0434\u0435\u0441\u044f\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Identity Services Engine (ISE) \u0438 Unified Intelligence Center - CVE-2025-20152 \u0438 CVE-2025-20113.", "creation_timestamp": "2025-05-23T20:00:09.000000Z"}]}