{"vulnerability": "cve-2025-2974", "sightings": [{"uuid": "d8e1fae5-2fae-46e7-b2bb-fae729efa9f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29744", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrggybhfun2e", "content": "", "creation_timestamp": "2025-06-12T17:26:56.729625Z"}, {"uuid": "0477a6ff-f6fd-4565-bc00-0149393507ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2974", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:57.000000Z"}, {"uuid": "4be3e9c7-0823-4cb6-a121-c4ee272d7f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29746", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lomgxucpn52j", "content": "", "creation_timestamp": "2025-05-07T22:27:07.755061Z"}, {"uuid": "7732fe49-de74-4f5f-ad9f-ce780de1c1cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29744", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18655", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29744\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.\n\ud83d\udccf Published: 2025-06-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-17T19:11:12.905Z\n\ud83d\udd17 References:\n1. https://github.com/vitaly-t/pg-promise/discussions/911\n2. https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/", "creation_timestamp": "2025-06-17T19:39:31.000000Z"}, {"uuid": "3ed3f40d-d9ed-4f40-8046-aca04bcff410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29745", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvr4oabhcc2f", "content": "", "creation_timestamp": "2025-08-06T21:02:26.791000Z"}, {"uuid": "c921b7be-fda0-4598-a48e-9f55e1e83d10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2974", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"}, {"uuid": "52df1406-d492-438a-98ba-2303cbad6ac7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2974", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9698", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2974\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-31T03:31:05.880Z\n\ud83d\udccf Modified: 2025-03-31T16:04:34.258Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302026\n2. https://vuldb.com/?ctiid.302026\n3. https://vuldb.com/?submit.522737\n4. https://bytium.com/stored-xss-in-perfex-crm-3-2-1-contracts-module/", "creation_timestamp": "2025-03-31T16:33:22.000000Z"}, {"uuid": "9c51c328-b4af-4fd7-8277-4e7a18dddac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29743", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12979", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29743\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.\n\ud83d\udccf Published: 2025-04-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T20:41:31.902Z\n\ud83d\udd17 References:\n1. https://github.com/n0wstr/IOTVuln/blob/main/DIR-816/DelRouting/readme.md", "creation_timestamp": "2025-04-22T21:04:19.000000Z"}, {"uuid": "eeee6346-2a72-4a93-8a56-1a1a619c879f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29746", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15382", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29746\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components\n\ud83d\udccf Published: 2025-05-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T19:00:27.789Z\n\ud83d\udd17 References:\n1. https://github.com/benjaminjonard/koillection/issues/1329\n2. https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe", "creation_timestamp": "2025-05-07T19:22:16.000000Z"}, {"uuid": "02b6d2e6-84dd-4831-b8d1-ea29eb9cb3f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29743", "type": "seen", "source": "https://t.me/cvedetector/23562", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29743 - D-Link DIR-816 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29743 \nPublished : April 22, 2025, 8:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-23T00:15:53.000000Z"}, {"uuid": "33f508ca-e1bf-4541-bd96-49f5844c3d61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2974", "type": "seen", "source": "https://t.me/cvedetector/21539", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2974 - CodeCanyon Perfex CRM Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2974 \nPublished : March 31, 2025, 4:15 a.m. | 27\u00a0minutes ago \nDescription : A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T07:28:39.000000Z"}, {"uuid": "c975ae11-18f7-4484-b889-cdd51af2e438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29746", "type": "seen", "source": "https://t.me/cvedetector/24761", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29746 - Koillection Cross Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-29746 \nPublished : May 7, 2025, 7:16 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T23:12:22.000000Z"}]}