{"vulnerability": "CVE-2025-4650", "sightings": [{"uuid": "dde15447-f9a0-45e2-a664-6a05f822a974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4650", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lwzd2j5tkd27", "content": "", "creation_timestamp": "2025-08-22T20:43:10.144775Z"}, {"uuid": "b8c0927c-9788-445d-ab58-e53f1d0439c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46503", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13295", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46503\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid allows Server Side Request Forgery. This issue affects Simple Google Photos Grid: from n/a through 1.5.\n\ud83d\udccf Published: 2025-04-24T16:09:22.403Z\n\ud83d\udccf Modified: 2025-04-24T16:09:22.403Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simple-google-photos-grid/vulnerability/wordpress-simple-google-photos-grid-1-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T17:06:51.000000Z"}, {"uuid": "b5d35a8a-9bf9-47ac-8d16-db4d5d481666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46509", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13338", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46509\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey Mikhalchuk 360 View allows Stored XSS. This issue affects 360 View: from n/a through 1.1.0.\n\ud83d\udccf Published: 2025-04-24T16:09:13.671Z\n\ud83d\udccf Modified: 2025-04-24T20:01:41.349Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/360-view/vulnerability/wordpress-360-view-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T20:06:53.000000Z"}, {"uuid": "617e0710-a41b-4efc-96e9-47295d245121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46505", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13337", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46505\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1.\n\ud83d\udccf Published: 2025-04-24T16:09:13.086Z\n\ud83d\udccf Modified: 2025-04-24T20:01:49.404Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/peekaboo/vulnerability/wordpress-peekaboo-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T20:06:52.000000Z"}, {"uuid": "1075d164-9663-4af7-b17e-d3016320d89d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46501", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13336", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46501\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biancardi Mixcloud Embed allows Stored XSS. This issue affects Mixcloud Embed: from n/a through 2.2.0.\n\ud83d\udccf Published: 2025-04-24T16:09:12.520Z\n\ud83d\udccf Modified: 2025-04-24T20:01:58.071Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/mixcloud-embed/vulnerability/wordpress-mixcloud-embed-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T20:06:48.000000Z"}, {"uuid": "6bd660f2-75cc-4b0e-ac31-78a881a2d6ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46507", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13289", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46507\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.\n\ud83d\udccf Published: 2025-04-24T16:09:25.870Z\n\ud83d\udccf Modified: 2025-04-24T16:09:25.870Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/unsafe-mimetypes/vulnerability/wordpress-unsafe-mimetypes-plugin-0-1-4-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T17:06:45.000000Z"}]}