{"vulnerability": "CVE-2025-4655", "sightings": [{"uuid": "fd26cbb6-41df-45f1-9af8-d1f297060665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46550", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnyhw3mny32u", "content": "", "creation_timestamp": "2025-04-29T23:50:51.760443Z"}, {"uuid": "67c20516-37cf-4d3b-a772-27701e5b9942", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46552", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnyhw3q7dj2p", "content": "", "creation_timestamp": "2025-04-29T23:50:52.373560Z"}, {"uuid": "5f6b477d-9bcb-4827-af48-fa1d67328347", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46553", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qrzj5z22", "content": "", "creation_timestamp": "2025-05-05T20:16:47.746857Z"}, {"uuid": "ed6da2be-c364-46f0-a8da-095c455f6226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46558", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114428642542388304", "content": "", "creation_timestamp": "2025-04-30T19:48:40.959612Z"}, {"uuid": "b73a1352-c4e4-4d76-adcb-404006537aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46558", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo2n7ext6a2t", "content": "", "creation_timestamp": "2025-04-30T20:30:48.170858Z"}, {"uuid": "d545b4b6-a86a-4a33-9157-a6f28815d315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46559", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qs4uir2p", "content": "", "creation_timestamp": "2025-05-05T20:16:48.287392Z"}, {"uuid": "35198412-5867-46e1-b5b0-c7f265d51f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46554", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-46554.yaml", "content": "", "creation_timestamp": "2025-08-28T13:39:35.000000Z"}, {"uuid": "5d5c25b1-48d3-4dea-81ed-06936522103d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46551", "type": "seen", "source": "https://bsky.app/profile/jrubyproject.bsky.social/post/3lolurlze3p2s", "content": "", "creation_timestamp": "2025-05-07T17:01:29.447809Z"}, {"uuid": "cae99b08-0567-45a5-9685-e715026fa357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46551", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lolzkd57z32w", "content": "", "creation_timestamp": "2025-05-07T18:26:54.236859Z"}, {"uuid": "7d5ce476-d19c-452b-831a-f6ab9bdb01ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46554", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ly734qb6ee2k", "content": "", "creation_timestamp": "2025-09-06T21:02:30.637105Z"}, {"uuid": "cf7bb459-faaf-4caa-940e-a2e094fbf7ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4655", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lvxazuya6l2p", "content": "", "creation_timestamp": "2025-08-09T07:36:30.248991Z"}, {"uuid": "f5b9926d-81af-43fe-acf7-db427b9aaae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46556", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m4rfslhefs2w", "content": "", "creation_timestamp": "2025-11-04T01:42:17.221648Z"}, {"uuid": "e6800e7b-ce20-45a4-8a02-3b81cd0fef54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46554", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lxnhub4zwq27", "content": "", "creation_timestamp": "2025-08-30T21:02:30.545183Z"}, {"uuid": "bf56d440-35d9-4bb5-8cc1-6fd0ca825b18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46558", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14127", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46558\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that this code is executed by a user with admins or programming rights, this issue compromises the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in version 8.9.\n\ud83d\udccf Published: 2025-04-30T18:27:30.953Z\n\ud83d\udccf Modified: 2025-04-30T19:01:32.321Z\n\ud83d\udd17 References:\n1. https://github.com/xwiki-contrib/syntax-markdown/security/advisories/GHSA-8g2j-rhfh-hq3r\n2. https://github.com/xwiki-contrib/syntax-markdown/commit/d136472d6e8a47981a0ede420a9096f88ffa5035\n3. https://jira.xwiki.org/browse/MARKDOWN-80", "creation_timestamp": "2025-04-30T19:13:38.000000Z"}, {"uuid": "76efe8e6-5d7a-4882-863c-e7055e7f8b9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46556", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4rkprvmcrb2", "content": "", "creation_timestamp": "2025-11-04T03:10:41.131227Z"}, {"uuid": "a5494955-ee7e-4361-8c22-4a3e3f9cd5eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46550", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13927", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46550\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.\n\ud83d\udccf Published: 2025-04-29T20:41:01.879Z\n\ud83d\udccf Modified: 2025-04-29T20:41:01.879Z\n\ud83d\udd17 References:\n1. https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp\n2. https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a", "creation_timestamp": "2025-04-29T21:13:28.000000Z"}, {"uuid": "a224b359-100c-4aab-8496-5ab7427e5023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46550", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mcdhcmrhtv2t", "content": "", "creation_timestamp": "2026-01-13T21:03:04.656890Z"}, {"uuid": "45b563da-18c0-4f8e-93ef-44596d0c42f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46554", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14130", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46554\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki using the wiki attachment REST endpoint. There is no filtering for the results depending on current user rights, meaning an unauthenticated user could exploit this even in a private wiki. This issue has been patched in versions 14.10.22, 15.10.12, 16.4.3, and 16.7.0.\n\ud83d\udccf Published: 2025-04-30T18:27:53.677Z\n\ud83d\udccf Modified: 2025-04-30T18:59:16.789Z\n\ud83d\udd17 References:\n1. https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r5cr-xm48-97xp\n2. https://github.com/xwiki/xwiki-platform/commit/37ecea84fdd053c33733c2ae9a0778bf98eae608\n3. https://github.com/xwiki/xwiki-platform/commit/a43e933ddeda17dad1772396e1757998260e9342\n4. https://github.com/xwiki/xwiki-platform/commit/c02ce7843a39851865b9d7b6132e32fdd21e3856\n5. https://jira.xwiki.org/browse/XWIKI-22424", "creation_timestamp": "2025-04-30T19:13:41.000000Z"}, {"uuid": "8be00c4a-a57d-4c2d-b043-a35543e7e787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46552", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14112", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46552\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2.\n\ud83d\udccf Published: 2025-04-29T22:13:37.746Z\n\ud83d\udccf Modified: 2025-04-30T17:40:07.561Z\n\ud83d\udd17 References:\n1. https://github.com/Krypto-Hashers-Community/KHC-INVITATION-AUTOMATION/security/advisories/GHSA-7mpf-6gg2-2fjp\n2. https://github.com/Krypto-Hashers-Community/KHC-INVITATION-AUTOMATION/commit/bc908a4ef538b24d4543ae95a413be6afa308bf5", "creation_timestamp": "2025-04-30T18:14:21.000000Z"}, {"uuid": "1e5ad139-8330-4e8b-bdd7-fe8a8e47d165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46557", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14128", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46557\n\ud83d\udd25 CVSS Score: 8.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space (by default, anyone) can access the page XWiki.Authentication.Administration and (unless an authenticator is set in xwiki.cfg) switch to another installed authenticator. Note that, by default, there is only one authenticator available (Standard XWiki Authenticator). So, if no authenticator extension was installed, it's not really possible to do anything for an attacker. Also, in most cases, if an SSO authenticator is installed and utilized (like OIDC or LDAP for example), the worst an attacker can do is break authentication by switching back to the standard authenticator (that's because it's impossible to login to a user which does not have a stored password, and that's usually what SSO authenticator produce). This issue has been patched in versions 15.10.14, 16.4.6, and 16.10.0-rc-1.\n\ud83d\udccf Published: 2025-04-30T18:27:39.895Z\n\ud83d\udccf Modified: 2025-04-30T19:00:26.033Z\n\ud83d\udd17 References:\n1. https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f9c6-2f9p-82jj\n2. https://github.com/xwiki/xwiki-platform/commit/5efc31cea1501c9a5cb593566fea8b558ff32a2a\n3. https://jira.xwiki.org/browse/XWIKI-22604", "creation_timestamp": "2025-04-30T19:13:38.000000Z"}, {"uuid": "8faa667a-d135-4ff2-ba74-c5e0e5dcec80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46551", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15410", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46551\n\ud83d\udd25 CVSS Score: 5.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1), when verifying SSL certificates, JRuby-OpenSSL does not verify that the hostname presented in the certificate matches the one the user tries to connect to. This means a man-in-the-middle could just present any valid cert for a completely different domain they own, and JRuby would accept the cert. Anybody using JRuby to make requests of external APIs, or scraping the web, that depends on https to connect securely. JRuby-OpenSSL version 0.15.4 contains a fix for the issue. This fix is included in JRuby versions 10.0.0.1 and 9.4.12.1.\n\ud83d\udccf Published: 2025-05-07T16:12:23.771Z\n\ud83d\udccf Modified: 2025-05-07T20:10:54.558Z\n\ud83d\udd17 References:\n1. https://github.com/jruby/jruby-openssl/security/advisories/GHSA-72qj-48g4-5xgx\n2. https://github.com/jruby/jruby-openssl/commit/31a56d690ce9b8af47af09aaaf809081949ed285", "creation_timestamp": "2025-05-07T20:22:48.000000Z"}, {"uuid": "7c28334b-21c1-41d3-be78-afcf9535bbac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46558", "type": "seen", "source": "https://t.me/cvedetector/24136", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46558 - XWiki Contrib Markdown XSS\", \n  \"Content\": \"CVE ID : CVE-2025-46558 \nPublished : April 30, 2025, 7:15 p.m. | 37\u00a0minutes ago \nDescription : XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that this code is executed by a user with admins or programming rights, this issue compromises the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in version 8.9. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T22:06:04.000000Z"}, {"uuid": "2acff4e0-7374-400b-beb5-aa57d60c6464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46557", "type": "seen", "source": "https://t.me/cvedetector/24131", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46557 - XWiki Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46557 \nPublished : April 30, 2025, 7:15 p.m. | 37\u00a0minutes ago \nDescription : XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space (by default, anyone) can access the page XWiki.Authentication.Administration and (unless an authenticator is set in xwiki.cfg) switch to another installed authenticator. Note that, by default, there is only one authenticator available (Standard XWiki Authenticator). So, if no authenticator extension was installed, it's not really possible to do anything for an attacker. Also, in most cases, if an SSO authenticator is installed and utilized (like OIDC or LDAP for example), the worst an attacker can do is break authentication by switching back to the standard authenticator (that's because it's impossible to login to a user which does not have a stored password, and that's usually what SSO authenticator produce). This issue has been patched in versions 15.10.14, 16.4.6, and 16.10.0-rc-1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T22:05:57.000000Z"}, {"uuid": "c96b2c0e-c552-43a9-a670-23ff113c6779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46554", "type": "seen", "source": "https://t.me/cvedetector/24135", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46554 - XWiki Unauthenticated Attachment Metadata Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-46554 \nPublished : April 30, 2025, 7:15 p.m. | 37\u00a0minutes ago \nDescription : XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki using the wiki attachment REST endpoint. There is no filtering for the results depending on current user rights, meaning an unauthenticated user could exploit this even in a private wiki. This issue has been patched in versions 14.10.22, 15.10.12, 16.4.3, and 16.7.0. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T22:06:03.000000Z"}, {"uuid": "6a2678cb-11b5-45a4-ace4-927c614e33b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-46551", "type": "published-proof-of-concept", "source": "https://github.com/jruby/jruby-openssl/security/advisories/GHSA-72qj-48g4-5xgx", "content": "", "creation_timestamp": "2025-05-07T16:05:29.000000Z"}, {"uuid": "3b5f6e57-df74-49c7-9a96-ad72b61e2d20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46550", "type": "seen", "source": "https://t.me/cvedetector/24055", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46550 - YesWiki Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46550 \nPublished : April 29, 2025, 9:15 p.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T01:11:54.000000Z"}, {"uuid": "5c9da94a-1631-4e23-931f-b859cab2b405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46552", "type": "seen", "source": "https://t.me/cvedetector/24061", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46552 - GitHub KHC-INVITATION-AUTOMATION Unauthenticated User Data Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-46552 \nPublished : April 29, 2025, 11:16 p.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T03:42:21.000000Z"}, {"uuid": "98320d6d-27bd-46b1-b4c4-d381f3eb24ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46553", "type": "seen", "source": "https://t.me/cvedetector/24486", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46553 - Misskey/summaly Allow Redirects Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46553 \nPublished : May 5, 2025, 7:15 p.m. | 20\u00a0minutes ago \nDescription : @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T21:44:26.000000Z"}, {"uuid": "87f8f025-46d7-4e2a-a62e-ab121c0b5772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46559", "type": "seen", "source": "https://t.me/cvedetector/24487", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46559 - Misskey AiScript Cross-Site Request Forgery (CSRF)\", \n  \"Content\": \"CVE ID : CVE-2025-46559 \nPublished : May 5, 2025, 7:15 p.m. | 20\u00a0minutes ago \nDescription : Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. The missing validation allows malicious AiScript code to prefix a URL with `../` to step out of the `/api` directory, thereby being able to make requests to other endpoints, such as `/files`, `/url`, and `/proxy`. Version 2025.4.1 fixes the issue. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T21:44:26.000000Z"}, {"uuid": "d1f4e517-3994-4d6f-9c2a-48d30a9d22da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-46550", "type": "published-proof-of-concept", "source": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp", "content": "", "creation_timestamp": "2025-04-28T16:52:49.000000Z"}, {"uuid": "273bc9fd-5be1-40e3-a5c8-4b0cce4a1613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-46553", "type": "published-proof-of-concept", "source": "https://github.com/misskey-dev/summaly/security/advisories/GHSA-7899-w6c4-vqc4", "content": "", "creation_timestamp": "2025-05-05T11:11:51.000000Z"}]}