{"vulnerability": "cve-2025-2662", "sightings": [{"uuid": "df07e195-a550-424f-9e8f-913bea4f1965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-266297", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0080", "content": "", "creation_timestamp": "2025-03-11T17:44:43.000000Z"}, {"uuid": "48a1eb0d-6e3e-4c80-a2f7-3fbc5969e45e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-266277", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0081", "content": "", "creation_timestamp": "2025-03-11T17:45:19.000000Z"}, {"uuid": "14de8b6b-760d-4f70-a5a5-e8a88a2e5909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26629", "type": "seen", "source": "https://www.thezdi.com/blog/2025/3/11/the-march-2025-security-update-review", "content": "", "creation_timestamp": "2025-03-11T16:39:36.000000Z"}, {"uuid": "87b4f98c-880f-4c87-934b-6cd242c9d7c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2662", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll3ibvvk4m2k", "content": "", "creation_timestamp": "2025-03-24T00:19:46.988575Z"}, {"uuid": "6b11b342-c2ea-4fe7-88b8-b0b274bc56f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26627", "type": "seen", "source": "https://www.thezdi.com/blog/2025/3/11/the-march-2025-security-update-review", "content": "", "creation_timestamp": "2025-03-11T16:39:36.000000Z"}, {"uuid": "fe9e28f4-4f27-442f-bfd1-66901fe240b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26620", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihulptmz52n", "content": "", "creation_timestamp": "2025-02-18T18:16:23.050830Z"}, {"uuid": "282e088f-f1e1-46ef-9bc3-078bfef75923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26623", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii3cs53722o", "content": "", "creation_timestamp": "2025-02-18T20:16:39.616042Z"}, {"uuid": "e1afe5d2-76df-4749-b95f-eae136c79151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26624", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3liiffareru2g", "content": "", "creation_timestamp": "2025-02-18T23:16:59.699936Z"}, {"uuid": "b818cb82-efd1-4f2f-a24d-07115ec490b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26624", "type": "seen", "source": "https://bsky.app/profile/deskmodder.de/post/3lltjcgrrkf2n", "content": "", "creation_timestamp": "2025-04-02T13:41:52.951353Z"}, {"uuid": "e5fa96b2-ea1b-4b8a-8410-dbc66b0c92db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-266287", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2025-0109", "content": "", "creation_timestamp": "2025-04-08T16:53:20.000000Z"}, {"uuid": "9eabf8c8-4f74-4ac8-9aba-c1c2d6955278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26628", "type": "seen", "source": "https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review", "content": "", "creation_timestamp": "2025-04-08T16:14:25.000000Z"}, {"uuid": "d48b01bc-9387-4f0c-adf5-c3fa8fcdbd17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26627", "type": "seen", "source": "https://t.me/cvedetector/20115", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26627 - Azure Arc Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26627 \nPublished : March 11, 2025, 5:16 p.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. \nSeverity: 7.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T20:08:28.000000Z"}, {"uuid": "2fc4b4b2-34bb-4dcf-8c8b-80162a3956fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26625", "type": "seen", "source": "https://bsky.app/profile/gnomon.mastodon.social.ap.brid.gy/post/3m3pmm7xaaxn2", "content": "", "creation_timestamp": "2025-10-21T15:14:50.629544Z"}, {"uuid": "deaefaa7-97f2-4d75-b049-eb8717ccf6d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26625", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3maoilmzpts2r", "content": "", "creation_timestamp": "2025-12-23T19:34:56.222304Z"}, {"uuid": "d98c08a0-4820-471d-9238-df5bf08e5a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26621", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpk2zbzbje2w", "content": "", "creation_timestamp": "2025-05-19T17:13:10.574563Z"}, {"uuid": "2934c2b9-55bd-4b71-9279-d899db0a1f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26625", "type": "seen", "source": "https://gist.github.com/EbonJaeger/99dd58f015b229c6f25edb5dae784966", "content": "", "creation_timestamp": "2025-10-17T17:52:23.000000Z"}, {"uuid": "39ba74ab-de2e-4c9a-bbc3-893fd3b1710d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26624", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "07324ed8-ec39-4fa5-ad1f-3b5d7053f5b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26623", "type": "seen", "source": "https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/", "content": "", "creation_timestamp": "2025-12-29T21:01:14.000000Z"}, {"uuid": "68114040-64df-49d4-abe2-e7238a3fedae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26629", "type": "seen", "source": "https://t.me/cvedetector/20112", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26629 - Microsoft Office Use After Free Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-26629 \nPublished : March 11, 2025, 5:16 p.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T20:08:26.000000Z"}, {"uuid": "1c9e3c35-8959-46d7-98e5-1c075f5356eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26625", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/57612", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC for CVE-2025-26625\nURL\uff1ahttps://github.com/Mitchellzhou1/CVE_2025_26625\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-10-30T18:44:59.000000Z"}, {"uuid": "fee6cf7d-a811-431a-88ee-1d6137cb8370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26625", "type": "published-proof-of-concept", "source": "Telegram/HrqnhivTlyUmMMsC-cihOL2_RX8BUHsohtWOn5UNPDK-VTs", "content": "", "creation_timestamp": "2025-10-31T03:00:06.000000Z"}, {"uuid": "c3121246-e049-44a6-ab14-36230c1533bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26624", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/58229", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aThis is my reproduce PoC for CVE-2025-26624\nURL\uff1ahttps://github.com/havertz2110/CVE-2025-26624\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-11-04T07:23:24.000000Z"}, {"uuid": "9bd395bf-d03b-4a9c-ab04-9ea70a397bc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26622", "type": "seen", "source": "https://t.me/cvedetector/18694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26622 - Vyper EVM sqrt Function Round-Up Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26622 \nPublished : Feb. 21, 2025, 10:15 p.m. | 33\u00a0minutes ago \nDescription : vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:30.000000Z"}, {"uuid": "bc181db2-4e90-413c-8b8f-3f304266ba10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26623", "type": "seen", "source": "https://t.me/cvedetector/18372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26623 - Exiv2 Heap Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26623 \nPublished : Feb. 18, 2025, 8:15 p.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:34.000000Z"}, {"uuid": "4003dffa-30b4-49e3-b1df-0dc25f87d067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26624", "type": "seen", "source": "https://t.me/cvedetector/18378", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26624 - Rufus DLL Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26624 \nPublished : Feb. 18, 2025, 11:15 p.m. | 51\u00a0minutes ago \nDescription : Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T01:10:52.000000Z"}, {"uuid": "bcfc1da8-dc5f-4b49-b14e-a5c15fe163d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26620", "type": "seen", "source": "https://t.me/cvedetector/18347", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26620 - Duende.AccessTokenManagement OAuth Token Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26620 \nPublished : Feb. 18, 2025, 6:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protocol parameters can return access tokens obtained with the wrong scope, resource indicator, or other protocol parameters. Such usage is somewhat atypical, and only a small percentage of users are likely to be affected. Duende.AccessTokenManagement can request access tokens using the client credentials flow in several ways. In basic usage, the client credentials flow is configured once and the parameters do not vary. In more advanced situations, requests with varying protocol parameters may be made by calling specific overloads of these methods: `HttpContext.GetClientAccessTokenAsync()` and `IClientCredentialsTokenManagementService.GetAccessTokenAsync()`. There are overloads of both of these methods that accept a `TokenRequestParameters` object that customizes token request parameters. However, concurrent requests with varying `TokenRequestParameters` will result in the same token for all concurrent calls. Most users can simply update the NuGet package to the latest version. Customizations of the `IClientCredentialsTokenCache` that derive from the default implementation (`DistributedClientCredentialsTokenCache`) will require a small code change, as its constructor was changed to add a dependency on the `ITokenRequestSynchronization` service. The synchronization service will need to be injected into the derived class and passed to the base constructor. The impact of this vulnerability depends on how Duende.AccessTokenManagement is used and on the security architecture of the solution. Most users will not be vulnerable to this issue. More advanced users may run into this issue by calling the methods specified above with customized token request parameters. The impact of obtaining an access token with different than intended protocol parameters will vary depending on application logic, security architecture, and the authorization policy of the resource servers. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T20:59:45.000000Z"}, {"uuid": "51c2fe44-a113-4e62-a0a7-09d89e709c44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26622", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4997", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26622\n\ud83d\udd25 CVSS Score: 2.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-02-21T21:36:19.063Z\n\ud83d\udccf Modified: 2025-02-21T21:36:19.063Z\n\ud83d\udd17 References:\n1. https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86\n2. https://github.com/vyperlang/vyper/pull/4486", "creation_timestamp": "2025-02-21T22:18:56.000000Z"}, {"uuid": "9898423d-c3a6-4cc0-9ae3-fd4401c45bce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26626", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7550", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26626\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue.\n\ud83d\udccf Published: 2025-03-14T12:47:14.011Z\n\ud83d\udccf Modified: 2025-03-14T13:36:05.088Z\n\ud83d\udd17 References:\n1. https://github.com/glpi-project/glpi-inventory-plugin/security/advisories/GHSA-8p38-r7vf-j6jx\n2. https://github.com/glpi-project/glpi-inventory-plugin/blob/1.5.0/CHANGELOG.md#150---2025-02-25", "creation_timestamp": "2025-03-14T13:47:14.000000Z"}, {"uuid": "eb9756a2-5d69-4c86-88ad-359ee5c5ec53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26627", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7458", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26627\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.\n\ud83d\udccf Published: 2025-03-11T16:59:22.159Z\n\ud83d\udccf Modified: 2025-03-13T17:25:17.614Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627", "creation_timestamp": "2025-03-13T17:45:17.000000Z"}, {"uuid": "f4b6043a-e3ca-4101-89f9-15d87fc38d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26629", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7457", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26629\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.\n\ud83d\udccf Published: 2025-03-11T16:59:22.734Z\n\ud83d\udccf Modified: 2025-03-13T17:25:18.161Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26629", "creation_timestamp": "2025-03-13T17:45:16.000000Z"}, {"uuid": "c6f7fdeb-969c-44db-8899-470fe8919512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26627", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9574", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26627\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.\n\ud83d\udccf Published: 2025-03-11T16:59:22.159Z\n\ud83d\udccf Modified: 2025-03-31T01:40:48.185Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26627", "creation_timestamp": "2025-03-31T02:30:50.000000Z"}, {"uuid": "04ba95fe-6aaa-4dcc-a34e-bdad5684dedd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26629", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9573", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26629\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)\n\ud83d\udd39 Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.\n\ud83d\udccf Published: 2025-03-11T16:59:22.734Z\n\ud83d\udccf Modified: 2025-03-31T01:40:48.721Z\n\ud83d\udd17 References:\n1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26629", "creation_timestamp": "2025-03-31T02:30:49.000000Z"}, {"uuid": "0dbc13dc-d918-4f49-93cf-5aa870d61079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26621", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26621\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H)\n\ud83d\udd39 Description: OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.\n\ud83d\udccf Published: 2025-05-19T16:01:50.419Z\n\ud83d\udccf Modified: 2025-05-19T16:01:50.419Z\n\ud83d\udd17 References:\n1. https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p\n2. https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm", "creation_timestamp": "2025-05-19T16:39:06.000000Z"}, {"uuid": "f975f722-061a-42c3-b323-506d4e15612b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2662", "type": "seen", "source": "https://t.me/cvedetector/20915", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2662 - Project Worlds Online Time Table Generator SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2662 \nPublished : March 23, 2025, 8:15 p.m. | 18\u00a0minutes ago \nDescription : A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been classified as critical. Affected is an unknown function of the file student/studentdashboard.php. The manipulation of the argument course leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-23T22:20:11.000000Z"}, {"uuid": "73d14dba-2bd8-48c6-bd90-3d0e30743588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26626", "type": "seen", "source": "https://t.me/cvedetector/20304", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26626 - GLPI Inventory Plugin Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-26626 \nPublished : March 14, 2025, 1:15 p.m. | 2\u00a0hours, 15\u00a0minutes ago \nDescription : The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version 1.5.0 fixes the issue. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T16:42:38.000000Z"}]}