{"vulnerability": "cve-2025-3140", "sightings": [{"uuid": "edf1e9c1-57ba-49d5-aa98-d86aea50f86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llyninijha2p", "content": "", "creation_timestamp": "2025-04-04T14:40:15.091205Z"}, {"uuid": "a87a1372-5d13-47ed-b38e-7ba44cb77f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280477286926972", "content": "", "creation_timestamp": "2025-04-04T15:48:17.558443Z"}, {"uuid": "5115a146-fada-4871-8fc1-d8448a6e9814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280477286926972", "content": "", "creation_timestamp": "2025-04-04T15:48:17.560164Z"}, {"uuid": "3b36e286-ea1d-43de-ae17-ef4c4283ba64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llys3ni4yz2z", "content": "", "creation_timestamp": "2025-04-04T16:02:27.241537Z"}, {"uuid": "13776ee6-5775-400e-9e27-232f3ece9a4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31409", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9842", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31409\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a.\n\ud83d\udccf Published: 2025-04-01T05:32:24.989Z\n\ud83d\udccf Modified: 2025-04-01T05:32:24.989Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bridge-core/vulnerability/wordpress-bridge-core-plugin-3-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T06:31:49.000000Z"}, {"uuid": "a58b7a59-62d8-4e98-828e-fad79a23b1b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31407", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10439", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31407\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.\n\ud83d\udccf Published: 2025-04-04T13:24:56.744Z\n\ud83d\udccf Modified: 2025-04-04T13:24:56.744Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/tiger/vulnerability/wordpress-tiger-theme-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:44.000000Z"}, {"uuid": "7d5878b1-d1c7-40da-8458-6255c58d461e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31408", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9895", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31408\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Zoho Flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through 2.13.3.\n\ud83d\udccf Published: 2025-04-01T13:07:54.459Z\n\ud83d\udccf Modified: 2025-04-01T13:07:54.459Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/zoho-flow/vulnerability/wordpress-zoho-flow-plugin-2-13-3-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T13:32:43.000000Z"}, {"uuid": "8572d481-9cbe-427a-ba41-f0e63a97a4ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31405", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10437", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31405\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5.\n\ud83d\udccf Published: 2025-04-04T13:26:10.946Z\n\ud83d\udccf Modified: 2025-04-04T13:26:10.946Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/fami-woocommerce-compare/vulnerability/wordpress-fami-woocommerce-compare-plugin-1-0-5-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:43.000000Z"}, {"uuid": "0a0afb3f-d4a0-4c87-b186-207a49409439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3140", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3140\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T04:31:05.693Z\n\ud83d\udccf Modified: 2025-04-03T13:10:23.408Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303045\n2. https://vuldb.com/?ctiid.303045\n3. https://vuldb.com/?submit.525308\n4. https://github.com/Lena-lyy/SQL/blob/main/SQL1.md\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-04-03T13:35:06.000000Z"}, {"uuid": "3d5ba6da-d9ee-4681-88d7-0d219d196d67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3140", "type": "seen", "source": "https://t.me/cvedetector/21948", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3140 - SourceCodester Online Medicine Ordering System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-3140 \nPublished : April 3, 2025, 5:15 a.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T09:22:52.000000Z"}, {"uuid": "134312d2-fdd8-4d8e-8d55-e8cc213be64c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31406", "type": "seen", "source": "https://t.me/cvedetector/21572", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31406 - ELEX WooCommerce Subscriber Unauthenticated Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31406 \nPublished : March 31, 2025, 9:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : Subscriber Broken Access Control in ELEX WooCommerce Request a Quote &lt;=\nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T13:20:17.000000Z"}, {"uuid": "5dce1a5f-1b5a-43e8-b2e0-17de85ed72b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31409", "type": "seen", "source": "https://t.me/cvedetector/21718", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31409 - NotFound Bridge Core Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31409 \nPublished : April 1, 2025, 6:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T09:26:35.000000Z"}, {"uuid": "92d59a75-958c-4d0c-96c5-06c1f77a561f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31407", "type": "seen", "source": "https://t.me/cvedetector/22136", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31407 - Hutsixdigital Tiger Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31407 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:23.000000Z"}, {"uuid": "a2362b32-e7cf-408c-9640-8271998816e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31405", "type": "seen", "source": "https://t.me/cvedetector/22135", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31405 - Zankover Fami WooCommerce Compare PHP Local File Inclusion\", \n  \"Content\": \"CVE ID : CVE-2025-31405 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:22.000000Z"}, {"uuid": "e89258c6-461e-4644-bb5a-6bd14bc32b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://t.me/cvedetector/22134", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31403 - Shiptrack SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31403 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:21.000000Z"}]}