{"vulnerability": "cve-2025-4091", "sightings": [{"uuid": "6051b94f-dd53-4013-9e8a-1be6df5cb746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40916", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrqb3uigam2q", "content": "", "creation_timestamp": "2025-06-16T15:08:12.204765Z"}, {"uuid": "2884414b-4d90-454d-b101-bee8d4da3746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40912", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lrjknzhffk2g", "content": "", "creation_timestamp": "2025-06-13T23:10:47.442602Z"}, {"uuid": "27002ee6-6557-41ed-b85a-4ba7724b7910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4091", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnxn33gwwd2l", "content": "", "creation_timestamp": "2025-04-29T15:50:29.603669Z"}, {"uuid": "52c80ba1-d968-4acb-9345-e148fef88f39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40915", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrekhtwe2t2e", "content": "", "creation_timestamp": "2025-06-11T23:24:01.183257Z"}, {"uuid": "5143555c-c809-4ab4-a17a-4f2ad1866b6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40912", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lredystmxt2o", "content": "", "creation_timestamp": "2025-06-11T21:28:14.128173Z"}, {"uuid": "afe5b91e-770d-48ab-a03f-f678c0d03f16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40910", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsluz2yedg2i", "content": "", "creation_timestamp": "2025-06-27T14:46:26.268463Z"}, {"uuid": "9e4d3540-66d6-4f85-bd61-abc9a44715db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40911", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq6uh33hid2a", "content": "", "creation_timestamp": "2025-05-27T23:41:22.593020Z"}, {"uuid": "27d8312e-43eb-4a25-9202-e881c4a635b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40911", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq6nk7kdp652", "content": "", "creation_timestamp": "2025-05-27T21:41:00.376991Z"}, {"uuid": "a073ae5a-2d50-4fe1-8421-ab6d2772ff8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40918", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lu3tfkbd672d", "content": "", "creation_timestamp": "2025-07-16T16:25:24.671232Z"}, {"uuid": "94814d37-e504-4b03-a678-627c78083b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40910", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19785", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40910\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.\n\nLeading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.\n\ud83d\udccf Published: 2025-06-27T12:19:59.195Z\n\ud83d\udccf Modified: 2025-06-27T20:06:41.450Z\n\ud83d\udd17 References:\n1. https://metacpan.org/release/TPODER/Net-IP-LPM-1.10/diff/TPODER/Net-IP-LPM-1.09/lib/Net/IP/LPM.pm\n2. https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/\n3. https://security.metacpan.org/patches/N/Net-IP-LPM/1.10/CVE-2025-40910-r1.patch", "creation_timestamp": "2025-06-27T20:52:31.000000Z"}, {"uuid": "d8c8b4e0-1159-410d-b16b-a3d926665bb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40918", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3luddlmnsdx2l", "content": "", "creation_timestamp": "2025-07-19T16:03:46.956325Z"}, {"uuid": "648c7a76-8178-4440-9a5d-73b61e27e697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40918", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3luf4lrqybb2c", "content": "", "creation_timestamp": "2025-07-20T09:03:55.480280Z"}, {"uuid": "ea774ade-6ff8-4d8e-b16e-6ab3de8e31bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40918", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lwgqcck5ks2q", "content": "", "creation_timestamp": "2025-08-15T11:19:37.095969Z"}, {"uuid": "ab3be3f3-91e3-4f32-9da0-65b16d2f4cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40912", "type": "published-proof-of-concept", "source": "Telegram/ph88y4G5oeScgD258CchMKrpr3BuS4k3KcSxkFOuLvPbbMI", "content": "", "creation_timestamp": "2025-06-11T20:16:04.000000Z"}, {"uuid": "2ad364df-77d8-49a9-ba83-3395ee3db966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40914", "type": "published-proof-of-concept", "source": "Telegram/ph88y4G5oeScgD258CchMKrpr3BuS4k3KcSxkFOuLvPbbMI", "content": "", "creation_timestamp": "2025-06-11T20:16:04.000000Z"}, {"uuid": "25cf09dd-884b-462f-97e4-a27f289c7e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40918", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q3/47", "content": "", "creation_timestamp": "2025-07-16T14:14:44.000000Z"}, {"uuid": "22d59c97-ad01-40f5-aa6f-f382e27450f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40913", "type": "seen", "source": "MISP/2bceffac-02c3-4c54-a709-6e253b38ec76", "content": "", "creation_timestamp": "2025-09-09T20:56:46.000000Z"}, {"uuid": "46ae2ced-6c31-4e8b-82ff-06c7613b9c2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40916", "type": "published-proof-of-concept", "source": "Telegram/U8pKzxPaqTMvqzadPo8O1KrDHB3eplOCTxi2a-1fsFdgwBo", "content": "", "creation_timestamp": "2025-06-16T14:32:50.000000Z"}, {"uuid": "2f31b7c1-b933-42a7-ba1c-5ef30e6addc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4091", "type": "seen", "source": "Telegram/Rk7hMmIKYATXl_hQfFOdK5MJxTVeQfOKjkNlqS7PgiJwldc", "content": "", "creation_timestamp": "2026-04-13T17:55:16.000000Z"}, {"uuid": "63affccf-e298-4f1a-bfd5-2ea16b35b5f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40916", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18441", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40916\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.\n\nThat version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.\n\ud83d\udccf Published: 2025-06-16T11:01:08.871Z\n\ud83d\udccf Modified: 2025-06-16T11:01:08.871Z\n\ud83d\udd17 References:\n1. https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.04/diff/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.05/lib/Mojolicious/Plugin/CaptchaPNG.pm\n2. https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.06/changes\n3. https://metacpan.org/pod/perlfunc#rand\n4. https://security.metacpan.org/docs/guides/random-data-for-security.html", "creation_timestamp": "2025-06-16T11:39:57.000000Z"}, {"uuid": "06b98a81-5319-4945-a49c-390de9550db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40914", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18075", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40914\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.\n\nCryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.\n\ud83d\udccf Published: 2025-06-11T14:06:53.418Z\n\ud83d\udccf Modified: 2025-06-11T14:06:53.418Z\n\ud83d\udd17 References:\n1. https://www.cve.org/CVERecord?id=CVE-2023-36328\n2. https://github.com/libtom/libtommath/pull/546\n3. https://github.com/advisories/GHSA-j3xv-6967-cv88\n4. https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c", "creation_timestamp": "2025-06-11T14:31:27.000000Z"}, {"uuid": "50fa2542-2c7d-4b1a-bef3-bf40a93933d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40912", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18123", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40912\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.\n\nCryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.\n\ud83d\udccf Published: 2025-06-11T17:48:39.344Z\n\ud83d\udccf Modified: 2025-06-11T17:48:39.344Z\n\ud83d\udd17 References:\n1. https://github.com/libtom/libtomcrypt/issues/507", "creation_timestamp": "2025-06-11T18:35:17.000000Z"}, {"uuid": "a3d76b3b-b1a6-4295-a329-07eaff739cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40915", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40915\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.\n\nThat version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.\n\ud83d\udccf Published: 2025-06-11T17:09:50.664Z\n\ud83d\udccf Modified: 2025-06-11T17:09:50.664Z\n\ud83d\udd17 References:\n1. https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03\n2. https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes", "creation_timestamp": "2025-06-11T17:34:26.000000Z"}, {"uuid": "6cad61f3-f55e-4c51-ba56-a72b9dc32dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40915", "type": "published-proof-of-concept", "source": "Telegram/ph88y4G5oeScgD258CchMKrpr3BuS4k3KcSxkFOuLvPbbMI", "content": "", "creation_timestamp": "2025-06-11T20:16:04.000000Z"}, {"uuid": "f241592f-16ac-4a9d-964d-b22a5a782168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4091", "type": "seen", "source": "https://t.me/cvedetector/24002", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4091 - Mozilla Firefox and Thunderbird Memory Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4091 \nPublished : April 29, 2025, 2:15 p.m. | 21\u00a0minutes ago \nDescription : Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T16:49:45.000000Z"}]}