{"vulnerability": "cve-2025-4633", "sightings": [{"uuid": "63b9304b-0144-49a0-a29e-a344cbeab205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46330", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnwsbtyfdb2b", "content": "", "creation_timestamp": "2025-04-29T07:50:58.557452Z"}, {"uuid": "5e9cfa67-9a3f-4a86-bf5e-0ca5a714863f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/dasgeldco.bsky.social/post/3lrkihwqi7x2q", "content": "", "creation_timestamp": "2025-06-14T08:04:15.686225Z"}, {"uuid": "73042598-7d7e-4f9a-abd0-8c5439bd01c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/eldinerolat.bsky.social/post/3lrkiig3zsx27", "content": "", "creation_timestamp": "2025-06-14T08:04:31.427871Z"}, {"uuid": "83ebf858-b72b-4de6-8111-6d874101a591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46333", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnoedfwzl62y", "content": "", "creation_timestamp": "2025-04-25T23:20:03.629302Z"}, {"uuid": "e36f9f98-fa5c-4452-aa8e-a099fdeb5ac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46338", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnwsbubr4z2b", "content": "", "creation_timestamp": "2025-04-29T07:50:59.185194Z"}, {"uuid": "362bdd23-7fb3-4fe7-9187-1a9039bb6ae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46332", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo7gnmckelv2", "content": "", "creation_timestamp": "2025-05-02T18:18:56.344011Z"}, {"uuid": "0d91578e-05ba-402c-9e36-4510551b3853", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46339", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqsq5nx4xkg2", "content": "", "creation_timestamp": "2025-06-04T21:18:01.389854Z"}, {"uuid": "b29049d4-c602-49c7-a9cd-4c6b34cf1f93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114433867704399481", "content": "", "creation_timestamp": "2025-05-01T17:57:29.936935Z"}, {"uuid": "05947d3e-c6a5-4ec6-b922-77df2194ccd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo55xlkcaz2l", "content": "", "creation_timestamp": "2025-05-01T20:35:57.953243Z"}, {"uuid": "c752f53e-6cf4-4776-96ed-c5084c7fd122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46332", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo7mr5rz2b2p", "content": "", "creation_timestamp": "2025-05-02T20:06:15.267970Z"}, {"uuid": "4d53eb20-a282-42bd-8a6b-66920c549d22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-46332", "type": "seen", "source": "https://bsky.app/profile/rss.y-u-e.workers.dev/post/3loaxz3alf42j", "content": "", "creation_timestamp": "2025-05-03T09:00:05.318773Z"}, {"uuid": "30dc0038-e529-4724-acf2-8fbc41d3cebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lofirlxcki2p", "content": "", "creation_timestamp": "2025-05-05T04:10:45.708790Z"}, {"uuid": "fc45d8ff-2c37-40ac-8ee2-3b0ab1ae2360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-46337", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lofs5q3ewk2p", "content": "", "creation_timestamp": "2025-05-05T06:58:36.919579Z"}, {"uuid": "891e8a94-3899-4c4b-84e9-d263b1d5d061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://bsky.app/profile/mariusavram.bsky.social/post/3logph73t622u", "content": "", "creation_timestamp": "2025-05-05T15:42:52.764420Z"}, {"uuid": "4e35216a-c6c7-4157-a9ba-8218ed6a954c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46335", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loh6qqqemo2l", "content": "", "creation_timestamp": "2025-05-05T20:16:41.198230Z"}, {"uuid": "e345a2c8-8731-44d3-a7a7-fb4e5c91df2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lohsufhewa2g", "content": "", "creation_timestamp": "2025-05-06T02:16:36.823613Z"}, {"uuid": "c65bab8b-8fe8-4c3b-8fb4-1836b4333d9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lolji6shzc2x", "content": "", "creation_timestamp": "2025-05-07T13:39:23.469739Z"}, {"uuid": "a8c0d157-4575-4f6b-a894-734fbe4a5327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3lomzqrnnrc2d", "content": "", "creation_timestamp": "2025-05-08T04:03:13.597443Z"}, {"uuid": "59a3db0d-9083-43d2-b09e-1c59edfd708a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3looxq3qbky2h", "content": "", "creation_timestamp": "2025-05-08T22:32:26.613715Z"}, {"uuid": "a6e7ea75-6814-45d8-807d-5690e0b63b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46334", "type": "seen", "source": "https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/", "content": "", "creation_timestamp": "2025-07-08T15:02:11.000000Z"}, {"uuid": "90332804-6686-40b2-9d4e-50683a393533", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3looojp564pw2", "content": "", "creation_timestamp": "2025-05-08T19:48:24.219826Z"}, {"uuid": "6324f1a4-0154-4306-bd8c-79501f0e8930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3loqf7eucuv2e", "content": "", "creation_timestamp": "2025-05-09T12:06:10.246119Z"}, {"uuid": "c4f87720-58cb-40d0-8003-cc02cc2f8129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3loqfcrzs3n2r", "content": "", "creation_timestamp": "2025-05-09T12:08:05.823566Z"}, {"uuid": "5e14592b-cf62-493c-b1fc-d0f9463264a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3loqgnhhxen2s", "content": "", "creation_timestamp": "2025-05-09T12:31:56.995131Z"}, {"uuid": "f73559ea-ecac-45e9-902c-5f9fcebc83ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3loqnxmuaor2x", "content": "", "creation_timestamp": "2025-05-09T14:42:53.968069Z"}, {"uuid": "9f28f379-2727-43b4-9564-995440f98f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3loqoh4dzhs2m", "content": "", "creation_timestamp": "2025-05-09T14:51:33.691899Z"}, {"uuid": "b3fae7cc-277b-4533-ad1a-4c4434da0a0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3loqomcaumf2x", "content": "", "creation_timestamp": "2025-05-09T14:54:27.464117Z"}, {"uuid": "ff23524d-0d51-46cc-a4c4-b5ac7963c3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3loqopq2hhy2x", "content": "", "creation_timestamp": "2025-05-09T14:56:22.388526Z"}, {"uuid": "4c33a0cb-6a14-4252-acf3-4dd09b9ea08d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3lor4dmpcsd2k", "content": "", "creation_timestamp": "2025-05-09T19:00:08.715061Z"}, {"uuid": "104b4a04-7b63-4120-a2a6-26f66691dfaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3lor4rjtm6l2k", "content": "", "creation_timestamp": "2025-05-09T19:07:55.401205Z"}, {"uuid": "3de525da-bf06-4a29-91c9-44378f23927a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://bsky.app/profile/appsecfeed.bsky.social/post/3losfhlo37t25", "content": "", "creation_timestamp": "2025-05-10T07:16:05.703357Z"}, {"uuid": "32c0f9d9-9812-40b5-99fe-ddaa1de3543a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4633", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqeubekd5oe2", "content": "", "creation_timestamp": "2025-05-30T08:55:08.922234Z"}, {"uuid": "ed8f49f4-c6b1-4184-bb08-f704e11ea7fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46334", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q3/13", "content": "", "creation_timestamp": "2025-07-08T15:11:31.000000Z"}, {"uuid": "9cd08429-2fb7-43dd-8dc4-abe7211f5908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46335", "type": "seen", "source": "https://github.blog/open-source/git/git-security-vulnerabilities-announced-6/", "content": "", "creation_timestamp": "2025-07-08T15:02:11.000000Z"}, {"uuid": "de7d7da3-b787-4c12-abc4-ab6cb2e12deb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46330", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13790", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46330\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0.\n\ud83d\udccf Published: 2025-04-29T04:34:37.061Z\n\ud83d\udccf Modified: 2025-04-29T04:34:37.061Z\n\ud83d\udd17 References:\n1. https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-ch37-53v3-m4cm\n2. https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2", "creation_timestamp": "2025-04-29T05:11:34.000000Z"}, {"uuid": "ef29d8b9-7059-4c17-bba5-b3b9b174fbf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46334", "type": "seen", "source": "https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review", "content": "", "creation_timestamp": "2025-07-08T15:56:31.000000Z"}, {"uuid": "23b075ce-e960-4dfd-8d65-5f4529f24c76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46333", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13550", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46333\n\ud83d\udd25 CVSS Score: 7.3 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1.\n\ud83d\udccf Published: 2025-04-25T20:20:22.202Z\n\ud83d\udccf Modified: 2025-04-25T21:42:11.412Z\n\ud83d\udd17 References:\n1. https://github.com/vancluever/z2d/security/advisories/GHSA-mm4c-p35v-7hx3\n2. https://github.com/vancluever/z2d/issues/104\n3. https://github.com/vancluever/z2d/issues/105", "creation_timestamp": "2025-04-25T22:07:29.000000Z"}, {"uuid": "282dece6-6bc3-4dc7-9961-cd4d075b29b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46338", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13788", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46338\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server\u2019s error message, enabling arbitrary JavaScript execution in a victim's browser. This issue has been patched in version 2.21.0.\n\ud83d\udccf Published: 2025-04-29T04:34:44.713Z\n\ud83d\udccf Modified: 2025-04-29T04:34:44.713Z\n\ud83d\udd17 References:\n1. https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-47g3-c5hx-2q3w\n2. https://github.com/advplyr/audiobookshelf/commit/35870a01583b2947030f4e3d4ac769c3ff298386", "creation_timestamp": "2025-04-29T05:11:29.000000Z"}, {"uuid": "fd7682a0-2601-431b-888f-8712915fdca8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46338", "type": "seen", "source": "https://t.me/cvedetector/23980", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46338 - Audiobookshelf Reflected Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46338 \nPublished : April 29, 2025, 5:15 a.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server\u2019s error message, enabling arbitrary JavaScript execution in a victim's browser. This issue has been patched in version 2.21.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T08:28:15.000000Z"}, {"uuid": "cc62d76a-7647-4667-8087-5bce50bb9c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46332", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14526", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46332\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0.\n\ud83d\udccf Published: 2025-05-02T17:06:35.443Z\n\ud83d\udccf Modified: 2025-05-02T17:06:35.443Z\n\ud83d\udd17 References:\n1. https://github.com/vercel/flags/security/advisories/GHSA-892p-pqrr-hxqr\n2. https://github.com/vercel/flags/blob/main/packages/flags/guides/upgrade-to-v4.md\n3. https://vercel.com/changelog/information-disclosure-in-flags-sdk-cve-2025-46332", "creation_timestamp": "2025-05-02T17:16:25.000000Z"}, {"uuid": "5aee4429-9062-48a2-a2ca-349782a54a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14548", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46337\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)\n\ud83d\udd39 Description: ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.\n\ud83d\udccf Published: 2025-05-01T17:20:10.658Z\n\ud83d\udccf Modified: 2025-05-02T17:57:58.870Z\n\ud83d\udd17 References:\n1. https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545\n2. https://github.com/ADOdb/ADOdb/issues/1070\n3. https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426", "creation_timestamp": "2025-05-02T18:19:42.000000Z"}, {"uuid": "d6620085-b2b4-48dd-988a-3796deceeb2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15607", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46336\n\ud83d\udd25 CVSS Score: 4.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.\n\ud83d\udccf Published: 2025-05-08T19:26:01.638Z\n\ud83d\udccf Modified: 2025-05-08T20:18:38.555Z\n\ud83d\udd17 References:\n1. https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj\n2. https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g\n3. https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b", "creation_timestamp": "2025-05-08T20:23:47.000000Z"}, {"uuid": "0badf85d-1293-42a3-b561-c66edcd1b068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://t.me/CyberBulletin/10753", "content": "\u26a1\ufe0fCritical SQL Injection Vulnerability Found in ADOdb PHP Library \u2013 CVE-2025-46337 (CVSS 10.0).\n\n#CyberBulletin", "creation_timestamp": "2025-05-05T04:58:49.000000Z"}, {"uuid": "26035060-edc2-4214-96d0-4b48f2219ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46336", "type": "seen", "source": "https://t.me/cvedetector/24866", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46336 - Rack::Session Pool Session Restoration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46336 \nPublished : May 8, 2025, 8:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1. \nSeverity: 4.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T00:18:59.000000Z"}, {"uuid": "99653408-cd79-4a1a-ad40-f21a29934588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46333", "type": "seen", "source": "https://t.me/cvedetector/23788", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46333 - Z2D Stride Compositor Out-of-Bounds Write\", \n  \"Content\": \"CVE ID : CVE-2025-46333 \nPublished : April 25, 2025, 9:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-26T01:52:34.000000Z"}, {"uuid": "ea4379fe-35be-49dc-a05e-39f972db486d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46331", "type": "seen", "source": "https://t.me/cvedetector/24134", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46331 - OpenFGA Authorization Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46331 \nPublished : April 30, 2025, 7:15 p.m. | 37\u00a0minutes ago \nDescription : OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <=<=\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T22:05:59.000000Z"}, {"uuid": "2c66a2e6-9f2f-4d2a-9b13-27bbafd221bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46330", "type": "seen", "source": "https://t.me/cvedetector/23982", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46330 - Snowflake libsnowflakeclient HTTP Request Retry Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-46330 \nPublished : April 29, 2025, 5:15 a.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T08:28:16.000000Z"}, {"uuid": "2438078b-6301-4542-8ae3-fa61859bc9b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46335", "type": "published-proof-of-concept", "source": "Telegram/bFFhDRsz5jITaIYyr2g-Li8Bq5utseX25ZdPNGHsnlhVzGo", "content": "", "creation_timestamp": "2025-05-06T03:23:35.000000Z"}, {"uuid": "05485960-4127-4a99-a7bb-58a2e6fa4c2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "seen", "source": "https://t.me/CyberBulletin/3190", "content": "\u26a1\ufe0fCritical SQL Injection Vulnerability Found in ADOdb PHP Library \u2013 CVE-2025-46337 (CVSS 10.0).\n\n#CyberBulletin", "creation_timestamp": "2025-05-05T06:58:50.000000Z"}, {"uuid": "59eeafc9-6279-47aa-a1eb-7c7eae09665c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46337", "type": "published-proof-of-concept", "source": "Telegram/QFVP5TcYkEi5fC3DYhpbJ3tJ8sPusYmL1ImuYd1RRjGW6cE", "content": "", "creation_timestamp": "2025-05-01T20:00:50.000000Z"}, {"uuid": "c16a19e7-3df5-47a1-b8af-ee4b46e10f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46335", "type": "seen", "source": "https://t.me/cvedetector/24484", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46335 - MobSF Stored XSS Vulnerability in Android APK Analysis\", \n  \"Content\": \"CVE ID : CVE-2025-46335 \nPublished : May 5, 2025, 7:15 p.m. | 20\u00a0minutes ago \nDescription : Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Version 4.3.3 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T21:44:21.000000Z"}, {"uuid": "2f0acd38-d080-4e45-82a4-f8ca7b79543a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46332", "type": "seen", "source": "https://t.me/cvedetector/24371", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46332 - Vercel Flags SDK Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-46332 \nPublished : May 2, 2025, 5:15 p.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T21:48:53.000000Z"}]}