{"vulnerability": "cve-2025-4649", "sightings": [{"uuid": "a1b70512-ba07-4776-ae07-ad3431f820a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4649", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2ijzilmbh2", "content": "", "creation_timestamp": "2025-05-13T12:35:41.449657Z"}, {"uuid": "7f27f12a-77eb-49c1-ad2b-a760cd68efab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4649", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2q422dfx2e", "content": "", "creation_timestamp": "2025-05-13T14:47:47.154588Z"}, {"uuid": "2bb86f3e-85db-408f-898c-1c490b83a7dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46498", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13286", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46498\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0.\n\ud83d\udccf Published: 2025-04-24T16:09:27.592Z\n\ud83d\udccf Modified: 2025-04-24T16:09:27.592Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/zalo-official-live-chat/vulnerability/wordpress-zalo-official-live-chat-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T17:06:39.000000Z"}, {"uuid": "589dc4ca-fa03-4653-835c-4d25bb88b33c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46494", "type": "seen", "source": "Telegram/ZkjvQF7rSldYgsLGCpUWPUjAegNj67QsktTjs09B2PtPPs8", "content": "", "creation_timestamp": "2026-01-07T14:05:15.000000Z"}, {"uuid": "4f6744a3-4129-412c-9be3-867b4a93f353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4649", "type": "seen", "source": "https://t.me/cvedetector/25195", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4649 - Centreon Web Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4649 \nPublished : May 13, 2025, 12:15 p.m. | 53\u00a0minutes ago \nDescription : Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation.  \nACL are not correctly taken into account in the display of the \"event logs\" page. This page requiring, high privileges, will display all available logs.  \n  \n  \nThis issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T15:32:53.000000Z"}, {"uuid": "8978a87e-5716-4385-9845-cfdb734f7551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46491", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13334", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46491\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List allows Stored XSS. This issue affects Multi-Column Taxonomy List: from n/a through 1.5.\n\ud83d\udccf Published: 2025-04-24T16:09:11.340Z\n\ud83d\udccf Modified: 2025-04-24T20:02:14.801Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/multi-column-taxonomy-list/vulnerability/wordpress-multi-column-taxonomy-list-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T20:06:46.000000Z"}, {"uuid": "f3726820-01f7-4e91-8eb5-8e9a83fc1e58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46496", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13335", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46496\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oniswap Mini twitter feed allows Stored XSS. This issue affects Mini twitter feed: from n/a through 3.0.\n\ud83d\udccf Published: 2025-04-24T16:09:11.948Z\n\ud83d\udccf Modified: 2025-04-24T20:02:07.391Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/mini-twitter-feed/vulnerability/wordpress-mini-twitter-feed-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-24T20:06:47.000000Z"}]}