{"vulnerability": "cve-2025-4778", "sightings": [{"uuid": "c3632eb2-fcfd-4b44-bf1b-1f74f79934b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47785", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpalbvpgyj2p", "content": "", "creation_timestamp": "2025-05-15T22:37:34.149829Z"}, {"uuid": "6a66a1d2-9519-483d-ab68-a4f2193323aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47780", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprtvn7ugp2r", "content": "", "creation_timestamp": "2025-05-22T19:27:01.100268Z"}, {"uuid": "4190771e-18f4-4ef4-b306-120228847ad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47783", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp6jdx6cog2t", "content": "", "creation_timestamp": "2025-05-15T02:57:35.661262Z"}, {"uuid": "fc5d8826-aee3-4bc0-9240-e2afdb2cecfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47781", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp5gqad37u2t", "content": "", "creation_timestamp": "2025-05-14T16:38:07.893356Z"}, {"uuid": "74aa5c9d-276f-40df-b0ed-e548573fee30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47782", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16329", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47782\n\ud83d\udd25 CVSS Score: 8.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.\n\ud83d\udccf Published: 2025-05-14T15:54:59.309Z\n\ud83d\udccf Modified: 2025-05-14T15:54:59.309Z\n\ud83d\udd17 References:\n1. https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588\n2. https://github.com/motioneye-project/motioneye/issues/3142\n3. https://github.com/motioneye-project/motioneye/pull/3143", "creation_timestamp": "2025-05-14T16:33:47.000000Z"}, {"uuid": "e755aab1-aef5-4b1b-9bf0-a5b35ab00d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47787", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16546", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47787\n\ud83d\udd25 CVSS Score: 8.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue.\n\ud83d\udccf Published: 2025-05-15T19:27:03.663Z\n\ud83d\udccf Modified: 2025-05-15T19:27:03.663Z\n\ud83d\udd17 References:\n1. https://github.com/emlog/emlog/security/advisories/GHSA-4mcj-8gvh-p753\n2. https://github.com/emlog/emlog/commit/691c13e90df2fb35e120f4e0735078bad018eed7", "creation_timestamp": "2025-05-15T19:33:06.000000Z"}, {"uuid": "073bc897-b7f3-4390-a6c0-2388bf3b2886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47781", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16330", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47781\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the authentication. A token that consists of 6 digits only presents weak entropy however and when coupled with no token brute force protection, makes it possible for an unauthenticated attacker with knowledge of a valid email address to successfully brute force the token within 15 minutes (token expiration time) and take over the account associated with the targeted email address. All users on the Rallly applications are impacted. As long as an attacker knows the user's email address they used to register on the app, they can systematically take over any user account. For the authentication mechanism to be safe, the token would need to be assigned a complex high entropy value that cannot be bruteforced within reasonable time, and ideally rate limiting the /api/auth/callback/email endpoint to further make brute force attempts unreasonable within the 15 minutes time. As of time of publication, no patched versions are available.\n\ud83d\udccf Published: 2025-05-14T15:52:13.559Z\n\ud83d\udccf Modified: 2025-05-14T15:52:13.559Z\n\ud83d\udd17 References:\n1. https://github.com/lukevella/rallly/security/advisories/GHSA-gm8g-3r3j-48hv", "creation_timestamp": "2025-05-14T16:33:49.000000Z"}, {"uuid": "b3d86288-0532-4512-8543-652ace044365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47783", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-47783.yaml", "content": "", "creation_timestamp": "2026-06-04T03:44:00.000000Z"}, {"uuid": "e8d94b05-3135-4ffa-988d-188f09e20e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47783", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16433", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47783\n\ud83d\udd25 CVSS Score: 7.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attacks. The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. Version 1.18.0 contains a patch for the issue.\n\ud83d\udccf Published: 2025-05-14T23:01:17.213Z\n\ud83d\udccf Modified: 2025-05-14T23:01:17.213Z\n\ud83d\udd17 References:\n1. https://github.com/HumanSignal/label-studio/security/advisories/GHSA-8jhr-wpcm-hh4h", "creation_timestamp": "2025-05-14T23:33:26.000000Z"}, {"uuid": "01da9114-6018-4019-83d7-fbc4ba47337c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-47783", "type": "published-proof-of-concept", "source": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-8jhr-wpcm-hh4h", "content": "", "creation_timestamp": "2025-05-14T19:34:57.000000Z"}, {"uuid": "461999f7-f692-4e38-96dd-838ab6d687f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47785", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16545", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47785\n\ud83d\udd25 CVSS Score: 8.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)\n\ud83d\udd39 Description: Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists.\n\ud83d\udccf Published: 2025-05-15T19:29:23.499Z\n\ud83d\udccf Modified: 2025-05-15T19:29:23.499Z\n\ud83d\udd17 References:\n1. https://github.com/emlog/emlog/security/advisories/GHSA-939m-47f7-m559", "creation_timestamp": "2025-05-15T19:33:05.000000Z"}, {"uuid": "a4a7c0f1-0146-48b0-8426-4e420535f001", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-47782", "type": "published-proof-of-concept", "source": "https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g5mq-prx7-c588", "content": "", "creation_timestamp": "2025-05-14T15:09:40.000000Z"}]}