https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 09 May 2026 09:55:34 +0000 https://vulnerability.circl.lu/sighting/88f295ce-befd-4ab9-9860-11c7740a1735/export {"uuid": "88f295ce-befd-4ab9-9860-11c7740a1735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32952", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13459", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32952\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:32:11.966Z\n\ud83d\udccf Modified: 2025-04-25T16:03:04.176Z\n\ud83d\udd17 References:\n1. https://github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m\n2. https://docs.jmix.io/jmix/files-vulnerabilities.html\n3. https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application", "creation_timestamp": "2025-04-25T16:07:18.000000Z"} {"uuid": "88f295ce-befd-4ab9-9860-11c7740a1735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32952", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13459", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32952\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:32:11.966Z\n\ud83d\udccf Modified: 2025-04-25T16:03:04.176Z\n\ud83d\udd17 References:\n1. https://github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m\n2. https://docs.jmix.io/jmix/files-vulnerabilities.html\n3. https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application", "creation_timestamp": "2025-04-25T16:07:18.000000Z"} https://vulnerability.circl.lu/sighting/88f295ce-befd-4ab9-9860-11c7740a1735/export Fri, 25 Apr 2025 16:07:18 +0000 https://vulnerability.circl.lu/sighting/8ffa92c5-367b-4585-bb73-5a881cbd9667/export {"uuid": "8ffa92c5-367b-4585-bb73-5a881cbd9667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32951", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13460", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32951\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:32:23.401Z\n\ud83d\udccf Modified: 2025-04-25T16:02:55.977Z\n\ud83d\udd17 References:\n1. https://github.com/jmix-framework/jmix/security/advisories/GHSA-x27v-f838-jh93\n2. https://docs.jmix.io/jmix/files-vulnerabilities.html\n3. https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application", "creation_timestamp": "2025-04-25T16:07:19.000000Z"} {"uuid": "8ffa92c5-367b-4585-bb73-5a881cbd9667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32951", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13460", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32951\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:32:23.401Z\n\ud83d\udccf Modified: 2025-04-25T16:02:55.977Z\n\ud83d\udd17 References:\n1. https://github.com/jmix-framework/jmix/security/advisories/GHSA-x27v-f838-jh93\n2. https://docs.jmix.io/jmix/files-vulnerabilities.html\n3. https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application", "creation_timestamp": "2025-04-25T16:07:19.000000Z"} https://vulnerability.circl.lu/sighting/8ffa92c5-367b-4585-bb73-5a881cbd9667/export Fri, 25 Apr 2025 16:07:19 +0000 https://vulnerability.circl.lu/sighting/9faff24c-3985-4c83-97d8-0e25110b999e/export {"uuid": "9faff24c-3985-4c83-97d8-0e25110b999e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"} {"uuid": "9faff24c-3985-4c83-97d8-0e25110b999e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"} https://vulnerability.circl.lu/sighting/9faff24c-3985-4c83-97d8-0e25110b999e/export Sat, 09 Aug 2025 13:26:56 +0000 https://vulnerability.circl.lu/sighting/2008add4-134b-4a18-ad76-aba418168f07/export {"uuid": "2008add4-134b-4a18-ad76-aba418168f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:36.000000Z"} {"uuid": "2008add4-134b-4a18-ad76-aba418168f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:36.000000Z"} https://vulnerability.circl.lu/sighting/2008add4-134b-4a18-ad76-aba418168f07/export Mon, 11 Aug 2025 18:47:36 +0000 https://vulnerability.circl.lu/sighting/23705587-a5ab-4d00-b2c8-90277ee87986/export {"uuid": "23705587-a5ab-4d00-b2c8-90277ee87986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3maja42zndp2w", "content": "", "creation_timestamp": "2025-12-21T17:19:42.020001Z"} {"uuid": "23705587-a5ab-4d00-b2c8-90277ee87986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3maja42zndp2w", "content": "", "creation_timestamp": "2025-12-21T17:19:42.020001Z"} https://vulnerability.circl.lu/sighting/23705587-a5ab-4d00-b2c8-90277ee87986/export Sun, 21 Dec 2025 17:19:42 +0000 https://vulnerability.circl.lu/sighting/b36eb66b-319b-4916-895d-2df0336e0e0a/export {"uuid": "b36eb66b-319b-4916-895d-2df0336e0e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3micyy2rkto2j", "content": "", "creation_timestamp": "2026-03-31T01:17:46.237935Z"} {"uuid": "b36eb66b-319b-4916-895d-2df0336e0e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3micyy2rkto2j", "content": "", "creation_timestamp": "2026-03-31T01:17:46.237935Z"} https://vulnerability.circl.lu/sighting/b36eb66b-319b-4916-895d-2df0336e0e0a/export Tue, 31 Mar 2026 01:17:46 +0000 https://vulnerability.circl.lu/sighting/ff788e1d-febd-4a64-ac01-1f836552891f/export {"uuid": "ff788e1d-febd-4a64-ac01-1f836552891f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3micz5zuvuo2h", "content": "", "creation_timestamp": "2026-03-31T01:21:06.593730Z"} {"uuid": "ff788e1d-febd-4a64-ac01-1f836552891f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3micz5zuvuo2h", "content": "", "creation_timestamp": "2026-03-31T01:21:06.593730Z"} https://vulnerability.circl.lu/sighting/ff788e1d-febd-4a64-ac01-1f836552891f/export Tue, 31 Mar 2026 01:21:06 +0000 https://vulnerability.circl.lu/sighting/66460fe7-4746-4c78-845c-fc66b0f01b04/export {"uuid": "66460fe7-4746-4c78-845c-fc66b0f01b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mid7camwkl2i", "content": "", "creation_timestamp": "2026-03-31T03:10:50.041767Z"} {"uuid": "66460fe7-4746-4c78-845c-fc66b0f01b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mid7camwkl2i", "content": "", "creation_timestamp": "2026-03-31T03:10:50.041767Z"} https://vulnerability.circl.lu/sighting/66460fe7-4746-4c78-845c-fc66b0f01b04/export Tue, 31 Mar 2026 03:10:50 +0000 https://vulnerability.circl.lu/sighting/29c53592-a386-43c0-98fd-2e22055d4ee3/export {"uuid": "29c53592-a386-43c0-98fd-2e22055d4ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "published-proof-of-concept", "source": "Telegram/bbla1pabQ6PMuVKeZ-DwTmBlqOcXGSdR93YlyGpOXR1ezik", "content": "", "creation_timestamp": "2026-03-31T03:17:00.000000Z"} {"uuid": "29c53592-a386-43c0-98fd-2e22055d4ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "published-proof-of-concept", "source": "Telegram/bbla1pabQ6PMuVKeZ-DwTmBlqOcXGSdR93YlyGpOXR1ezik", "content": "", "creation_timestamp": "2026-03-31T03:17:00.000000Z"} https://vulnerability.circl.lu/sighting/29c53592-a386-43c0-98fd-2e22055d4ee3/export Tue, 31 Mar 2026 03:17:00 +0000 https://vulnerability.circl.lu/sighting/7aa59a0d-5b75-4d61-89ba-3440cbdc9f17/export {"uuid": "7aa59a0d-5b75-4d61-89ba-3440cbdc9f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3milfdftw5q2k", "content": "", "creation_timestamp": "2026-04-03T09:20:09.801863Z"} {"uuid": "7aa59a0d-5b75-4d61-89ba-3440cbdc9f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3milfdftw5q2k", "content": "", "creation_timestamp": "2026-04-03T09:20:09.801863Z"} https://vulnerability.circl.lu/sighting/7aa59a0d-5b75-4d61-89ba-3440cbdc9f17/export Fri, 03 Apr 2026 09:20:09 +0000