{"vulnerability": "CVE-2025-2161", "sightings": [{"uuid": "1494c15c-624a-441e-a012-8244673579b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21613", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113782669240994944", "content": "", "creation_timestamp": "2025-01-06T17:49:11.278764Z"}, {"uuid": "6bcec5b6-9a00-41fc-ab8a-3eecbe9e7e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21612", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lf5uiljgkc2s", "content": "", "creation_timestamp": "2025-01-07T14:32:29.068275Z"}, {"uuid": "0568e4ca-1355-4d1c-916f-c51d70ed296f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21612", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lf5uowozx52w", "content": "", "creation_timestamp": "2025-01-07T14:35:58.468177Z"}, {"uuid": "d4c825cd-59ec-4763-9fe8-545e30e2a2a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21617", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783059656534803", "content": "", "creation_timestamp": "2025-01-06T19:28:26.761540Z"}, {"uuid": "345abbaa-9e9f-4932-bbea-beccbe413b6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21617", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3x7zgqtv25", "content": "", "creation_timestamp": "2025-01-06T20:15:59.935878Z"}, {"uuid": "1f7d1b8e-d6b1-4f2f-82df-51262dd2f9f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21617", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf3yyknuuu2k", "content": "", "creation_timestamp": "2025-01-06T20:47:37.865009Z"}, {"uuid": "77ff0fdf-7605-46f0-97af-86f539f978ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21616", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113783537498716667", "content": "", "creation_timestamp": "2025-01-06T21:29:57.926537Z"}, {"uuid": "72f676c1-9291-4a0d-968c-b2fd681c3c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21610", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113765416067424067", "content": "", "creation_timestamp": "2025-01-03T16:41:27.095006Z"}, {"uuid": "159cfde5-e641-4aec-9ebd-b72856a3428a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21611", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113782178626856481", "content": "", "creation_timestamp": "2025-01-06T15:44:23.509896Z"}, {"uuid": "fe86524b-4868-463f-96ec-f33d2ad3e365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21612", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113782200387637257", "content": "", "creation_timestamp": "2025-01-06T15:49:55.466991Z"}, {"uuid": "387fb72a-670f-49a0-a8b9-bd0ca61eef72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21611", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3jt4vtmb2l", "content": "", "creation_timestamp": "2025-01-06T16:16:09.013410Z"}, {"uuid": "be93d689-2d11-42e5-95de-b79e3eaab19d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21612", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3jt7ildc22", "content": "", "creation_timestamp": "2025-01-06T16:16:11.341519Z"}, {"uuid": "339f76a9-e62a-4aea-a60c-6c334b76a647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21615", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113782380538487006", "content": "", "creation_timestamp": "2025-01-06T16:35:44.275650Z"}, {"uuid": "a990ac56-dcd6-4f9c-b22b-6fbdc3536dab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21618", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113782380555612442", "content": "", "creation_timestamp": "2025-01-06T16:35:44.572012Z"}, {"uuid": "f215be53-dd19-4d50-a739-2f11adfe8401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21612", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf3l2whee62e", "content": "", "creation_timestamp": "2025-01-06T16:38:25.694992Z"}, {"uuid": "7981f688-b33c-4671-a89e-deb685204754", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21611", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf3l2wrwjr2q", "content": "", "creation_timestamp": "2025-01-06T16:38:27.477871Z"}, {"uuid": "57d84ff0-dc2b-424c-8126-ce7ff07d06f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21611", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf3l2wvapc2b", "content": "", "creation_timestamp": "2025-01-06T16:38:28.061596Z"}, {"uuid": "5e92eb38-7a57-4258-9e39-1c5e4891b351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21611", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113782430353816248", "content": "", "creation_timestamp": "2025-01-06T16:48:24.916175Z"}, {"uuid": "3e8db135-90c9-4a86-a8cd-49e8484a4644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21612", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113782430406014183", "content": "", "creation_timestamp": "2025-01-06T16:48:26.237937Z"}, {"uuid": "bc01434e-4b20-4bd0-8a10-ca5f6b64a3ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21613", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3n7ej2uw22", "content": "", "creation_timestamp": "2025-01-06T17:16:40.969766Z"}, {"uuid": "cc2a39b9-ab42-40dc-92e4-463a2a9d8c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21614", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3n7i6jjn2m", "content": "", "creation_timestamp": "2025-01-06T17:16:44.358321Z"}, {"uuid": "88c12267-fc5f-4d12-8604-c3a1c073d0cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21615", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3n7kfohx2e", "content": "", "creation_timestamp": "2025-01-06T17:16:47.022074Z"}, {"uuid": "531d8cd5-32dd-4471-bca7-ec0dafb30141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21618", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3n7mqsqn2f", "content": "", "creation_timestamp": "2025-01-06T17:16:49.162263Z"}, {"uuid": "e6d5fc41-abb1-45de-9f5b-26e4b1ccc41b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21613", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lf76tydeaz25", "content": "", "creation_timestamp": "2025-01-08T03:10:25.828723Z"}, {"uuid": "0337ac7f-604f-4ec5-a705-43fc46e71095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21613", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lf7a35l4oc25", "content": "", "creation_timestamp": "2025-01-08T03:32:22.303889Z"}, {"uuid": "9fea2aa1-d460-41b4-89a4-79560910c441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-21613", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lf7gacarn22q", "content": "", "creation_timestamp": "2025-01-08T05:22:34.740357Z"}, {"uuid": "41fe1adb-f09e-4906-9ce8-cfef938c1681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21613", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lf7wlqpksg27", "content": "", "creation_timestamp": "2025-01-08T10:15:19.823774Z"}, {"uuid": "eb5fd707-d887-44e4-a7d4-5171980df5f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2161", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:34.950463Z"}, {"uuid": "34d2376b-8cff-4f53-ab9b-697960893c35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21619", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114185140719428080", "content": "", "creation_timestamp": "2025-03-18T19:42:57.291636Z"}, {"uuid": "52463b7c-2401-420f-a56a-41814ae2bd12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21619", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkoihzndug2k", "content": "", "creation_timestamp": "2025-03-18T20:18:40.260764Z"}, {"uuid": "f1b3443a-a1d2-4feb-a963-f60ed7dcc2c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21614", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3661", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21614\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\nA denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.13`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. \n\nThis is a `go-git` implementation issue and does not affect the upstream `git` cli.\n\n### Patches\nUsers running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.13` in order to mitigate this vulnerability.\n\n### Workarounds\nIn cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers.\n\n## Credit\nThanks to Ionut Lalu for responsibly disclosing this vulnerability to us.\n\n\ud83d\udccf Published: 2025-01-06T16:20:28Z\n\ud83d\udccf Modified: 2025-01-31T14:42:21Z\n\ud83d\udd17 References:\n1. https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-21614\n3. https://github.com/go-git/go-git", "creation_timestamp": "2025-01-31T15:14:55.000000Z"}, {"uuid": "8707ade1-25e9-4ea4-baaf-01ed2f4d7f89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21619", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "1678bbeb-e9b0-4b59-8688-cefe2c8b7a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21619", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}, {"uuid": "6a18282a-9748-43be-bdeb-6f4e4cd9d1dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21618", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/178", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-v6jv-p6r8-j78w\n\ud83d\udd17 Aliases: CVE-2025-21618\n\ud83d\udd39 Details: ### Summary\nOnce a user logins to one browser, all other browsers are logged in without entering password. Even incognito mode.\n\n### Impact\nhigh\n\ud83d\udd22 Severity: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n\ud83d\uddd3\ufe0f Modified: 2025-01-06T16:31:16Z\n\ud83d\uddd3\ufe0f Published: 2025-01-06T16:31:16Z\n\ud83c\udff7\ufe0f CWE IDs: CWE-287\n\ud83d\udd17 References:\n1. https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j8w\n2. https://github.com/zauberzeug/nicegui/commit/1621a4ba6a0666b8094362d36623551e651adc1\n3. https://github.com/zauberzeug/nicegui", "creation_timestamp": "2025-01-06T16:37:36.000000Z"}, {"uuid": "8c728923-9d04-4c5c-b655-02e7b2675f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21616", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/236", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21616\n\ud83d\udd39 Description: Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.\n\ud83d\udccf Published: 2025-01-06T21:22:24.129Z\n\ud83d\udccf Modified: 2025-01-06T21:22:24.129Z\n\ud83d\udd17 References:\n1. https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j", "creation_timestamp": "2025-01-06T21:36:04.000000Z"}, {"uuid": "2def68e1-15ff-4005-82da-0e6236c79a02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21616", "type": "seen", "source": "https://t.me/cvedetector/14409", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21616 - Plane XSS Image Profile Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21616 \nPublished : Jan. 6, 2025, 10:15 p.m. | 42\u00a0minutes ago \nDescription : Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T00:28:22.000000Z"}, {"uuid": "a8ac7775-17fd-4522-9dcf-4b395135b23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2161", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11630", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2161\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup\n\ud83d\udccf Published: 2025-04-14T14:19:37.824Z\n\ud83d\udccf Modified: 2025-04-14T14:32:37.786Z\n\ud83d\udd17 References:\n1. https://support.pega.com/support-doc/pega-security-advisory-d25-vulnerability-remediation-note", "creation_timestamp": "2025-04-14T14:54:00.000000Z"}, {"uuid": "93bbf225-3567-45de-ba86-2f768989d200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2161", "type": "seen", "source": "https://t.me/cvedetector/22873", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2161 - Pega Platform Mashup Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-2161 \nPublished : April 14, 2025, 3:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T18:51:32.000000Z"}, {"uuid": "bd031dbf-6d17-4664-8246-0f932f45f87c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21619", "type": "seen", "source": "https://t.me/cvedetector/20608", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21619 - \"GLPI SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-21619 \nPublished : March 18, 2025, 7:15 p.m. | 1\u00a0hour, 22\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T21:55:43.000000Z"}, {"uuid": "db4cb45b-3d97-48a1-b9ed-c8ca1e06c5b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21612", "type": "seen", "source": "https://t.me/cvedetector/14363", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21612 - TabberNeue Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-21612 \nPublished : Jan. 6, 2025, 4:15 p.m. | 23\u00a0minutes ago \nDescription : TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T17:45:59.000000Z"}, {"uuid": "065604f2-a050-4668-8e8a-69c989481a71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21617", "type": "seen", "source": "https://t.me/cvedetector/14406", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21617 - Guzzle OAuth Subscriber Low-Entropy Nonce Generation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21617 \nPublished : Jan. 6, 2025, 8:15 p.m. | 36\u00a0minutes ago \nDescription : Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T21:57:56.000000Z"}, {"uuid": "83ca0d1d-dfdd-417e-a81a-3ee024ba5cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21618", "type": "seen", "source": "https://t.me/cvedetector/14373", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21618 - NiceGUI Incognito Mode Session Persistence Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21618 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:26.000000Z"}, {"uuid": "bccd6173-5317-47e3-b8df-9d82b9823353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21614", "type": "seen", "source": "https://t.me/cvedetector/14372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21614 - Go-git Git Server Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21614 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:25.000000Z"}, {"uuid": "d86a25f1-01ed-4c4a-87ef-914dfb7dec70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21615", "type": "seen", "source": "https://t.me/cvedetector/14371", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21615 - AAT Activity Tracker Data Exfiltration\", \n  \"Content\": \"CVE ID : CVE-2025-21615 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:24.000000Z"}, {"uuid": "bbd73580-c0b1-44cc-87f4-60ca3979a04a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21613", "type": "seen", "source": "https://t.me/cvedetector/14370", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21613 - Go-Get Argument Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21613 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:23.000000Z"}, {"uuid": "574129c5-77bf-4f32-996e-6903482a6363", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21611", "type": "seen", "source": "https://t.me/cvedetector/14364", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21611 - Tgstation-Server Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-21611 \nPublished : Jan. 6, 2025, 4:15 p.m. | 23\u00a0minutes ago \nDescription : tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T17:46:00.000000Z"}, {"uuid": "0c0a96e2-8ab3-4228-bbe5-adfdf46afacb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21610", "type": "seen", "source": "https://t.me/cvedetector/14230", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21610 - Trix Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21610 \nPublished : Jan. 3, 2025, 5:15 p.m. | 16\u00a0minutes ago \nDescription : Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&amp;paste a malicious `javascript:` URL as a link that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. Users should upgrade to Trix editor version 2.1.12 or later to receive a patch. In addition to upgrading, affected users can disallow browsers that don't support a Content Security Policy (CSP) as a workaround for this and other cross-site scripting vulnerabilities. Set CSP policies such as script-src 'self' to ensure that only scripts hosted on the same origin are executed, and explicitly prohibit inline scripts using script-src-elem. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-03T18:41:40.000000Z"}, {"uuid": "fd77639f-dad0-4baa-866d-2009588fe1ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2161", "type": "seen", "source": "Telegram/OFuRR0civy3slRsbeYmtpiy7fl08jVMyZ8fXlQ6_z9u1Umw", "content": "", "creation_timestamp": "2025-04-14T17:02:16.000000Z"}, {"uuid": "c0250de6-f9a1-4770-9a8d-83b45ae3fce5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21616", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/10097", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21616\n\ud83d\udd39 Description: Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.\n\ud83d\udccf Published: 2025-01-06T21:22:24.129Z\n\ud83d\udccf Modified: 2025-01-06T21:22:24.129Z\n\ud83d\udd17 References:\n1. https://github.com/makeplane/plane/security/advisories/GHSA-rcg8-g69v-x23j", "creation_timestamp": "2025-01-06T22:36:29.000000Z"}]}