{"vulnerability": "CVE-2025-2755", "sightings": [{"uuid": "bbf9e8d6-9c6a-4e9d-9de2-718c0be9c538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27553", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ll2p6j3kbl2v", "content": "", "creation_timestamp": "2025-03-23T16:50:29.314927Z"}, {"uuid": "96e2f192-cb88-4d24-84de-4e9fef17648d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2755", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll747qc5l626", "content": "", "creation_timestamp": "2025-03-25T10:54:32.142326Z"}, {"uuid": "5f63041a-49f4-465f-b8c6-f755755b3afa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27554", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114086071203267834", "content": "", "creation_timestamp": "2025-03-01T07:48:16.245848Z"}, {"uuid": "42cd04d7-4351-4bee-953b-c4a8f489df05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27554", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljff5wr3al2a", "content": "", "creation_timestamp": "2025-03-02T12:00:07.537442Z"}, {"uuid": "3c91559a-3bc5-438c-a2a9-fb91ca3502ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27553", "type": "seen", "source": "https://bsky.app/profile/garydgregory.bsky.social/post/3ll4t2xhgqs2w", "content": "", "creation_timestamp": "2025-03-24T13:05:24.762221Z"}, {"uuid": "582c1d7e-388f-45e8-8e58-22c9ba7f47ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27551", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:48:00.000000Z"}, {"uuid": "93dff706-313f-43ef-8722-fd262966b162", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27556", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lltry3r6n72a", "content": "", "creation_timestamp": "2025-04-02T16:17:08.647280Z"}, {"uuid": "451c8e91-ce2f-4ae6-a2d3-977326d82877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27556", "type": "seen", "source": "https://s.ovalerio.net/users/dethos/statuses/114270198691517569", "content": "", "creation_timestamp": "2025-04-02T20:14:43.565831Z"}, {"uuid": "8d672edb-87a2-43c5-adf1-011b5dbcce7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27556", "type": "seen", "source": "https://s.ovalerio.net/users/dethos/statuses/114270198691517569", "content": "", "creation_timestamp": "2025-04-02T20:14:43.573631Z"}, {"uuid": "d0486c76-3118-43cd-8321-06b6fc68295a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27553", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lusydkxxhk27", "content": "", "creation_timestamp": "2025-07-25T21:25:04.467707Z"}, {"uuid": "0026b272-b694-44ac-a6eb-0224c19460a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27558", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lppkpi73jk2k", "content": "", "creation_timestamp": "2025-05-21T21:37:11.168981Z"}, {"uuid": "71926d83-7c2a-4112-bbbf-d7fa59337434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27554", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:45.000000Z"}, {"uuid": "a403a17a-16c8-4256-adf5-517ff60e9f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27551", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:45.000000Z"}, {"uuid": "a5d137de-970d-45bd-a343-700f5a67292c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27555", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mfk47clem722", "content": "", "creation_timestamp": "2026-02-23T16:48:37.095438Z"}, {"uuid": "8e3d5921-405d-4ddc-a452-6cbb0a1b7fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27555", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mfmavwexlu2v", "content": "", "creation_timestamp": "2026-02-24T13:18:06.990638Z"}, {"uuid": "2cd3abd5-2aff-4b1e-ba01-136410f25270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-27558", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7b40a794-0cc0-4ca2-993d-f4988eda5faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27558", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/41833", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPatching CVE-2025-27558 vulnerability that had affected my linux image.\nURL\uff1ahttps://github.com/Atlas-ghostshell/CVE-2025-27558_Patching\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-25T10:26:35.000000Z"}, {"uuid": "749aa402-5f8c-4e6e-819b-24b6a57475a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2755", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8628", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2755\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument src.entries leads to out-of-bounds read. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-25T09:00:10.018Z\n\ud83d\udccf Modified: 2025-03-25T09:00:10.018Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300860\n2. https://vuldb.com/?ctiid.300860\n3. https://vuldb.com/?submit.517789\n4. https://github.com/assimp/assimp/issues/6017\n5. https://github.com/assimp/assimp/issues/6017#issue-2877374161", "creation_timestamp": "2025-03-25T09:24:15.000000Z"}, {"uuid": "e9541856-051c-451c-a104-12cca74567e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27554", "type": "seen", "source": "https://t.me/cvedetector/19207", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27554 - Cursor Desktop Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27554 \nPublished : March 1, 2025, 6:15 a.m. | 28\u00a0minutes ago \nDescription : ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T08:05:03.000000Z"}, {"uuid": "c60f0b4b-7c8b-4d03-b683-fdd9d094b2a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27554", "type": "seen", "source": "Telegram/kPsX91TXrixBmzyMAQskw2JRsc8fGWyBVgYWmom08WKfh3GF", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "581faebf-5f5c-42ab-91c3-a338e826df8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27554", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27554\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.\n\ud83d\udccf Published: 2025-03-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-01T06:00:59.388Z\n\ud83d\udd17 References:\n1. https://kibty.town/blog/todesktop\n2. https://www.todesktop.com/blog/posts/security-incident-at-todesktop\n3. https://news.ycombinator.com/item?id=43210858", "creation_timestamp": "2025-03-01T06:27:17.000000Z"}, {"uuid": "9c4b7071-0990-47e7-8eca-b21c7b432ecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27551", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8831", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27551\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\n\nThis vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.\n\nThis issue affects DBIx::Class::EncodedColumn until 0.00032.\n\ud83d\udccf Published: 2025-03-26T11:07:43.089Z\n\ud83d\udccf Modified: 2025-03-26T11:07:43.089Z\n\ud83d\udd17 References:\n1. https://security.metacpan.org/docs/guides/random-data-for-security.html\n2. https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes", "creation_timestamp": "2025-03-26T11:25:26.000000Z"}, {"uuid": "1b54fc48-f687-4f14-8660-181cf59a8abb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27552", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8830", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27552\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\n\nThis vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.\n\nThis issue affects DBIx::Class::EncodedColumn until 0.00032.\n\ud83d\udccf Published: 2025-03-26T11:08:11.434Z\n\ud83d\udccf Modified: 2025-03-26T11:08:11.434Z\n\ud83d\udd17 References:\n1. https://security.metacpan.org/docs/guides/random-data-for-security.html\n2. https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes", "creation_timestamp": "2025-03-26T11:25:25.000000Z"}, {"uuid": "4872ee55-1cbf-4641-bc70-82bc1f9f31cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27556", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10064", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27556\n\ud83d\udd25 CVSS Score: 5.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)\n\ud83d\udd39 Description: An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.\n\ud83d\udccf Published: 2025-04-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-02T13:27:54.960Z\n\ud83d\udd17 References:\n1. https://docs.djangoproject.com/en/dev/releases/security/\n2. https://groups.google.com/g/django-announce\n3. https://www.djangoproject.com/weblog/2025/apr/02/security-releases/", "creation_timestamp": "2025-04-02T13:33:35.000000Z"}, {"uuid": "28092f34-619d-4cf6-bdc6-eb291046aa27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2755", "type": "seen", "source": "https://t.me/cvedetector/21074", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2755 - \"Assimp AC3D File Handler Out-of-Bounds Read Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-2755 \nPublished : March 25, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument src.entries leads to out-of-bounds read. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T11:07:59.000000Z"}, {"uuid": "64dfbdeb-2040-4256-9e64-35c855d2b3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27558", "type": "published-proof-of-concept", "source": "Telegram/ZQhPX1V8GYQ5EYOevxB04s5FpxIRBluCF7hhQG6fyoTGOeU", "content": "", "creation_timestamp": "2025-06-25T15:00:05.000000Z"}, {"uuid": "a78cbe43-48cf-49ef-a17f-5fec826ce20c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27556", "type": "seen", "source": "https://t.me/cvedetector/21865", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27556 - Django Denial-of-Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27556 \nPublished : April 2, 2025, 1:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T16:39:23.000000Z"}, {"uuid": "06808660-7db1-4e17-9a48-85f406e1ccc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27552", "type": "seen", "source": "https://t.me/cvedetector/21173", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27552 - DBIx::Class::EncodedColumn Cryptographic Password Hashing Weakness\", \n  \"Content\": \"CVE ID : CVE-2025-27552 \nPublished : March 26, 2025, 11:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  \n  \nThis vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.  \n  \nThis issue affects DBIx::Class::EncodedColumn until 0.00032. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T13:53:24.000000Z"}, {"uuid": "ad7815b8-eb75-4ba9-b9ef-994e6fea26ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2755", "type": "published-proof-of-concept", "source": "Telegram/KKNSfhz-mhha5P6fDB5hkKZz3e-3yzTpgadHwHFP70I_DHE", "content": "", "creation_timestamp": "2025-03-25T11:01:05.000000Z"}, {"uuid": "0e1d8594-14ee-46d4-9f1f-8ff48bde696d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27551", "type": "seen", "source": "https://t.me/cvedetector/21176", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27551 - DBIx::Class::EncodedColumn Cryptographically Insecure Password Hashing\", \n  \"Content\": \"CVE ID : CVE-2025-27551 \nPublished : March 26, 2025, 11:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.  \n  \nThis vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.  \n  \nThis issue affects DBIx::Class::EncodedColumn until 0.00032. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T13:53:30.000000Z"}, {"uuid": "bfc60986-d079-4650-b21a-e08caba3127a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27554", "type": "published-proof-of-concept", "source": "Telegram/IkiNpkr4ydRbaMZsPe1KBjztuK3oXyNcJtTYc9OLzTRlSk8", "content": "", "creation_timestamp": "2025-03-01T08:00:33.000000Z"}, {"uuid": "c3e1b959-6ad7-4c63-9dfa-647d5c54b3cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27553", "type": "seen", "source": "https://t.me/cvedetector/20902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27553 - Apache Commons VFS Descendant File Object Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27553 \nPublished : March 23, 2025, 3:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.  \n  \nThe FileObject API in Commons VFS has a 'resolveFile' method that  \ntakes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that \"an exception is thrown if the resolved file is not a descendent of  \nthe base file\". However, when the path contains encoded \"..\"  \ncharacters (for example, \"%2E%2E/bar.txt\"), it might return file objects that are not  \na descendent of the base file, without throwing an exception.  \nThis issue affects Apache Commons VFS: before 2.10.0.  \n  \nUsers are recommended to upgrade to version 2.10.0, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-23T18:09:21.000000Z"}]}