{"vulnerability": "CVE-2025-2978", "sightings": [{"uuid": "1f561c5b-8284-47d3-bb1c-08f858c48227", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29787", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lklphtrxtc2s", "content": "", "creation_timestamp": "2025-03-17T17:45:48.708058Z"}, {"uuid": "9c4b29cc-82f9-4df9-9cb3-172bdbb0e930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29786", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lklphtvg3q2x", "content": "", "creation_timestamp": "2025-03-17T17:45:49.280705Z"}, {"uuid": "d5fe0911-f299-415b-a82d-9b7db2270abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29788", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lklphv2brq2x", "content": "", "creation_timestamp": "2025-03-17T17:45:55.041811Z"}, {"uuid": "5405f086-1b77-47b2-be84-5fcfde70e1f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxsfwna2j", "content": "", "creation_timestamp": "2025-03-19T23:00:12.182976Z"}, {"uuid": "66a2a3e4-ef13-44ea-92fe-c5edf382fa60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://bsky.app/profile/hackthis.ai/post/3lkz3weki5c2u", "content": "", "creation_timestamp": "2025-03-23T01:33:15.819605Z"}, {"uuid": "8ddbcd9b-1690-4d90-935b-e9fea1ec5483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29789", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llalpbmmyz26", "content": "", "creation_timestamp": "2025-03-26T01:04:18.761216Z"}, {"uuid": "de85ff66-21d5-4609-b67a-235421c0f0a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29782", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkemn3vz7h2s", "content": "", "creation_timestamp": "2025-03-14T22:06:23.260837Z"}, {"uuid": "a61cbc10-d1a5-4841-a2dd-bf42dbc9f8cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114190269963714967", "content": "", "creation_timestamp": "2025-03-19T17:27:23.037413Z"}, {"uuid": "e3ac7ab1-590c-4768-adfa-d17942809b4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkqmqrrvxt2p", "content": "", "creation_timestamp": "2025-03-19T16:40:23.907932Z"}, {"uuid": "84368ab0-f86e-4908-a91e-690ca0ee26b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114190588256677793", "content": "", "creation_timestamp": "2025-03-19T18:48:42.255833Z"}, {"uuid": "9661830a-c080-42ee-bec9-ad518600c65a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtncnlid2m", "content": "", "creation_timestamp": "2025-03-19T18:43:50.225205Z"}, {"uuid": "22f1774b-fa12-4a55-8fd7-4dfd06e8a2d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lksk7a5k3l23", "content": "", "creation_timestamp": "2025-03-20T11:00:09.953918Z"}, {"uuid": "20bf48c4-b955-41ce-bddd-472e84d120c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29780", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114162131093338024", "content": "", "creation_timestamp": "2025-03-14T18:11:18.887517Z"}, {"uuid": "cc6d5707-17b2-439e-ab09-a43fcc96f34f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29785", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqmncgs2gxe2", "content": "", "creation_timestamp": "2025-06-02T11:11:12.639928Z"}, {"uuid": "d385e551-a3ee-4e0e-a7bf-44f5db18ab01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29784", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln42fqqdtg2j", "content": "", "creation_timestamp": "2025-04-18T16:34:33.306078Z"}, {"uuid": "bd937958-548e-4025-be41-fadf02bd48ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29784", "type": "seen", "source": "https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3ln45d6wot6u2", "content": "", "creation_timestamp": "2025-04-18T17:28:22.321929Z"}, {"uuid": "eac5d684-9bea-4ebd-99de-7c85a86d0ac2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lorjn7numc25", "content": "", "creation_timestamp": "2025-05-09T22:58:09.520905Z"}, {"uuid": "79b5bb78-6dd5-40cc-8a98-4476c8523f87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29786", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3maejvlvqbz2i", "content": "", "creation_timestamp": "2025-12-19T20:31:50.531137Z"}, {"uuid": "c5329673-7119-46c0-91d2-d74a247baa69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29787", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7771", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29787\n\ud83d\udd25 CVSS Score: 7.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: `zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. Users who extract untrusted archive files using the following high-level API method may be affected and critical files on the system may be overwritten with arbitrary file permissions, which can potentially lead to code execution. Version 2.3.0 fixes the issue.\n\ud83d\udccf Published: 2025-03-17T13:19:23.925Z\n\ud83d\udccf Modified: 2025-03-17T13:19:23.925Z\n\ud83d\udd17 References:\n1. https://github.com/zip-rs/zip2/security/advisories/GHSA-94vh-gphv-8pm8\n2. https://github.com/zip-rs/zip2/commit/a2e062f37066c3b12860a32eb1cb44856cfb7afe\n3. https://gist.github.com/eternal-flame-AD/bf71ef4f6828e741eb12ce7fd47b7b85\n4. https://github.com/zip-rs/zip2/releases/tag/v2.3.0", "creation_timestamp": "2025-03-17T13:47:05.000000Z"}, {"uuid": "7ea1205d-a6d8-4718-b324-5e19fc05ae63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29781", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7861", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29781\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource `BMCEventSubscription`. Prior to versions 0.8.1 and 0.9.1, an adversary Kubernetes account with only namespace level roles (e.g. a tenant controlling a namespace) may create a `BMCEventSubscription` in his authorized namespace and then load Secrets from his unauthorized namespaces to his authorized namespace via the Baremetal Operator, causing Secret Leakage. The patch makes BMO refuse to read Secrets from other namespace than where the corresponding BMH resource is. The patch does not change the `BMCEventSubscription` API in BMO, but stricter validation will fail the request at admission time. It will also prevent the controller reading such Secrets, in case the BMCES CR has already been deployed. The issue exists for all versions of BMO, and is patched in BMO releases v0.9.1 and v0.8.1. Prior upgrading to patched BMO version, duplicate any existing Secret pointed to by `BMCEventSubscription`'s `httpHeadersRef` to the same namespace where the corresponding BMH exists. After upgrade, remove the old Secrets. As a workaround, the operator can configure BMO RBAC to be namespace scoped, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces, and/or use `WATCH_NAMESPACE` configuration option to limit BMO to single namespace.\n\ud83d\udccf Published: 2025-03-17T21:37:31.856Z\n\ud83d\udccf Modified: 2025-03-17T21:37:31.856Z\n\ud83d\udd17 References:\n1. https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-c98h-7hp9-v9hq\n2. https://github.com/metal3-io/baremetal-operator/pull/2321\n3. https://github.com/metal3-io/baremetal-operator/pull/2322\n4. https://github.com/metal3-io/baremetal-operator/commit/19f8443b1fe182f76dd81b43122e8dd102f8b94c\n5. https://github.com/metal3-io/metal3-docs/blob/main/design/baremetal-operator/bmc-events.md", "creation_timestamp": "2025-03-17T21:47:25.000000Z"}, {"uuid": "12ac61a2-e58b-431b-ba65-dade12fa5225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29782", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7635", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29782\n\ud83d\udd25 CVSS Score: 6.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.2.17 contains a patch for the issue.\n\ud83d\udccf Published: 2025-03-14T19:05:40.774Z\n\ud83d\udccf Modified: 2025-03-14T19:05:40.774Z\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5x5w-5c99-vr8h\n2. https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.17", "creation_timestamp": "2025-03-14T19:45:05.000000Z"}, {"uuid": "d360657d-29e6-4ef4-aa37-28420a71830d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29788", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7770", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29788\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: The Syliud PayPal Plugin is the Sylius Core Team\u2019s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Express Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially transmitted amount, while Sylius incorrectly considers the order fully paid based on the modified total. This flaw can be exploited both accidentally and intentionally, potentially enabling fraud by allowing customers to pay less than the actual order value. Attackers can intentionally pay less than the actual total order amount, business owners may suffer financial losses due to underpaid orders, and integrity of payment processing is compromised. The issue is fixed in versions 1.6.1, 1.7.1, 2.0.1, and above. To resolve the problem in the end application without updating to the newest patches, there is a need to overwrite `ProcessPayPalOrderAction`, `CompletePayPalOrderFromPaymentPageAction`, and `CaptureAction` with modified logic.\n\ud83d\udccf Published: 2025-03-17T13:25:24.343Z\n\ud83d\udccf Modified: 2025-03-17T13:25:24.343Z\n\ud83d\udd17 References:\n1. https://github.com/Sylius/PayPalPlugin/security/advisories/GHSA-pqq3-q84h-pj6x\n2. https://github.com/Sylius/PayPalPlugin/commit/31e71b0457e5d887a6c19f8cfabb8b16125ec406\n3. https://github.com/Sylius/PayPalPlugin/commit/8a81258f965b7860d4bccb52942e4c5b53e6774d\n4. https://github.com/Sylius/PayPalPlugin/releases/tag/v1.6.1\n5. https://github.com/Sylius/PayPalPlugin/releases/tag/v1.7.1\n6. https://github.com/Sylius/PayPalPlugin/releases/tag/v2.0.1", "creation_timestamp": "2025-03-17T13:47:01.000000Z"}, {"uuid": "8337a06b-0130-49b2-b717-abf80660c269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29786", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7769", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29786\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn\u2019t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead to*excessive memory usage and an Out-Of-Memory (OOM) crash of the process. This issue is relatively uncommon and will only manifest when there are no restrictions on the input size, i.e. the expression length is allowed to grow arbitrarily large. In typical use cases where inputs are bounded or validated, this problem would not occur. The problem has been patched in the latest versions of the Expr library. The fix introduces compile-time limits on the number of AST nodes and memory usage during parsing, preventing any single expression from exhausting resources. Users should upgrade to Expr version 1.17.0 or later, as this release includes the new node budget and memory limit safeguards. Upgrading to v1.17.0 ensures that extremely deep or large expressions are detected and safely aborted during compilation, avoiding the OOM condition. For users who cannot immediately upgrade, the recommended workaround is to impose an input size restriction before parsing. In practice, this means validating or limiting the length of expression strings that your application will accept. For example, set a maximum allowable number of characters (or nodes) for any expression and reject or truncate inputs that exceed this limit. By ensuring no unbounded-length expression is ever fed into the parser, one can prevent the parser from constructing a pathologically large AST and avoid potential memory exhaustion. In short, pre-validate and cap input size as a safeguard in the absence of the patch.\n\ud83d\udccf Published: 2025-03-17T13:15:32.836Z\n\ud83d\udccf Modified: 2025-03-17T13:29:29.177Z\n\ud83d\udd17 References:\n1. https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2\n2. https://github.com/expr-lang/expr/pull/762", "creation_timestamp": "2025-03-17T13:47:00.000000Z"}, {"uuid": "e9cc0caa-dd7f-4f47-84f3-204f3180cda4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2978", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9606", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2978\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-31T05:31:04.473Z\n\ud83d\udccf Modified: 2025-03-31T05:31:04.473Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302030\n2. https://vuldb.com/?ctiid.302030\n3. https://vuldb.com/?submit.523093\n4. https://github.com/caigo8/CVE-md/blob/main/wcms11/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0RCE.md", "creation_timestamp": "2025-03-31T06:31:16.000000Z"}, {"uuid": "41f5bbf4-c201-4cd3-96a2-a2ed5cfcebfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29789", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8786", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29789\n\ud83d\udd25 CVSS Score: 4.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.\n\ud83d\udccf Published: 2025-03-25T20:29:29.892Z\n\ud83d\udccf Modified: 2025-03-25T20:39:41.939Z\n\ud83d\udd17 References:\n1. https://github.com/openemr/openemr/security/advisories/GHSA-ffpq-2wqj-v8ff\n2. https://github.com/openemr/openemr/commit/ef3bb7f84ebe8ef54d55416e587ec2fefd065489", "creation_timestamp": "2025-03-25T21:25:39.000000Z"}, {"uuid": "1fb9a8f6-d0d7-4c3c-9c74-da8e421cd138", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29784", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12468", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29784\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0.\n\ud83d\udccf Published: 2025-04-18T15:50:17.656Z\n\ud83d\udccf Modified: 2025-04-18T15:50:17.656Z\n\ud83d\udd17 References:\n1. https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm\n2. https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd\n3. https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", "creation_timestamp": "2025-04-18T15:58:47.000000Z"}, {"uuid": "2d097ebe-93e7-47d3-b687-87957ae5808b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29784", "type": "seen", "source": "https://t.me/cvedetector/23316", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29784 - NamelessMC Denial-of-Service (DoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29784 \nPublished : April 18, 2025, 4:15 p.m. | 26\u00a0minutes ago \nDescription : NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:04:58.000000Z"}, {"uuid": "c095f1fb-5d07-4152-8716-4a265fc6e2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29785", "type": "published-proof-of-concept", "source": "Telegram/rXYL1lXWkEU6X4s-B12vmJDiUkp3J5RpkWN8Rf8Wlc0XZWI", "content": "", "creation_timestamp": "2025-06-02T12:01:30.000000Z"}, {"uuid": "f53c35ec-f287-46f4-9414-2551eb59e81a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2978", "type": "seen", "source": "https://t.me/cvedetector/21553", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2978 - \"WCMS Unrestricted File Upload Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-2978 \nPublished : March 31, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T09:09:15.000000Z"}, {"uuid": "5e93b040-df8b-4476-84c3-9f95df99cd2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29780", "type": "seen", "source": "https://t.me/cvedetector/20331", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29780 - Post-Quantum Secure Feldman's Verifiable Secret Sharing Timing Side-Channel Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29780 \nPublished : March 14, 2025, 6:15 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations, specifically within the `_find_secure_pivot` function and potentially other parts of `_secure_matrix_solve`. These vulnerabilities are due to Python's execution model, which does not guarantee constant-time execution. An attacker with the ability to measure the execution time of these functions (e.g., through repeated calls with carefully crafted inputs) could potentially recover secret information used in the Verifiable Secret Sharing (VSS) scheme. The `_find_secure_pivot` function, used during Gaussian elimination in `_secure_matrix_solve`, attempts to find a non-zero pivot element. However, the conditional statement `if matrix[row][col] != 0 and row_random < min_value:` has execution time that depends on the value of `matrix[row][col]`. This timing difference can be exploited by an attacker. The `constant_time_compare` function in this file also does not provide a constant-time guarantee. The Python implementation of matrix operations in the _find_secure_pivot and _secure_matrix_solve functions cannot guarantee constant-time execution, potentially leaking information about secret polynomial coefficients. An attacker with the ability to make precise timing measurements of these operations could potentially extract secret information through statistical analysis of execution times, though practical exploitation would require significant expertise and controlled execution environments. Successful exploitation of these timing side-channels could allow an attacker to recover secret keys or other sensitive information protected by the VSS scheme. This could lead to a complete compromise of the shared secret. As of time of publication, no patched versions of Post-Quantum Secure Feldman's Verifiable Secret Sharing exist, but other mitigations are available. As acknowledged in the library's documentation, these vulnerabilities cannot be adequately addressed in pure Python. In the short term, consider using this library only in environments where timing measurements by attackers are infeasible. In the medium term, implement your own wrappers around critical operations using constant-time libraries in languages like Rust, Go, or C. In the long term, wait for the planned Rust implementation mentioned in the library documentation that will properly address these issues. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T20:53:39.000000Z"}, {"uuid": "73d5eccb-cce7-4ebe-9295-2e59b5ea1c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29788", "type": "seen", "source": "https://t.me/cvedetector/20482", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29788 - Sylius PayPal Plugin Payment Amount Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29788 \nPublished : March 17, 2025, 2:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : The Syliud PayPal Plugin is the Sylius Core Team\u2019s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Express Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially transmitted amount, while Sylius incorrectly considers the order fully paid based on the modified total. This flaw can be exploited both accidentally and intentionally, potentially enabling fraud by allowing customers to pay less than the actual order value. Attackers can intentionally pay less than the actual total order amount, business owners may suffer financial losses due to underpaid orders, and integrity of payment processing is compromised. The issue is fixed in versions 1.6.1, 1.7.1, 2.0.1, and above. To resolve the problem in the end application without updating to the newest patches, there is a need to overwrite `ProcessPayPalOrderAction`, `CompletePayPalOrderFromPaymentPageAction`, and `CaptureAction` with modified logic. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T17:28:15.000000Z"}, {"uuid": "79cc7620-8a0f-4a77-9a79-a75467416025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29786", "type": "seen", "source": "https://t.me/cvedetector/20481", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29786 - Go Expr Excessive Memory Consumption Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-29786 \nPublished : March 17, 2025, 2:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn\u2019t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead to*excessive memory usage and an Out-Of-Memory (OOM) crash of the process. This issue is relatively uncommon and will only manifest when there are no restrictions on the input size, i.e. the expression length is allowed to grow arbitrarily large. In typical use cases where inputs are bounded or validated, this problem would not occur. The problem has been patched in the latest versions of the Expr library. The fix introduces compile-time limits on the number of AST nodes and memory usage during parsing, preventing any single expression from exhausting resources. Users should upgrade to Expr version 1.17.0 or later, as this release includes the new node budget and memory limit safeguards. Upgrading to v1.17.0 ensures that extremely deep or large expressions are detected and safely aborted during compilation, avoiding the OOM condition. For users who cannot immediately upgrade, the recommended workaround is to impose an input size restriction before parsing. In practice, this means validating or limiting the length of expression strings that your application will accept. For example, set a maximum allowable number of characters (or nodes) for any expression and reject or truncate inputs that exceed this limit. By ensuring no unbounded-length expression is ever fed into the parser, one can prevent the parser from constructing a pathologically large AST and avoid potential memory exhaustion. In short, pre-validate and cap input size as a safeguard in the absence of the patch. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T17:28:14.000000Z"}, {"uuid": "42f59fa1-f313-41f3-a962-1ce3c8bf7ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29787", "type": "seen", "source": "https://t.me/cvedetector/20480", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29787 - Rust Zip Symbolic Link Overwrite Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29787 \nPublished : March 17, 2025, 2:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : `zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. Users who extract untrusted archive files using the following high-level API method may be affected and critical files on the system may be overwritten with arbitrary file permissions, which can potentially lead to code execution. Version 2.3.0 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T17:28:13.000000Z"}, {"uuid": "dc0f7702-ab32-455d-ad0f-c1a16c396a5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29782", "type": "seen", "source": "https://t.me/cvedetector/20327", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29782 - WeGIA Web Manager for Charitable Institutions Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-29782 \nPublished : March 14, 2025, 7:15 p.m. | 21\u00a0minutes ago \nDescription : WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.2.17 contains a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T20:53:36.000000Z"}, {"uuid": "0c964b47-a7e5-4495-a1da-79198bc6bad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29789", "type": "seen", "source": "https://t.me/cvedetector/21121", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29789 - OpenEMR Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29789 \nPublished : March 25, 2025, 9:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T23:40:33.000000Z"}, {"uuid": "b5b57b12-0722-4d68-b592-8a85dc0eb4de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "published-proof-of-concept", "source": "Telegram/5NPz2sx_xB9j3hzmo-oIJEJq6Lsm0ce4bHKBo0XPqbJTGio", "content": "", "creation_timestamp": "2025-03-19T17:30:32.000000Z"}, {"uuid": "90c1b599-820f-4ffd-a8eb-6f9941d995e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29784", "type": "published-proof-of-concept", "source": "Telegram/5ew9Gap99Vy6uWXSrRBjXFUkJcr3Aw_KhGVJpA-a9z6DOfY", "content": "", "creation_timestamp": "2025-04-20T02:54:44.000000Z"}, {"uuid": "dd144196-b906-4294-b330-d2b19ab7d790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29787", "type": "published-proof-of-concept", "source": "Telegram/k2hWLXjvKh8ojTF1EeSN0Mqc987DrfNzj7Aa-hb_f1HoriQ", "content": "", "creation_timestamp": "2025-03-17T16:33:06.000000Z"}, {"uuid": "f203730d-9bd6-41a7-8721-6c630c3e5d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29786", "type": "published-proof-of-concept", "source": "Telegram/k2hWLXjvKh8ojTF1EeSN0Mqc987DrfNzj7Aa-hb_f1HoriQ", "content": "", "creation_timestamp": "2025-03-17T16:33:06.000000Z"}, {"uuid": "39bd232c-3456-4e3a-bb54-5060e4e83d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29783", "type": "seen", "source": "https://t.me/cvedetector/20646", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29783 - vLLM Mooncake Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-29783 \nPublished : March 19, 2025, 4:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago \nDescription : vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on distributed hosts. This is a remote code execution vulnerability impacting any deployments using Mooncake to distribute KV across distributed hosts. This vulnerability is fixed in 0.8.0. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T18:49:21.000000Z"}]}