{"vulnerability": "CVE-2025-3016", "sightings": [{"uuid": "492a7080-eea5-422d-8ba0-f0e6e1b790c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30160", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lktswtj6ob2j", "content": "", "creation_timestamp": "2025-03-20T23:09:08.994263Z"}, {"uuid": "38196d35-fe99-48a9-bece-a5c4868ee7fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30166", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmckyu44si2z", "content": "", "creation_timestamp": "2025-04-08T13:22:14.533194Z"}, {"uuid": "2510bd84-a3b4-4076-9dd1-f6bf3a1c35f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30163", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll5t676gu62h", "content": "", "creation_timestamp": "2025-03-24T22:39:53.981451Z"}, {"uuid": "c59051b1-063e-4c67-bfa0-82462afd045c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30162", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll5t67c7xv2m", "content": "", "creation_timestamp": "2025-03-24T22:39:54.543157Z"}, {"uuid": "e3884adf-971c-4e7a-83d8-46415ed2edf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30169", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprwr4i67e2y", "content": "", "creation_timestamp": "2025-05-22T20:18:10.325931Z"}, {"uuid": "706a1b32-9ddd-450b-b3fa-324beff75fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30167", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-339/", "content": "", "creation_timestamp": "2025-06-10T03:00:00.000000Z"}, {"uuid": "4763f7d7-851a-43f0-8ceb-71b16bde8f57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30165", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114462007419812570", "content": "", "creation_timestamp": "2025-05-06T17:13:47.661304Z"}, {"uuid": "98c6c1e5-efda-4310-be78-d8f5c5785645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30165", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lojis7do6d2p", "content": "", "creation_timestamp": "2025-05-06T18:21:52.611438Z"}, {"uuid": "8ce9f7ad-19f3-4e1c-aec0-71964091c19d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30165", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lojlr2iv6sf2", "content": "", "creation_timestamp": "2025-05-06T19:20:04.476874Z"}, {"uuid": "5ff938a4-29cd-448d-9d95-e246c8b84051", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30167", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114620542750640650", "content": "", "creation_timestamp": "2025-06-03T17:11:24.696688Z"}, {"uuid": "e121ee27-5dac-40cd-a76f-d696b4438cfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30168", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8350", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30168\n\ud83d\udd25 CVSS Score: 6.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse Server apps. For example, if a user signed up using the same authentication provider in two unrelated Parse Server apps, the credentials stored by one app can be used to authenticate the same user in the other app. Note that this only affects Parse Server apps that specifically use an affected 3rd party authentication provider for user authentication, for example by setting the Parse Server option auth to configure a Parse Server authentication adapter. The fix of this vulnerability requires to upgrade Parse Server to a version that includes the bug fix, as well as upgrade the client app to send a secure payload, which is different from the previous insecure payload. This vulnerability is fixed in 7.5.2 and 8.0.2.\n\ud83d\udccf Published: 2025-03-21T14:54:22.369Z\n\ud83d\udccf Modified: 2025-03-21T15:12:37.719Z\n\ud83d\udd17 References:\n1. https://github.com/parse-community/parse-server/security/advisories/GHSA-837q-jhwx-cmpv\n2. https://github.com/parse-community/parse-server/pull/9667\n3. https://github.com/parse-community/parse-server/pull/9668\n4. https://github.com/parse-community/parse-server/commit/2ff9c71030bce3aada0a00fbceedeb7ae2c8a41e\n5. https://github.com/parse-community/parse-server/commit/5ef0440c8e763854e62341acaeb6dc4ade3ba82f\n6. https://docs.parseplatform.org/parse-server/guide/#oauth-and-3rd-party-authentication", "creation_timestamp": "2025-03-21T15:19:28.000000Z"}, {"uuid": "a88dadee-d72a-4ed6-893c-6e26fdbd3bdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30167", "type": "seen", "source": "https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lqpt3nqzydj2", "content": "", "creation_timestamp": "2025-06-03T17:33:03.724966Z"}, {"uuid": "aa83a190-b3ea-4587-9b42-f3965bcc254c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30167", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqpwxk42bw2p", "content": "", "creation_timestamp": "2025-06-03T18:41:38.097367Z"}, {"uuid": "bbf7d1d9-ab77-4ba7-b64f-d52d37c54d0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30168", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "fde33670-b3d5-46af-ac0b-b200c9c50f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30165", "type": "seen", "source": "https://gist.github.com/Darkcrai86/c973de31165904f2a643ea221893d388", "content": "", "creation_timestamp": "2025-11-14T13:14:13.000000Z"}, {"uuid": "51ddaab8-6ac6-4269-825e-d38827cbd6ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30164", "type": "seen", "source": "https://t.me/cvedetector/21211", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30164 - Icinga Web 2 Cross-Site Request Forgery (CSRF) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30164 \nPublished : March 26, 2025, 5:15 p.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T20:34:58.000000Z"}, {"uuid": "e02f3181-6e26-4722-ae8f-02da690871b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30164", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8891", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30164\n\ud83d\udd25 CVSS Score: 4.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.\n\ud83d\udccf Published: 2025-03-26T16:13:26.590Z\n\ud83d\udccf Modified: 2025-03-26T16:13:26.590Z\n\ud83d\udd17 References:\n1. https://github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8q\n2. https://github.com/Icinga/icingaweb2/releases/tag/v2.11.5\n3. https://github.com/Icinga/icingaweb2/releases/tag/v2.12.3", "creation_timestamp": "2025-03-26T16:25:25.000000Z"}, {"uuid": "f1d77265-eb27-4a5c-b852-3e07240f1dcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30161", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9695", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30161\n\ud83d\udd25 CVSS Score: 8.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.\n\ud83d\udccf Published: 2025-03-31T16:12:29.064Z\n\ud83d\udccf Modified: 2025-03-31T16:12:29.064Z\n\ud83d\udd17 References:\n1. https://github.com/openemr/openemr/security/advisories/GHSA-59rv-645x-rg6p\n2. https://github.com/openemr/openemr/blob/17ca5539bafcdc25a9042ebc14480552e07867e4/interface/forms/bronchitis/view.php#L102-L103\n3. https://github.com/openemr/openemr/blob/17ca5539bafcdc25a9042ebc14480552e07867e4/interface/forms/bronchitis/view.php#L303-L304", "creation_timestamp": "2025-03-31T16:33:19.000000Z"}, {"uuid": "56ded29b-a36e-4a55-bb0e-0d1ea86ce4c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30165", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15182", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30165\n\ud83d\udd25 CVSS Score: 8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host. When data is received on this `SUB` socket, it is deserialized with `pickle`. This is unsafe, as it can be abused to execute code on a remote machine. Since the vulnerability exists in a client that connects to the primary vLLM host, this vulnerability serves as an escalation point. If the primary vLLM host is compromised, this vulnerability could be used to compromise the rest of the hosts in the vLLM deployment. Attackers could also use other means to exploit the vulnerability without requiring access to the primary vLLM host. One example would be the use of ARP cache poisoning to redirect traffic to a malicious endpoint used to deliver a payload with arbitrary code to execute on the target machine. Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by default since v0.8.0 and the fix is fairly invasive, the maintainers of vLLM have decided not to fix this issue. Instead, the maintainers recommend that users ensure their environment is on a secure network in case this pattern is in use. The V1 engine is not affected by this issue.\n\ud83d\udccf Published: 2025-05-06T16:53:52.836Z\n\ud83d\udccf Modified: 2025-05-06T17:26:58.974Z\n\ud83d\udd17 References:\n1. https://github.com/vllm-project/vllm/security/advisories/GHSA-9pcc-gvx5-r5wm\n2. https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301\n3. https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470", "creation_timestamp": "2025-05-06T18:21:38.000000Z"}, {"uuid": "46c4abd9-a906-4b5f-845b-0e7bff3dd063", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3016", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9768", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3016\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. The attack can be initiated remotely. Upgrading to version 6.0 is able to address this issue. The name of the patch is 5d2a7482312db2e866439a8c05a07ce1e718bed1. It is recommended to apply a patch to fix this issue.\n\ud83d\udccf Published: 2025-03-31T21:00:10.538Z\n\ud83d\udccf Modified: 2025-03-31T21:19:54.032Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302068\n2. https://vuldb.com/?ctiid.302068\n3. https://vuldb.com/?submit.524593\n4. https://github.com/assimp/assimp/issues/6022\n5. https://github.com/assimp/assimp/pull/6046\n6. https://github.com/assimp/assimp/commit/5d2a7482312db2e866439a8c05a07ce1e718bed1", "creation_timestamp": "2025-03-31T21:31:32.000000Z"}, {"uuid": "faf2bd98-83b7-4f2f-a375-68f3f6da8fc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30166", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10897", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30166\n\ud83d\udd25 CVSS Score: 1.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.\n\ud83d\udccf Published: 2025-04-08T11:07:06.672Z\n\ud83d\udccf Modified: 2025-04-08T11:07:06.672Z\n\ud83d\udd17 References:\n1. https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg\n2. https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e", "creation_timestamp": "2025-04-08T11:46:23.000000Z"}, {"uuid": "e1564bb8-95dc-4174-a76d-e743b79588b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30166", "type": "seen", "source": "https://t.me/cvedetector/22457", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30166 - Pimcore Admin Classic Bundle HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30166 \nPublished : April 8, 2025, 11:15 a.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T15:40:25.000000Z"}, {"uuid": "a6ad2391-8c8a-4baf-9e71-7aca6d971960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30163", "type": "seen", "source": "https://t.me/cvedetector/20996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30163 - Cilium Node Label Policy Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-30163 \nPublished : March 24, 2025, 7:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints. \nSeverity: 3.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T22:35:11.000000Z"}, {"uuid": "b1db1b9d-edb0-4171-a0a0-192cc05c989f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30161", "type": "seen", "source": "https://t.me/cvedetector/21617", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30161 - OpenEMR Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30161 \nPublished : March 31, 2025, 4:15 p.m. | 48\u00a0minutes ago \nDescription : OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T19:12:24.000000Z"}, {"uuid": "6fa743bf-ddd9-4509-9c06-68351026d332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30162", "type": "seen", "source": "https://t.me/cvedetector/20995", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30162 - Cilium Incorrect Egress Traffic Policy Enforcement\", \n  \"Content\": \"CVE ID : CVE-2025-30162 \nPublished : March 24, 2025, 7:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade. \nSeverity: 3.2 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T22:35:10.000000Z"}, {"uuid": "2ceef396-bb96-4e1d-8aca-37377f50f65e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30168", "type": "seen", "source": "https://t.me/cvedetector/20820", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30168 - \"Parse Server Authentication Provider Cross-Site Credential Abuse\"\", \n  \"Content\": \"CVE ID : CVE-2025-30168 \nPublished : March 21, 2025, 3:15 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse Server apps. For example, if a user signed up using the same authentication provider in two unrelated Parse Server apps, the credentials stored by one app can be used to authenticate the same user in the other app. Note that this only affects Parse Server apps that specifically use an affected 3rd party authentication provider for user authentication, for example by setting the Parse Server option auth to configure a Parse Server authentication adapter. The fix of this vulnerability requires to upgrade Parse Server to a version that includes the bug fix, as well as upgrade the client app to send a secure payload, which is different from the previous insecure payload. This vulnerability is fixed in 7.5.2 and 8.0.2. \nSeverity: 6.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T18:29:08.000000Z"}, {"uuid": "5e4a054d-5107-42e2-9e6e-711f1ae233f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30160", "type": "seen", "source": "https://t.me/cvedetector/20761", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30160 - Redlib DEFLATE Decompression Bomb Denial-of-Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30160 \nPublished : March 20, 2025, 7:15 p.m. | 59\u00a0minutes ago \nDescription : Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T21:34:59.000000Z"}, {"uuid": "05fc4fd7-73f1-4dac-81a4-305a11bd3c4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30165", "type": "published-proof-of-concept", "source": "Telegram/Gr5A9z37UH1WrwsriSLeklpRtkMZp7Yqv-5xgG3MUvD57FE", "content": "", "creation_timestamp": "2025-05-06T19:30:34.000000Z"}, {"uuid": "8c145826-c529-4b74-93d9-4217375ca058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30160", "type": "published-proof-of-concept", "source": "Telegram/Q4kJo2F2oL-NbaJrfC6LO8-y_S2Us6LVpftgoL4QtCPuQVY", "content": "", "creation_timestamp": "2025-03-20T20:00:50.000000Z"}, {"uuid": "766ed160-63e0-43fd-b142-bddc9476c06e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30165", "type": "seen", "source": "https://t.me/cvedetector/24625", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30165 - vLLM ZeroMQ Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30165 \nPublished : May 6, 2025, 5:16 p.m. | 50\u00a0minutes ago \nDescription : vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host. When data is received on this `SUB` socket, it is deserialized with `pickle`. This is unsafe, as it can be abused to execute code on a remote machine. Since the vulnerability exists in a client that connects to the primary vLLM host, this vulnerability serves as an escalation point. If the primary vLLM host is compromised, this vulnerability could be used to compromise the rest of the hosts in the vLLM deployment. Attackers could also use other means to exploit the vulnerability without requiring access to the primary vLLM host. One example would be the use of ARP cache poisoning to redirect traffic to a malicious endpoint used to deliver a payload with arbitrary code to execute on the target machine. Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by default since v0.8.0 and the fix is fairly invasive, the maintainers of vLLM have decided not to fix this issue. Instead, the maintainers recommend that users ensure their environment is on a secure network in case this pattern is in use. The V1 engine is not affected by this issue. \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T20:20:17.000000Z"}]}