{"vulnerability": "CVE-2025-3111", "sightings": [{"uuid": "4da20dfb-70b3-4569-a982-e52c9f5d8bc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lm4axf3bsk2a", "content": "", "creation_timestamp": "2025-04-06T01:06:30.456263Z"}, {"uuid": "71db33eb-8cd6-42bf-ae58-315806278ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3llwf7ulspi2w", "content": "", "creation_timestamp": "2025-04-03T17:06:50.105330Z"}, {"uuid": "d0cec2de-2076-4855-a003-2a60feaae62b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3llwf7vuis52j", "content": "", "creation_timestamp": "2025-04-03T17:06:51.907976Z"}, {"uuid": "d60c1ca0-65aa-4f6b-92e7-dfaabe08b41b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3llwfgiltxe2y", "content": "", "creation_timestamp": "2025-04-03T17:10:32.471446Z"}, {"uuid": "6a84cbc5-47a8-4576-80a8-37ae66bb4ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3llwhqegemn2o", "content": "", "creation_timestamp": "2025-04-03T17:51:51.244787Z"}, {"uuid": "587aef48-8bfa-4f39-9033-7e7ac418992d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/kzkr.xyz/post/3lmd6z4ux7ds2", "content": "", "creation_timestamp": "2025-04-08T19:20:26.803793Z"}, {"uuid": "b9f9bda8-abcf-45e6-aee9-1b80c2e5ee24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31119", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmffbpo2k", "content": "", "creation_timestamp": "2025-04-03T21:06:34.647117Z"}, {"uuid": "b6775d8a-73d3-4907-89dd-e518a2a99193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lm6vgl5wab2q", "content": "", "creation_timestamp": "2025-04-07T02:18:12.980162Z"}, {"uuid": "f63027d4-0f36-401e-89dd-230c75074ec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/cocanews.bsky.social/post/3lm74rtopz42v", "content": "", "creation_timestamp": "2025-04-07T04:29:47.864678Z"}, {"uuid": "0b863ffe-f67b-436f-b074-1e3f0fa80d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lm7gcxkon22z", "content": "", "creation_timestamp": "2025-04-07T07:20:28.489462Z"}, {"uuid": "bb0ce008-a36b-448b-89d5-a6f49baa9448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lm7ixu2ru22r", "content": "", "creation_timestamp": "2025-04-07T08:07:54.186982Z"}, {"uuid": "56350aad-9e71-4828-8939-7b5db55e0612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31118", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln42fqn75v2r", "content": "", "creation_timestamp": "2025-04-18T16:34:32.658000Z"}, {"uuid": "1bdc264b-9665-44c8-8ed2-56f16725a7af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31118", "type": "seen", "source": "https://bsky.app/profile/Minecraft.activitypub.awakari.com.ap.brid.gy/post/3ln45d2or75f2", "content": "", "creation_timestamp": "2025-04-18T17:27:36.091401Z"}, {"uuid": "7658b21b-8a29-4474-961b-8194b49650d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-05", "content": "", "creation_timestamp": "2025-06-12T10:00:00.000000Z"}, {"uuid": "e964df99-d7a9-4e5f-98af-27c63fa9a81a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3111", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprher3mih2r", "content": "", "creation_timestamp": "2025-05-22T15:42:49.685480Z"}, {"uuid": "ba4beac1-1fce-4b18-928e-feb21a5129da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3loiwdvkmec2f", "content": "", "creation_timestamp": "2025-05-06T12:51:41.120222Z"}, {"uuid": "91c42fe1-e1dd-4734-a2d1-b8fe74ec20ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mbrcbpe6sa24", "content": "", "creation_timestamp": "2026-01-06T15:45:08.141338Z"}, {"uuid": "945e5b9c-7615-4ce3-8741-95206c9f16cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lxoyhihds22z", "content": "", "creation_timestamp": "2025-08-31T11:32:10.645321Z"}, {"uuid": "59a4a416-79af-4a0c-b560-028f299c1c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lxqkdnktpk2c", "content": "", "creation_timestamp": "2025-09-01T02:24:47.079370Z"}, {"uuid": "83b4d059-b58d-4268-bb0a-68a4e84b574c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0315/", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}, {"uuid": "be2b25b3-1806-4d5d-8fd9-319d5ed0192a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31117", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9708", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31117\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1.\n\ud83d\udccf Published: 2025-03-31T16:49:14.739Z\n\ud83d\udccf Modified: 2025-03-31T16:49:14.739Z\n\ud83d\udd17 References:\n1. https://github.com/openemr/openemr/security/advisories/GHSA-2pvv-ph3x-2f9h\n2. https://github.com/openemr/openemr/commit/aa6f50efb2971285633fa77ea7a50949408cab12", "creation_timestamp": "2025-03-31T17:30:57.000000Z"}, {"uuid": "f3f73eef-485c-45a2-b9b3-1d0476f482d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31110", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9022", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31110\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: N/A\n\ud83d\udccf Modified: 2025-03-27T03:55:05.997Z\n\ud83d\udd17 References:\nNo references available.", "creation_timestamp": "2025-03-27T04:26:12.000000Z"}, {"uuid": "aa7fffe9-fb6a-4303-b1df-b3ee840afde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31116", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9716", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31116\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L)\n\ud83d\udd39 Description: Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.\n\ud83d\udccf Published: 2025-03-31T16:42:42.618Z\n\ud83d\udccf Modified: 2025-03-31T16:43:13.602Z\n\ud83d\udd17 References:\n1. https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56\n2. https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/4b8bab5a9858c69fe13be4631b82d82186e0d3bd", "creation_timestamp": "2025-03-31T17:31:08.000000Z"}, {"uuid": "ee3c7d27-c482-4285-89a5-591ab43b3719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10291", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31115\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.\n\ud83d\udccf Published: 2025-04-03T16:57:05.488Z\n\ud83d\udccf Modified: 2025-04-03T16:57:05.488Z\n\ud83d\udd17 References:\n1. https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2\n2. https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480\n3. https://tukaani.org/xz/xz-cve-2025-31115.patch", "creation_timestamp": "2025-04-03T17:35:49.000000Z"}, {"uuid": "24840657-caf4-4989-835c-63b7aedbb953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31111", "type": "seen", "source": "https://t.me/cvedetector/21250", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31111 - Apache Server Unvalidated User Input\", \n  \"Content\": \"CVE ID : CVE-2025-31111 \nPublished : March 27, 2025, 4:15 a.m. | 47\u00a0minutes ago \nDescription : Rejected reason: Not used \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T06:37:05.000000Z"}, {"uuid": "a951e7cb-0f13-4417-8e48-5320c2cf63bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31118", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12465", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31118\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0.\n\ud83d\udccf Published: 2025-04-18T15:52:36.923Z\n\ud83d\udccf Modified: 2025-04-18T15:52:36.923Z\n\ud83d\udd17 References:\n1. https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m\n2. https://github.com/NamelessMC/Nameless/commit/51e9d93aaa28d40f060b807533d22b768abea207\n3. https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", "creation_timestamp": "2025-04-18T15:58:45.000000Z"}, {"uuid": "f409f016-a53f-4fc5-9379-c5c43b560ff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31118", "type": "seen", "source": "https://t.me/cvedetector/23320", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31118 - NamelessMC Uncontrolled Forum Posting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31118 \nPublished : April 18, 2025, 4:15 p.m. | 26\u00a0minutes ago \nDescription : NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:05:04.000000Z"}, {"uuid": "f08ec4ae-97dc-475d-ac93-d51f3d0d578b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3111", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17272", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3111\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..\n\ud83d\udccf Published: 2025-05-22T13:30:43.544Z\n\ud83d\udccf Modified: 2025-05-22T13:30:43.544Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/533313\n2. https://hackerone.com/reports/3045424", "creation_timestamp": "2025-05-22T13:44:41.000000Z"}, {"uuid": "bf73909b-48fa-47c3-9d0f-57956dd3230d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31110", "type": "seen", "source": "https://t.me/cvedetector/21258", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31110 - Google Maps Arbitrary Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-31110 \nPublished : March 27, 2025, 4:15 a.m. | 47\u00a0minutes ago \nDescription : Rejected reason: Not used \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T06:37:14.000000Z"}, {"uuid": "f233ba97-6bb2-42fd-b1c6-6ad53c91690e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://t.me/cvedetector/22012", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31115 - \"XZ Utils liblzma Multithreaded .xz Decoder Heap Use After Free and Null Pointer Dereference\"\", \n  \"Content\": \"CVE ID : CVE-2025-31115 \nPublished : April 3, 2025, 5:15 p.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T21:55:50.000000Z"}, {"uuid": "54b935a0-9eec-4d21-94f9-525ab4175ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31113", "type": "seen", "source": "https://t.me/cvedetector/21252", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31113 - Apache Struts Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-31113 \nPublished : March 27, 2025, 4:15 a.m. | 47\u00a0minutes ago \nDescription : Rejected reason: Not used \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T06:37:06.000000Z"}, {"uuid": "6f4fef71-3af4-41ec-969f-3377f0cbbb9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31112", "type": "seen", "source": "https://t.me/cvedetector/21251", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31112 - Apache HTTP Server Cross-Site Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2025-31112 \nPublished : March 27, 2025, 4:15 a.m. | 47\u00a0minutes ago \nDescription : Rejected reason: Not used \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T06:37:06.000000Z"}, {"uuid": "db0f4814-f59a-4d82-8f76-761085764c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31117", "type": "seen", "source": "https://t.me/cvedetector/21641", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31117 - OpenEMR OOB SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-31117 \nPublished : March 31, 2025, 5:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T21:43:26.000000Z"}, {"uuid": "d87083b2-460a-48ad-a413-e610c303fe6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31119", "type": "seen", "source": "https://t.me/cvedetector/22017", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31119 - JHipster Entity Audit Remote Code Execution (RCE)\", \n  \"Content\": \"CVE ID : CVE-2025-31119 \nPublished : April 3, 2025, 8:15 p.m. | 1\u00a0hour ago \nDescription : generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T23:36:14.000000Z"}, {"uuid": "8e09665d-7c5a-4fe9-8969-9e1b305c67d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31116", "type": "seen", "source": "https://t.me/cvedetector/21640", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31116 - Mobile Security Framework (MobSF) SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31116 \nPublished : March 31, 2025, 5:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T21:43:22.000000Z"}, {"uuid": "ef3b65fe-0f83-4db7-ae8a-71ccf38eb0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31118", "type": "published-proof-of-concept", "source": "Telegram/7jNmJD5vjZVenNUqyYR0CPI9qktay_Z3-idVdIxY76S8ayI", "content": "", "creation_timestamp": "2025-04-18T18:31:46.000000Z"}, {"uuid": "0276569f-e564-4b4d-9b58-b387509b7044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31115", "type": "seen", "source": "https://t.me/cultofwire/1341", "content": "CVE-2025-31115: XZ Utils Hit Again with High-Severity Multithreaded Decoder Bug\n\n\u0421\u043a\u0443\u0447\u0430\u043b\u0438 \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 XZ Utils? \u0418\u0445 \u0435\u0441\u0442\u044c \u0443 \u043c\u0435\u043d\u044f.\n\n\u0412 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u0445 \u0441\u0435\u0433\u043e\u0434\u043d\u044f XZ Utils \u0438 \u0441\u043d\u043e\u0432\u0430 CVE \u0432 \u043d\u0451\u043c: CVE-2025-31115 c CVSS: 8.7. CVE-2025-31115 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 XZ Utils \u0441 5.3.3alpha \u043f\u043e 5.8.0, \u043f\u0440\u0438\u0432\u043e\u0434\u044f \u043a \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0435\u0435 \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u0442\u043e\u0447\u043d\u043e\u043c \u0434\u0435\u043a\u043e\u0434\u0435\u0440\u0435, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0439 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043d\u0435\u043f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0443\u0435\u043c\u043e\u043c\u0443 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u0432\u044b\u0448\u043b\u043e. \u0412\u0435\u0440\u0441\u0438\u044f XZ Utils 5.8.1 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u043e \u043a \u0432\u0435\u0442\u043a\u0430\u043c v5.4, v5.6, v5.8 \u0438 master \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f xz Git.\n\n\u041d\u0435 \u0442\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e (\u0434\u0430 \u0438 EPSS \u043f\u043e\u043a\u0430 0.05), \u043a\u0430\u043a CVE-2024-3094 (\u0435\u0441\u043b\u0438 \u043a\u0442\u043e \u0437\u0430\u0431\u044b\u043b \u0441\u0442\u0430\u0442\u044c\u0438 \u043d\u0430 Wikipedia \u0438 Akamai), \u043d\u043e \u043b\u0443\u0447\u0448\u0435 \u043d\u0435 \u0437\u0430\u0442\u044f\u0433\u0438\u0432\u0430\u0442\u044c \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c.", "creation_timestamp": "2025-04-07T11:18:55.000000Z"}]}