{"vulnerability": "CVE-2025-3237", "sightings": [{"uuid": "19eb3945-5074-4bb2-88b0-221b11f02937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm544lc5jd26", "content": "", "creation_timestamp": "2025-04-06T09:12:36.009775Z"}, {"uuid": "1ec1296e-d284-423d-a710-d48bdd6592bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3237", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llyicieqdo2o", "content": "", "creation_timestamp": "2025-04-04T13:07:23.442478Z"}, {"uuid": "508e26ae-ac1b-4a5c-86a4-4349d399b440", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32377", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln4hrgyixf2d", "content": "", "creation_timestamp": "2025-04-18T20:33:46.181575Z"}, {"uuid": "8816cc9d-33e6-4744-bf86-956275619532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3ltro5cetyr2c", "content": "", "creation_timestamp": "2025-07-12T15:24:42.195179Z"}, {"uuid": "b5671af3-6327-41f6-909a-d4523de58035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114290995237686382", "content": "", "creation_timestamp": "2025-04-06T12:23:08.542897Z"}, {"uuid": "a92858cb-a6b3-4fdf-9d63-00167f389845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114308819955492247", "content": "", "creation_timestamp": "2025-04-09T15:56:12.297851Z"}, {"uuid": "4d9ced88-f2b4-4815-bb78-a8b0ca81d06f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114309261178284086", "content": "", "creation_timestamp": "2025-04-09T17:48:25.067339Z"}, {"uuid": "a23383f3-96ab-4ccf-90c0-3b2ac9d22735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32377", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114360879207101550", "content": "", "creation_timestamp": "2025-04-18T20:35:33.503218Z"}, {"uuid": "9bdd8277-955f-4c97-99ec-28cabcee3141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32377", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln4rybwjwn72", "content": "", "creation_timestamp": "2025-04-18T23:36:34.822612Z"}, {"uuid": "08d94197-4fff-4f78-9583-2667a59c68b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32376", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114427772732716398", "content": "", "creation_timestamp": "2025-04-30T16:07:27.859504Z"}, {"uuid": "e7a6ae27-6a1a-43fd-8eda-07e4b4b610da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lnj3phi2nc2u", "content": "", "creation_timestamp": "2025-04-23T21:02:27.634246Z"}, {"uuid": "089246f9-7f78-420b-9d9d-f515d049e8f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lp2laczl6p2t", "content": "", "creation_timestamp": "2025-05-13T13:20:42.364391Z"}, {"uuid": "8b383265-4799-4281-9022-5035c6abf5bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lp5viosnwz2n", "content": "", "creation_timestamp": "2025-05-14T21:02:28.059036Z"}, {"uuid": "ca1743a0-e35f-4cc9-8e38-da72f34cf34c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb", "content": "", "creation_timestamp": "2025-04-22T19:40:20.000000Z"}, {"uuid": "f035ede8-2e3f-4582-b804-eb4e4d943d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:04.000000Z"}, {"uuid": "9a2ba778-0546-48ce-95fc-7b7bc6802a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbwgntq25", "content": "", "creation_timestamp": "2025-08-03T21:02:50.520517Z"}, {"uuid": "9850faad-fff6-4822-939b-609709d618a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32376", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14051", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32376\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L)\n\ud83d\udd39 Description: Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.\n\ud83d\udccf Published: 2025-04-30T14:55:21.473Z\n\ud83d\udccf Modified: 2025-04-30T15:08:52.268Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-mqqq-h2x3-46fr\n2. https://github.com/discourse/discourse/commit/21a7f3162221c393f9bb13721451aa7f237d881a", "creation_timestamp": "2025-04-30T15:13:32.000000Z"}, {"uuid": "b172894f-0c6f-4ca9-874f-5ca0b9db9907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10632", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32370\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\ud83d\udd39 Description: Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.\n\ud83d\udccf Published: 2025-04-06T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-06T06:50:42.609Z\n\ud83d\udd17 References:\n1. https://devnet.kentico.com/download/hotfixes\n2. https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/", "creation_timestamp": "2025-04-06T07:38:01.000000Z"}, {"uuid": "7cb778b5-399f-4bc0-b9fb-bab1a712cf05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32373", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11092", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32373\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8.\n\ud83d\udccf Published: 2025-04-09T15:14:43.704Z\n\ud83d\udccf Modified: 2025-04-09T15:42:50.064Z\n\ud83d\udd17 References:\n1. https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vxcm-4rwh-chpc", "creation_timestamp": "2025-04-09T15:47:36.000000Z"}, {"uuid": "5972e6e5-01bf-425b-8566-34d22099a748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32372", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11094", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32372\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.\n\ud83d\udccf Published: 2025-04-09T15:14:35.442Z\n\ud83d\udccf Modified: 2025-04-09T15:42:10.913Z\n\ud83d\udd17 References:\n1. https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m\n2. https://github.com/dnnsoftware/Dnn.Platform/commit/4721dd9eef846936d3b1a3676499e46968d15feb", "creation_timestamp": "2025-04-09T15:47:38.000000Z"}, {"uuid": "59ca333a-4ba2-4bd0-a25c-cc7422863b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32374", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11086", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32374\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.\n\ud83d\udccf Published: 2025-04-09T15:14:51.957Z\n\ud83d\udccf Modified: 2025-04-09T15:44:49.820Z\n\ud83d\udd17 References:\n1. https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-vc6j-mcqj-rgfp", "creation_timestamp": "2025-04-09T15:47:31.000000Z"}, {"uuid": "0054a09d-73fa-4ada-918f-95827e23de65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32371", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11095", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32371\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.\n\ud83d\udccf Published: 2025-04-09T15:14:29.025Z\n\ud83d\udccf Modified: 2025-04-09T15:41:55.992Z\n\ud83d\udd17 References:\n1. https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-2rrc-g594-rhqw\n2. https://github.com/dnnsoftware/Dnn.Platform/commit/5def7cc2e7931bb1041b21540bde99f96874a5a9", "creation_timestamp": "2025-04-09T15:47:42.000000Z"}, {"uuid": "0ac354bf-8534-4f71-b183-7f334fb15f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32375\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.\n\ud83d\udccf Published: 2025-04-09T15:30:03.842Z\n\ud83d\udccf Modified: 2025-04-09T15:40:52.656Z\n\ud83d\udd17 References:\n1. https://github.com/bentoml/BentoML/security/advisories/GHSA-7v4r-c989-xh26", "creation_timestamp": "2025-04-09T15:47:44.000000Z"}, {"uuid": "8f524a00-ec13-4a81-86f0-cedee74de164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35427", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aThis repository includes everything needed to run a PoC exploit for CVE-2025-32375 in a Docker environment. It runs the latest vulnerable version of BentoML (1.4.7).\nURL\uff1ahttps://github.com/theGEBIRGE/CVE-2025-32375\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-03T19:09:29.000000Z"}, {"uuid": "3708b9f4-e9b4-4ee1-b2cd-53c5e75289ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32378", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11104", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32378\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered customers set to disabled, and Log-in & sign-up: Double opt-in on sign-up set to disabled. With these settings, anyone can register an account on the shop using any e-mail-address and then check the check-box in the account page to sign up for the newsletter. The recipient will receive two mails confirming registering and signing up for the newsletter, no confirmation link needed to be clicked for either. In the backend the recipient is set to \u201cinstantly active\u201d. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17.\n\ud83d\udccf Published: 2025-04-09T15:37:44.010Z\n\ud83d\udccf Modified: 2025-04-09T15:37:44.010Z\n\ud83d\udd17 References:\n1. https://github.com/shopware/shopware/security/advisories/GHSA-4h9w-7vfp-px8m", "creation_timestamp": "2025-04-09T15:47:54.000000Z"}, {"uuid": "9ae97e4b-284f-492a-9a2f-b94825f69133", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32377", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12542", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32377\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6.\n\ud83d\udccf Published: 2025-04-18T19:59:32.286Z\n\ud83d\udccf Modified: 2025-04-18T20:35:41.744Z\n\ud83d\udd17 References:\n1. https://github.com/RasaHQ/security-advisories/security/advisories/GHSA-7xq5-54jp-2mfg", "creation_timestamp": "2025-04-18T20:59:25.000000Z"}, {"uuid": "7db67634-f808-45f2-ab26-1a3630d4f81e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32377", "type": "seen", "source": "https://t.me/cvedetector/23346", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32377 - Rasa Pro Unauthenticated Voice Data Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32377 \nPublished : April 18, 2025, 8:15 p.m. | 29\u00a0minutes ago \nDescription : Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T23:16:08.000000Z"}, {"uuid": "f83cc90a-3bed-4f69-ac12-55a9beba3bad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32375", "type": "seen", "source": "https://t.me/CyberBulletin/3634", "content": "\u26a1\ufe0fCritical RCE in BentoML Runner Server: CVE-2025-32375\n\n#CyberBulletin", "creation_timestamp": "2025-07-13T21:26:05.000000Z"}, {"uuid": "7e564d68-358b-4698-a929-725b8b5b8028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32376", "type": "seen", "source": "https://t.me/cvedetector/24111", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32376 - Discourse DM Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32376 \nPublished : April 30, 2025, 3:16 p.m. | 28\u00a0minutes ago \nDescription : Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T17:55:10.000000Z"}, {"uuid": "b6f26d54-663f-4595-8f74-6053c78fe991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://t.me/cvedetector/22220", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32370 - Kentico Xperience Zip File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32370 \nPublished : April 6, 2025, 7:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-06T11:48:15.000000Z"}, {"uuid": "69e4f511-3b0d-42f6-a82d-3144bf6add49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3237", "type": "seen", "source": "https://t.me/cvedetector/22114", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3237 - Tenda FH1202 File Access Control Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3237 \nPublished : April 4, 2025, 10:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T14:40:22.000000Z"}, {"uuid": "6c461714-0b66-4518-9b28-5626f22eae97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "seen", "source": "https://t.me/arpsyndicate/5393", "content": "\ud83d\udea8 Stay ahead with real-time CVE scoring updates!\n\nTrack daily changes in EPSS & VEDAS at: \n\ud83d\udc49 https://vedas.arpsyndicate.io\n\nWe also push bulk updates to GitHub:\n\ud83d\udcc8 https://github.com/ARPSyndicate/cve-scores\n\nNeed deeper CVE insights? \nTry our enrichment API:\n\ud83d\udd0d https://api.exploit.observer/?keyword=CVE-2025-32370&enrich=True", "creation_timestamp": "2025-05-21T05:46:11.000000Z"}, {"uuid": "bba3b648-e340-4629-9511-e2f468154c51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32370", "type": "published-proof-of-concept", "source": "Telegram/UniB57STuDvdE48xUY8fEONrPJBrVxr-UljY-0_y9mj8GYk", "content": "", "creation_timestamp": "2025-04-06T10:00:59.000000Z"}]}