{"vulnerability": "CVE-2025-3238", "sightings": [{"uuid": "e3ee5d86-d2e9-414a-b74c-434c934afa71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32382", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhta3tmlp2i", "content": "", "creation_timestamp": "2025-04-10T15:32:47.122332Z"}, {"uuid": "ffb8fa07-33cb-4006-9fc0-5599edc9894d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32387", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmgkzhohpp2a", "content": "", "creation_timestamp": "2025-04-10T03:33:14.342878Z"}, {"uuid": "a4d7ce50-01a3-4eaf-8b06-543e9655b82b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32386", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmgkzhsb3s2h", "content": "", "creation_timestamp": "2025-04-10T03:33:14.993427Z"}, {"uuid": "766e1dd1-fffb-49b3-a9c8-bd01208dd3b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3238", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llyicj4inn2k", "content": "", "creation_timestamp": "2025-04-04T13:07:27.215038Z"}, {"uuid": "182195bc-bc13-42f9-820a-ecb86f8bf57a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32383", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhta4el5a2r", "content": "", "creation_timestamp": "2025-04-10T15:32:50.098874Z"}, {"uuid": "b80723b6-8418-4d5e-9199-7437a2e1e42f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lmvjgvpaq32q", "content": "", "creation_timestamp": "2025-04-16T02:14:53.128730Z"}, {"uuid": "4713edc0-4938-4e48-a56c-ce82a29d32af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/svelte.dev/post/3lms5jxewhc2s", "content": "", "creation_timestamp": "2025-04-14T18:03:53.007660Z"}, {"uuid": "d0951b1d-5a2d-4503-a51a-7cf4ecab60ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lmsyyq45fa2z", "content": "", "creation_timestamp": "2025-04-15T02:15:18.482055Z"}, {"uuid": "bdbef247-9044-4a80-a279-93e5e44e0667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmvkzrcgjb2b", "content": "", "creation_timestamp": "2025-04-16T02:43:22.001850Z"}, {"uuid": "f3c11a2e-9f4b-4be0-9cd9-6a145fa4a2ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32385", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmvkzrfzye2z", "content": "", "creation_timestamp": "2025-04-16T02:43:22.521874Z"}, {"uuid": "12be0262-b409-4b1e-aac5-54f4a1a9f9ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32386", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lr4lgwd5es2t", "content": "", "creation_timestamp": "2025-06-08T19:20:09.264423Z"}, {"uuid": "79f9471a-b5e6-4a5f-a1a0-daf862f654df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32387", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lr4lgwd5es2t", "content": "", "creation_timestamp": "2025-06-08T19:20:09.366789Z"}, {"uuid": "44b246bc-a6e8-4703-8895-7fa1c7e7ae77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ln2kapl7my2t", "content": "", "creation_timestamp": "2025-04-18T02:12:38.111762Z"}, {"uuid": "87b2e4f8-91c8-4f10-b594-3c770daba0f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32386", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11179", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32386\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.\n\ud83d\udccf Published: 2025-04-09T22:28:44.142Z\n\ud83d\udccf Modified: 2025-04-09T22:28:44.142Z\n\ud83d\udd17 References:\n1. https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p\n2. https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7", "creation_timestamp": "2025-04-09T22:48:52.000000Z"}, {"uuid": "07ec8ab3-46d5-4d1a-8e4c-a875cf6a068f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32389", "type": "seen", "source": "https://bsky.app/profile/Minecraft.activitypub.awakari.com.ap.brid.gy/post/3ln45dxk5npy2", "content": "", "creation_timestamp": "2025-04-18T17:28:24.564706Z"}, {"uuid": "c9ab982b-0d5c-4841-a85f-df2e9c2a6724", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lmxzutzcrl2w", "content": "", "creation_timestamp": "2025-04-17T02:14:20.573540Z"}, {"uuid": "a0874f60-df54-431e-8e65-fe3defa8f4b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32382", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11240", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32382\n\ud83d\udd25 CVSS Score: 1.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase (either updating a password or changing password to private key or vice versa), Metabase would not always purge older Snowflake connection details from the application database. In order to remove older and stale connection details, Metabase would try one connection method at a time and purge all the other connection methods from the application database. When Metabase found a connection that worked, it would log (log/infof \"Successfully connected, migrating to: %s\" (pr-str test-details)) which would then print the username and password to the logger. This is fixed in 52.17.1, 53.9.5 and 54.1.5 in both the OSS and enterprise editions. Versions 51 and lower are not impacted.\n\ud83d\udccf Published: 2025-04-10T14:40:53.861Z\n\ud83d\udccf Modified: 2025-04-10T14:40:53.861Z\n\ud83d\udd17 References:\n1. https://github.com/metabase/metabase/security/advisories/GHSA-832j-56xw-5p7f", "creation_timestamp": "2025-04-10T14:50:21.000000Z"}, {"uuid": "e722a6af-7c0c-413b-b54d-e90273ceee18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32389", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12489", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32389\n\ud83d\udd25 CVSS Score: 8.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4.\n\ud83d\udccf Published: 2025-04-18T15:56:39.962Z\n\ud83d\udccf Modified: 2025-04-18T16:24:24.300Z\n\ud83d\udd17 References:\n1. https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x\n2. https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f\n3. https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4", "creation_timestamp": "2025-04-18T16:58:59.000000Z"}, {"uuid": "f52b6994-90f1-4e38-b09f-6c361430bf61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32387", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11180", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32387\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.\n\ud83d\udccf Published: 2025-04-09T22:28:33.476Z\n\ud83d\udccf Modified: 2025-04-09T22:28:33.476Z\n\ud83d\udd17 References:\n1. https://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92\n2. https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7", "creation_timestamp": "2025-04-09T22:48:53.000000Z"}, {"uuid": "64307cf8-4bae-405f-9bdf-7f5e9215e3ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://t.me/cvedetector/23040", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32388 - SvelteKit XSS Vulnerability in Unsanitized Search Param Names\", \n  \"Content\": \"CVE ID : CVE-2025-32388 \nPublished : April 15, 2025, 11:15 p.m. | 2\u00a0hours, 8\u00a0minutes ago \nDescription : SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T03:29:34.000000Z"}, {"uuid": "19b79268-ce2e-47f5-ac5d-868e2f6bc7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32388", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11940", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32388\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6.\n\ud83d\udccf Published: 2025-04-15T22:32:06.059Z\n\ud83d\udccf Modified: 2025-04-15T22:32:06.059Z\n\ud83d\udd17 References:\n1. https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp\n2. https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf\n3. https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6", "creation_timestamp": "2025-04-15T22:55:39.000000Z"}, {"uuid": "61303f6d-2233-4d89-94ad-8ec8df2d62f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32389", "type": "seen", "source": "https://t.me/cvedetector/23310", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32389 - NamelessMC SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-32389 \nPublished : April 18, 2025, 4:15 p.m. | 26\u00a0minutes ago \nDescription : NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:04:50.000000Z"}, {"uuid": "6a88a076-4ab2-4c14-8c4b-a513bbf25a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32385", "type": "seen", "source": "https://t.me/cvedetector/23035", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32385 - EspoCRM Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-32385 \nPublished : April 16, 2025, 12:15 a.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and creating a phishing risk. The iframe URL is user-defined, so an attacker would need to trick the user into specifying a malicious URL. The missing sandbox attribute also allows the remote page to send messages to the parent frame. However, EspoCRM does not make use of these messages. This vulnerability is fixed in 9.0.5. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T03:29:27.000000Z"}, {"uuid": "adce7916-0ccd-4507-b246-5c1d1d870705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32387", "type": "seen", "source": "https://t.me/cvedetector/22608", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32387 - Helm Chart JSON Schema Stack Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32387 \nPublished : April 9, 2025, 11:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T03:39:13.000000Z"}, {"uuid": "7b0051e9-9d4a-413e-b8f6-8fc7dbf8d030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32389", "type": "published-proof-of-concept", "source": "Telegram/7jNmJD5vjZVenNUqyYR0CPI9qktay_Z3-idVdIxY76S8ayI", "content": "", "creation_timestamp": "2025-04-18T18:31:46.000000Z"}, {"uuid": "5a7b601d-ca54-48f4-89f4-d25fa3d1fc25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3238", "type": "seen", "source": "https://t.me/cvedetector/22115", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3238 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3238 \nPublished : April 4, 2025, 10:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T14:40:22.000000Z"}, {"uuid": "4ad63e60-837e-41d4-9ee4-81447a7083e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32382", "type": "seen", "source": "https://t.me/cvedetector/22672", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32382 - Metabase Snowflake Connection Details Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-32382 \nPublished : April 10, 2025, 3:16 p.m. | 2\u00a0hours, 6\u00a0minutes ago \nDescription : Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase (either updating a password or changing password to private key or vice versa), Metabase would not always purge older Snowflake connection details from the application database. In order to remove older and stale connection details, Metabase would try one connection method at a time and purge all the other connection methods from the application database. When Metabase found a connection that worked, it would log (log/infof \"Successfully connected, migrating to: %s\" (pr-str test-details)) which would then print the username and password to the logger. This is fixed in 52.17.1, 53.9.5 and 54.1.5 in both the OSS and enterprise editions. Versions 51 and lower are not impacted. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T19:32:36.000000Z"}, {"uuid": "bcf48110-5685-4588-8695-182bf6dd9ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32383", "type": "seen", "source": "https://t.me/cvedetector/22654", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32383 - MaxKB Reverse Shell Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32383 \nPublished : April 10, 2025, 2:15 p.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged\u200c users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T17:52:04.000000Z"}, {"uuid": "06a0c1ef-3c7d-4225-8bf7-ced278b9140b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32386", "type": "seen", "source": "https://t.me/cvedetector/22611", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32386 - Helm Denial of Service (DoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32386 \nPublished : April 9, 2025, 11:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T03:39:15.000000Z"}]}