{"vulnerability": "CVE-2025-3279", "sightings": [{"uuid": "add0ff31-4c05-4a3e-9a6e-4de5216e300b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32791", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo5byhz22i", "content": "", "creation_timestamp": "2025-04-16T22:44:18.590140Z"}, {"uuid": "75f02019-f886-48b4-95f3-d5fdcb30fa4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32797", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114694685602522986", "content": "", "creation_timestamp": "2025-06-16T19:26:55.333293Z"}, {"uuid": "71c19da3-6e7e-4e95-b58f-e2fe252bd1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32799", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrr4rpgqct2o", "content": "", "creation_timestamp": "2025-06-16T23:23:36.059325Z"}, {"uuid": "6d669b8c-b998-4061-ac55-f30239b8d70b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3279", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsixwu5yg32i", "content": "", "creation_timestamp": "2025-06-26T11:00:53.892370Z"}, {"uuid": "22adc5f8-9f94-4683-b863-49621d0ca90b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32790", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln3uuk2l7ws2", "content": "", "creation_timestamp": "2025-04-18T14:55:37.770783Z"}, {"uuid": "91ff654f-dc48-41ed-93d8-f6cd6b0477f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32790", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln42fpnqfw2j", "content": "", "creation_timestamp": "2025-04-18T16:34:27.381836Z"}, {"uuid": "cab5ce0d-be9c-4a70-a3ea-171a21341a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32796", "type": "seen", "source": "https://bsky.app/profile/LLMs.activitypub.awakari.com.ap.brid.gy/post/3ln45djc4qbo2", "content": "", "creation_timestamp": "2025-04-18T17:28:23.106294Z"}, {"uuid": "d4967bab-e5f4-4cb3-a1aa-ec56eb558616", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32795", "type": "seen", "source": "https://bsky.app/profile/LLMs.activitypub.awakari.com.ap.brid.gy/post/3ln45dr7jufy2", "content": "", "creation_timestamp": "2025-04-18T17:28:23.858256Z"}, {"uuid": "eac98b9f-1971-4a03-8cb1-2c1ad6cd5136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32793", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lndtv7rzho2y", "content": "", "creation_timestamp": "2025-04-21T18:59:11.549282Z"}, {"uuid": "4329c969-9e46-4580-9b16-bc02b302f9af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3279", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lsigriehbcg2", "content": "", "creation_timestamp": "2025-06-26T05:54:43.382753Z"}, {"uuid": "ca6feaa1-2b21-4495-954b-0e208ed010f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32793", "type": "seen", "source": "https://t.me/cvedetector/23455", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32793 - Cilium Wireguard Transparent Encryption Race Condition\", \n  \"Content\": \"CVE ID : CVE-2025-32793 \nPublished : April 21, 2025, 4:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue. \nSeverity: 4.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T19:49:42.000000Z"}, {"uuid": "4c5bbf41-a7e4-4139-8e3f-025d27f28d47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32794", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpurwdit7ta2", "content": "", "creation_timestamp": "2025-05-23T23:29:58.557352Z"}, {"uuid": "60fee74e-5af4-4cbb-808b-b109990f1a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32795", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12487", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32795\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite being restricted from viewing apps, which poses a security risk to the integrity of the application. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can modify app details.\n\ud83d\udccf Published: 2025-04-18T16:05:11.644Z\n\ud83d\udccf Modified: 2025-04-18T16:37:49.329Z\n\ud83d\udd17 References:\n1. https://github.com/langgenius/dify/security/advisories/GHSA-gg5w-m2vw-vmmj\n2. https://github.com/langgenius/dify/pull/5266", "creation_timestamp": "2025-04-18T16:58:57.000000Z"}, {"uuid": "0f2fb63f-680a-41ae-bcd7-88ffdae14506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32796", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12488", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32796\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps.\n\ud83d\udccf Published: 2025-04-18T16:06:47.577Z\n\ud83d\udccf Modified: 2025-04-18T16:36:51.064Z\n\ud83d\udd17 References:\n1. https://github.com/langgenius/dify/security/advisories/GHSA-hqcx-598m-pjq4\n2. https://github.com/langgenius/dify/pull/5266", "creation_timestamp": "2025-04-18T16:58:58.000000Z"}, {"uuid": "6e4ab043-2f32-47e2-ac10-9f888cb453ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32798", "type": "published-proof-of-concept", "source": "Telegram/Z-E45SeLQmulAiMNJbdsp5CiTj_OWjFSQdsTMSo28OTtfoQ", "content": "", "creation_timestamp": "2025-06-16T20:31:30.000000Z"}, {"uuid": "430ff63d-22d4-485c-a1da-d3a95f559dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32796", "type": "seen", "source": "https://t.me/cvedetector/23315", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32796 - Dify App Management Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32796 \nPublished : April 18, 2025, 4:15 p.m. | 26\u00a0minutes ago \nDescription : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:04:57.000000Z"}, {"uuid": "3dd88026-7584-4c46-90f3-87031e0bc9bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32795", "type": "seen", "source": "https://t.me/cvedetector/23314", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32795 - Dify App Name, Description and Icon Permission Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32795 \nPublished : April 18, 2025, 4:15 p.m. | 26\u00a0minutes ago \nDescription : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite being restricted from viewing apps, which poses a security risk to the integrity of the application. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can modify app details. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:04:53.000000Z"}, {"uuid": "4c5e3799-5815-4b2a-a5d8-ace2e5966435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32794", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpu5uccjt52q", "content": "", "creation_timestamp": "2025-05-23T17:30:32.817487Z"}, {"uuid": "bc96af55-1cde-4bf0-9b2e-6a6692b33b14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32797", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3ma6udf4lpc2u", "content": "", "creation_timestamp": "2025-12-17T14:22:27.831553Z"}, {"uuid": "b96e4ac0-5012-4a4f-9108-b24665d80257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32790", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12419", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32790\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A patched version has not been released. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13.\n\ud83d\udccf Published: 2025-04-18T12:15:11.487Z\n\ud83d\udccf Modified: 2025-04-18T12:43:23.481Z\n\ud83d\udd17 References:\n1. https://github.com/langgenius/dify/security/advisories/GHSA-jp6m-v4gw-5vgp\n2. https://github.com/langgenius/dify/pull/5841\n3. https://github.com/langgenius/dify/commit/59ad091e69736bc9dc1a3bace62ec0a232346246", "creation_timestamp": "2025-04-18T12:58:23.000000Z"}, {"uuid": "c0a34a10-69dd-4adc-bbbd-ef03624a08b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32793", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12686", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32793\n\ud83d\udd25 CVSS Score: 4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.\n\ud83d\udccf Published: 2025-04-21T15:34:14.315Z\n\ud83d\udccf Modified: 2025-04-21T15:48:55.214Z\n\ud83d\udd17 References:\n1. https://github.com/cilium/cilium/security/advisories/GHSA-5vxx-c285-pcq4\n2. https://github.com/cilium/cilium/pull/38592", "creation_timestamp": "2025-04-21T16:02:51.000000Z"}, {"uuid": "c3e95526-c657-4ecf-98e6-a3ab02b49104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32794", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17448", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32794\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders \u2192 Procedure Orders. Version 7.0.3.4 contains a patch for the issue.\n\ud83d\udccf Published: 2025-05-23T15:15:32.925Z\n\ud83d\udccf Modified: 2025-05-23T17:00:53.086Z\n\ud83d\udd17 References:\n1. https://github.com/openemr/openemr/security/advisories/GHSA-3c27-2m7h-f7rx", "creation_timestamp": "2025-05-23T17:47:57.000000Z"}, {"uuid": "a6c6888f-0b3c-4cd8-b591-a10981c83cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32798", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18524", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32798\n\ud83d\udd25 CVSS Score: 8.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yaml files. This approach evaluates user-defined expressions without proper sanitization, which allows arbitrary code to be executed during the build process. As a result, the integrity of the build environment is compromised, and unauthorized commands or file operations may be performed. The vulnerability stems from the inherent risk of using eval() on untrusted input in a context intended to control dynamic build configurations. By directly interpreting selector expressions, conda-build creates a potential execution pathway for malicious code, violating security assumptions. This issue has been patched in version 25.4.0.\n\ud83d\udccf Published: 2025-06-16T20:10:06.902Z\n\ud83d\udccf Modified: 2025-06-16T20:10:06.902Z\n\ud83d\udd17 References:\n1. https://github.com/conda/conda-build/security/advisories/GHSA-6cc8-c3c9-3rgr\n2. https://github.com/conda/conda-build/commit/3d87213b840774a24ab1733664d2b36664233754\n3. https://github.com/conda/conda-build/blob/834448b995eee02cf1c2e7ca97bcfa9affc77ee5/conda_build/metadata.py", "creation_timestamp": "2025-06-16T20:37:05.000000Z"}, {"uuid": "46866e6e-94c6-4b76-890c-89c9b975e76a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32799", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18523", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32799\n\ud83d\udd25 CVSS Score: 5.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal sequences to write files outside the intended extraction directory. This could lead to arbitrary file overwrites, privilege escalation, or code execution if sensitive locations are targeted. This issue has been patched in version 25.4.0.\n\ud83d\udccf Published: 2025-06-16T20:23:02.645Z\n\ud83d\udccf Modified: 2025-06-16T20:23:02.645Z\n\ud83d\udd17 References:\n1. https://github.com/conda/conda-build/security/advisories/GHSA-h499-pxgj-qh5h\n2. https://github.com/conda/conda-build/commit/bdf5e0022cec9a0c1378cca3f2dc8c92b4834673\n3. https://github.com/conda/conda-build/blob/834448b995eee02cf1c2e7ca97bcfa9affc77ee5/conda_build/convert.py\n4. https://github.com/conda/conda-build/blob/834448b995eee02cf1c2e7ca97bcfa9affc77ee5/conda_build/render.py", "creation_timestamp": "2025-06-16T20:37:04.000000Z"}, {"uuid": "ca629849-66b8-4158-b72d-87d52f7ae1b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32797", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18527", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32797\n\ud83d\udd25 CVSS Score: 6 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting conda_build.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window.\n\ud83d\udccf Published: 2025-06-16T18:46:31.227Z\n\ud83d\udccf Modified: 2025-06-16T19:57:20.412Z\n\ud83d\udd17 References:\n1. https://github.com/conda/conda-build/security/advisories/GHSA-vfp6-3v8g-vcmm\n2. https://github.com/conda/conda-build/pull/5\n3. https://github.com/conda/conda-build/commit/d246e49c8f45e8033915156ee3d77769926f3c2e\n4. https://github.com/conda/conda-build/blob/3f06913bba22c4e1ef1065df9e00d86ac97f087c/conda_build/build.py#L3054-L3084", "creation_timestamp": "2025-06-16T20:37:10.000000Z"}, {"uuid": "38cf283d-d431-4c1e-bf37-efba263d12a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3279", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19574", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3279\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.\n\ud83d\udccf Published: 2025-06-26T05:31:25.858Z\n\ud83d\udccf Modified: 2025-06-26T05:31:25.858Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/534424\n2. https://hackerone.com/reports/3067111", "creation_timestamp": "2025-06-26T05:49:29.000000Z"}, {"uuid": "2853b12e-07b7-40ce-a442-da8c941d1a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32790", "type": "seen", "source": "https://t.me/cvedetector/23325", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32790 - Dify LLM App Development Platform Unauthorized APP DSL Export Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32790 \nPublished : April 18, 2025, 1:15 p.m. | 3\u00a0hours, 25\u00a0minutes ago \nDescription : Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:05:11.000000Z"}, {"uuid": "c267dc35-5440-4ca8-a0d5-9fde4b778dff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32792", "type": "seen", "source": "https://t.me/cvedetector/23313", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32792 - SES JavaScript Lexical Scope Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32792 \nPublished : April 18, 2025, 4:15 p.m. | 26\u00a0minutes ago \nDescription : SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:04:52.000000Z"}, {"uuid": "1bbbb43a-b7e8-4f38-8a84-390eac4aae36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32792", "type": "published-proof-of-concept", "source": "Telegram/o9Pfw-M-GTwrCTTIwOJwUgm12Tx7Pgy5iImnbWlBRAjomOU", "content": "", "creation_timestamp": "2025-04-18T19:30:43.000000Z"}]}