{"vulnerability": "CVE-2025-3287", "sightings": [{"uuid": "ab81f29a-969c-4fa8-a6c6-cddda63e3d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lq3rpp72u22f", "content": "", "creation_timestamp": "2025-05-26T18:14:34.539512Z"}, {"uuid": "8f2fee4d-3e32-4056-accc-077b1b0cb054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3287", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmd7562uco2i", "content": "", "creation_timestamp": "2025-04-08T19:22:37.485341Z"}, {"uuid": "c70fe254-7520-4335-9be4-db1dfd4e2f49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32870", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114349606118111826", "content": "", "creation_timestamp": "2025-04-16T20:48:39.650586Z"}, {"uuid": "3e910efa-1ff9-4075-beaa-946eecf7b0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lryfps3q4s2i", "content": "", "creation_timestamp": "2025-06-19T20:52:15.838108Z"}, {"uuid": "21e8c983-e958-49ef-b973-1f51596f8e1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3287", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114308189037550499", "content": "", "creation_timestamp": "2025-04-09T13:15:45.999673Z"}, {"uuid": "16441155-25d0-481f-b694-09099c6da20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3287", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-07", "content": "", "creation_timestamp": "2025-04-10T10:00:00.000000Z"}, {"uuid": "ec0d2010-77ba-49be-88b7-fed0fa28e5e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32871", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114349606149213271", "content": "", "creation_timestamp": "2025-04-16T20:48:41.082057Z"}, {"uuid": "23a6cf45-6c9c-4d9b-a2d8-2f71651a3548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32872", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-112-01", "content": "", "creation_timestamp": "2025-04-22T10:00:00.000000Z"}, {"uuid": "a111ca42-9eed-46d3-8c21-12a47989aa07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32870", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxaptals42v", "content": "", "creation_timestamp": "2025-04-16T18:44:11.953593Z"}, {"uuid": "490191fb-6c04-4b87-9c93-bec0d3f8745b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32871", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxaptzkhh2g", "content": "", "creation_timestamp": "2025-04-16T18:44:16.361501Z"}, {"uuid": "897a84c0-f829-4687-ac8b-21069916b5b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32872", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxapudxqd2u", "content": "", "creation_timestamp": "2025-04-16T18:44:18.286641Z"}, {"uuid": "d5a044f6-c3d5-4ff8-ae83-b5e99b40694a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32872", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114349606189879832", "content": "", "creation_timestamp": "2025-04-16T20:48:48.299693Z"}, {"uuid": "f4cc977c-6fd8-41ae-a597-a5a89c5338e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32878", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ls2k7uvbtx2o", "content": "", "creation_timestamp": "2025-06-20T17:18:07.924099Z"}, {"uuid": "f4f0a022-6364-488e-93fe-0c1a3fe4a52e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32870", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-112-01", "content": "", "creation_timestamp": "2025-04-22T10:00:00.000000Z"}, {"uuid": "ad637761-fb81-48b7-96ec-95fcdd1d8f88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32871", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-112-01", "content": "", "creation_timestamp": "2025-04-22T10:00:00.000000Z"}, {"uuid": "ea62e9fc-f96e-4da0-90bc-adefd68cc602", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32875", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ls2l2qj3uc2s", "content": "", "creation_timestamp": "2025-06-20T17:33:09.395441Z"}, {"uuid": "ed6d9ad3-50c3-46f2-beb4-b89138afbe10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lolpyl7haf2g", "content": "", "creation_timestamp": "2025-05-07T15:35:54.545898Z"}, {"uuid": "5a0a1f59-61b7-4fe0-830b-a069eac9f9e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/108", "content": "", "creation_timestamp": "2025-05-07T13:06:40.000000Z"}, {"uuid": "be8bd7a2-7cbd-45db-8696-f7296a20f6ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lomzy7rtq3a2", "content": "", "creation_timestamp": "2025-05-08T04:18:32.592137Z"}, {"uuid": "99d457b5-bbd2-4c0b-8860-1101b6610978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lotglkysi22i", "content": "", "creation_timestamp": "2025-05-10T17:08:54.432210Z"}, {"uuid": "71e00bcb-429c-4adf-a909-016547190e03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3looofxi7l22x", "content": "", "creation_timestamp": "2025-05-08T19:45:39.937895Z"}, {"uuid": "977e4a9c-6b60-4db3-b186-e056711f9b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3me4niaiey32j", "content": "", "creation_timestamp": "2026-02-05T14:55:18.620147Z"}, {"uuid": "c93f22f1-d76c-43d3-9f2b-104edff9ea4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lowaslcrn227", "content": "", "creation_timestamp": "2025-05-11T20:03:27.471231Z"}, {"uuid": "9c7e102a-bb12-4cad-8270-ea294c981bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvjlbxjmz42g", "content": "", "creation_timestamp": "2025-08-03T21:02:59.490381Z"}, {"uuid": "d2d57e75-a250-424d-8673-fb5a41781656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://gist.github.com/EbonJaeger/c926e3af98a35b4e4b74385dfdc6e799", "content": "", "creation_timestamp": "2025-08-01T20:18:13.000000Z"}, {"uuid": "c4fa399d-6f16-440d-9b83-1370c3e752ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32878", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18941", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32878\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end API. However, the X.509 server certificate within the TLS handshake is not validated by the device. This allows an attacker within an active machine-in-the-middle position, using a TLS proxy and a self-signed certificate, to eavesdrop and manipulate the HTTPS communication. This could be abused, for example, for stealing the API access token of the assigned user account.\n\ud83d\udccf Published: 2025-06-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T13:24:55.825Z\n\ud83d\udd17 References:\n1. https://syss.de\n2. https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-030.txt", "creation_timestamp": "2025-06-20T13:42:53.000000Z"}, {"uuid": "4163f85d-1005-41a1-b999-1f9597d7b86b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3287", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10933", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3287\n\ud83d\udd25 CVSS Score: 8.5 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A local code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.\n\ud83d\udccf Published: 2025-04-08T15:29:45.559Z\n\ud83d\udccf Modified: 2025-04-08T15:32:24.723Z\n\ud83d\udd17 References:\n1. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html", "creation_timestamp": "2025-04-08T15:47:09.000000Z"}, {"uuid": "693f11cf-f74b-4742-89a4-ac8a82f0b072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15464", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32873\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().\n\ud83d\udccf Published: 2025-05-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T04:05:04.028Z\n\ud83d\udd17 References:\n1. https://docs.djangoproject.com/en/dev/releases/security/\n2. https://groups.google.com/g/django-announce\n3. https://www.djangoproject.com/weblog/2025/may/07/security-releases/", "creation_timestamp": "2025-05-08T04:22:47.000000Z"}, {"uuid": "18fc7e86-375b-45a5-8426-736d8d61bded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32879", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18940", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32879\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device require any authentication or security level. Therefore, any characteristic, depending on their mode of operation (read/write/notify), can be used by the connected attacker. This allows, for example, configuring the device, sending notifications, resetting the device to factory settings, or installing software.\n\ud83d\udccf Published: 2025-06-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T13:26:42.937Z\n\ud83d\udd17 References:\n1. https://syss.de\n2. https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-026.txt", "creation_timestamp": "2025-06-20T13:42:52.000000Z"}, {"uuid": "403877f7-6c1c-480b-9508-11082262fec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32876", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18972", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32876\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key (STK) can be easily guessed. This requires knowledge of the Temporary Key (TK), which, in the case of the COROS Pace 3, is set to 0 due to the Just Works pairing method. An attacker within Bluetooth range can therefore perform sniffing attacks, allowing eavesdropping on the communication.\n\ud83d\udccf Published: 2025-06-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T13:33:17.225Z\n\ud83d\udd17 References:\n1. https://syss.de\n2. https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-023.txt", "creation_timestamp": "2025-06-20T14:43:51.000000Z"}, {"uuid": "46f63de1-cde4-48e2-946c-ab8911fa15ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32875", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18964", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32875\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack.\n\ud83d\udccf Published: 2025-06-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T14:03:24.034Z\n\ud83d\udd17 References:\n1. https://syss.de\n2. https://support.coros.com/hc/en-us/categories/4416357319956-Software-Updates\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-025.txt", "creation_timestamp": "2025-06-20T14:43:40.000000Z"}, {"uuid": "07682a3b-2544-43a0-8f0a-cd3a74ae96cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/39091", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aDjango Security Issue (CVE-2025-32873)\nURL\uff1ahttps://github.com/Apollo-R3bot/django-vulnerability-CVE-2025-32873\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-03T09:21:22.000000Z"}, {"uuid": "54997cdf-1ca8-4e05-af2d-bc5660cb5f87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32877", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18969", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32877\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle attacks. Furthermore, this lack of authentication allows attackers to interact with the device via BLE without requiring prior authorization.\n\ud83d\udccf Published: 2025-06-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T13:53:04.244Z\n\ud83d\udd17 References:\n1. https://syss.de\n2. https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-024.txt", "creation_timestamp": "2025-06-20T14:43:45.000000Z"}, {"uuid": "b07406be-0d0b-46d8-a8be-8c54ed42dcbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "seen", "source": "https://t.me/cvedetector/24787", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32873 - Django Slow Denial-of-Service Vulnerability in HTML Tag Processing\", \n  \"Content\": \"CVE ID : CVE-2025-32873 \nPublished : May 8, 2025, 4:17 a.m. | 47\u00a0minutes ago \nDescription : An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T07:33:59.000000Z"}, {"uuid": "d95bd45e-18fe-4506-8a79-3f0d1a8d3139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32873", "type": "published-proof-of-concept", "source": "Telegram/S3luyvJ2R7xCTSLpSlkUyEdAxTgE_nQEIWaJA9giiuBhhRI", "content": "", "creation_timestamp": "2025-06-03T15:00:07.000000Z"}, {"uuid": "b05ed5b8-a2b3-4d3c-b5fe-ca01ead642e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32871", "type": "seen", "source": "https://t.me/cvedetector/23156", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32871 - Microsoft TeleControl Server Basic SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32871 \nPublished : April 16, 2025, 6:16 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with \"NT AUTHORITY\\NetworkService\" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T21:54:58.000000Z"}, {"uuid": "d37c3794-2298-4283-a735-b098b67c0577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32870", "type": "seen", "source": "https://t.me/cvedetector/23155", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32870 - \"TeleControl Server Basic SQL Injection\"\", \n  \"Content\": \"CVE ID : CVE-2025-32870 \nPublished : April 16, 2025, 6:16 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with \"NT AUTHORITY\\NetworkService\" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T21:54:57.000000Z"}, {"uuid": "068ec730-7501-49e1-91cf-042f0ba0feba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32872", "type": "seen", "source": "https://t.me/cvedetector/23149", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32872 - \"TeleControl Server Basic SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-32872 \nPublished : April 16, 2025, 6:16 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with \"NT AUTHORITY\\NetworkService\" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T21:54:50.000000Z"}]}