{"vulnerability": "CVE-2025-3295", "sightings": [{"uuid": "8e841cff-abb8-46ca-b970-f2d20f52ca88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32953", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln4ry4oajim2", "content": "", "creation_timestamp": "2025-04-18T23:36:24.648459Z"}, {"uuid": "db162143-d5c0-4b3f-9db2-3bb6dbc70af7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3295", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmyj7gz55g2u", "content": "", "creation_timestamp": "2025-04-17T06:48:42.295749Z"}, {"uuid": "ad5e0774-acb6-446b-a74e-fa2e382fdeb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32953", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114361636530880100", "content": "", "creation_timestamp": "2025-04-18T23:48:10.794038Z"}, {"uuid": "bbded36b-764d-4351-9685-df35613b52fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32953", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln4ts4xo5q2l", "content": "", "creation_timestamp": "2025-04-19T00:08:45.327921Z"}, {"uuid": "0ba014da-714a-4ad5-b75a-7f7edf6549fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32956", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lnfhqe63vg2z", "content": "", "creation_timestamp": "2025-04-22T10:26:58.804727Z"}, {"uuid": "c0790d49-90e6-4e19-828a-a0a364181551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32958", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114378081382038470", "content": "", "creation_timestamp": "2025-04-21T21:30:17.870441Z"}, {"uuid": "aeb972df-612b-4aed-af50-d5136b76437f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32956", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lneblktowx2t", "content": "", "creation_timestamp": "2025-04-21T23:04:16.481090Z"}, {"uuid": "458bee90-2d08-425f-a389-d45cef918665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lneblkxtth2l", "content": "", "creation_timestamp": "2025-04-21T23:04:17.035528Z"}, {"uuid": "73689f84-c3de-4a03-938e-e684a972693a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32958", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnebll3e2p2t", "content": "", "creation_timestamp": "2025-04-21T23:04:17.626489Z"}, {"uuid": "a48e9849-ebe8-4404-bd61-975156dc6bf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32956", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114378624632280408", "content": "", "creation_timestamp": "2025-04-21T23:48:27.304615Z"}, {"uuid": "0cdc25e8-d843-4def-b55d-081dbc970aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32958", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114378624678384981", "content": "", "creation_timestamp": "2025-04-21T23:48:27.965424Z"}, {"uuid": "9faff24c-3985-4c83-97d8-0e25110b999e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"}, {"uuid": "61c67a82-df6b-4b1c-956c-6a5b693cdc1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32959", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lngln3ghsn2l", "content": "", "creation_timestamp": "2025-04-22T21:09:28.557885Z"}, {"uuid": "66460fe7-4746-4c78-845c-fc66b0f01b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mid7camwkl2i", "content": "", "creation_timestamp": "2026-03-31T03:10:50.041767Z"}, {"uuid": "2008add4-134b-4a18-ad76-aba418168f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:36.000000Z"}, {"uuid": "23705587-a5ab-4d00-b2c8-90277ee87986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3maja42zndp2w", "content": "", "creation_timestamp": "2025-12-21T17:19:42.020001Z"}, {"uuid": "b36eb66b-319b-4916-895d-2df0336e0e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3micyy2rkto2j", "content": "", "creation_timestamp": "2026-03-31T01:17:46.237935Z"}, {"uuid": "ff788e1d-febd-4a64-ac01-1f836552891f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3micz5zuvuo2h", "content": "", "creation_timestamp": "2026-03-31T01:21:06.593730Z"}, {"uuid": "7aa59a0d-5b75-4d61-89ba-3440cbdc9f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3milfdftw5q2k", "content": "", "creation_timestamp": "2026-04-03T09:20:09.801863Z"}, {"uuid": "88f295ce-befd-4ab9-9860-11c7740a1735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32952", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13459", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32952\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:32:11.966Z\n\ud83d\udccf Modified: 2025-04-25T16:03:04.176Z\n\ud83d\udd17 References:\n1. https://github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m\n2. https://docs.jmix.io/jmix/files-vulnerabilities.html\n3. https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application", "creation_timestamp": "2025-04-25T16:07:18.000000Z"}, {"uuid": "6f0f9994-ff87-44c6-992f-4971ad6802c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3295", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12191", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3295\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.\n\ud83d\udccf Published: 2025-04-17T05:23:19.325Z\n\ud83d\udccf Modified: 2025-04-17T05:23:19.325Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail=", "creation_timestamp": "2025-04-17T05:57:32.000000Z"}, {"uuid": "8ffa92c5-367b-4585-bb73-5a881cbd9667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32951", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13460", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32951\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:32:23.401Z\n\ud83d\udccf Modified: 2025-04-25T16:02:55.977Z\n\ud83d\udd17 References:\n1. https://github.com/jmix-framework/jmix/security/advisories/GHSA-x27v-f838-jh93\n2. https://docs.jmix.io/jmix/files-vulnerabilities.html\n3. https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application", "creation_timestamp": "2025-04-25T16:07:19.000000Z"}, {"uuid": "29c53592-a386-43c0-98fd-2e22055d4ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32957", "type": "published-proof-of-concept", "source": "Telegram/bbla1pabQ6PMuVKeZ-DwTmBlqOcXGSdR93YlyGpOXR1ezik", "content": "", "creation_timestamp": "2026-03-31T03:17:00.000000Z"}, {"uuid": "6d9eb5ab-fc87-498e-823d-7d50102a2082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32950", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13457", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32950\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful value in the fileRef parameter of the `/files` endpoint of the generic REST API. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:14:43.211Z\n\ud83d\udccf Modified: 2025-04-25T16:03:22.669Z\n\ud83d\udd17 References:\n1. https://github.com/jmix-framework/jmix/security/advisories/GHSA-jx4g-3xqm-62vh\n2. https://docs.jmix.io/jmix/files-vulnerabilities.html\n3. https://docs.jmix.io/jmix/files-vulnerabilities.html#fix-path-traversal-in-jmix-application", "creation_timestamp": "2025-04-25T16:07:16.000000Z"}, {"uuid": "ef0d28f4-08bd-4667-9f9e-20874256bfb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32956", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12761", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32956\n\ud83d\udd25 CVSS Score: 8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`.\n\ud83d\udccf Published: 2025-04-21T20:45:49.523Z\n\ud83d\udccf Modified: 2025-04-21T20:45:49.523Z\n\ud83d\udd17 References:\n1. https://github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7\n2. https://github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9", "creation_timestamp": "2025-04-21T21:02:35.000000Z"}, {"uuid": "b478134b-309e-437f-b7ba-a7b896515a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32953", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12538", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32953\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H)\n\ud83d\udd39 Description: z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916.\n\ud83d\udccf Published: 2025-04-18T20:42:46.655Z\n\ud83d\udccf Modified: 2025-04-18T20:42:46.655Z\n\ud83d\udd17 References:\n1. https://github.com/udo-munk/z80pack/security/advisories/GHSA-gpjj-f76m-9x3q\n2. https://github.com/udo-munk/z80pack/commit/1e06c2fe498ca772002b5c4f6f9e3085061e47da\n3. https://github.com/udo-munk/z80pack/commit/836c2e37b54f86bb4bed9e1406b67e52aa52308d\n4. https://github.com/udo-munk/z80pack/commit/95535987d690bd20849fbf143f267283f0e2db91\n5. https://github.com/udo-munk/z80pack/commit/bd9591615ae7b1e6229aa60a485447441c4a0c15", "creation_timestamp": "2025-04-18T20:59:20.000000Z"}, {"uuid": "193d251f-903b-441e-ab99-9b4e5188c180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12760", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32955\n\ud83d\udd25 CVSS Score: 6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0.\n\ud83d\udccf Published: 2025-04-21T20:45:58.105Z\n\ud83d\udccf Modified: 2025-04-21T20:45:58.105Z\n\ud83d\udd17 References:\n1. https://github.com/step-security/harden-runner/security/advisories/GHSA-mxr3-8whj-j74r\n2. https://github.com/step-security/harden-runner/commit/0634a2670c59f64b4a01f0f96f84700a4088b9f0\n3. https://github.com/step-security/harden-runner/releases/tag/v2.12.0", "creation_timestamp": "2025-04-21T21:02:34.000000Z"}, {"uuid": "f66e471a-758c-4c24-89be-0c50fc2135a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32958", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12762", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32958\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7.\n\ud83d\udccf Published: 2025-04-21T20:45:40.082Z\n\ud83d\udccf Modified: 2025-04-21T20:45:40.082Z\n\ud83d\udd17 References:\n1. https://github.com/AdeptLanguage/Adept/security/advisories/GHSA-8c7v-vccv-cx4q\n2. https://github.com/AdeptLanguage/Adept/commit/a1a41b72cdf1bebfc0cf6d7b3a8350e6406b2220", "creation_timestamp": "2025-04-21T21:02:36.000000Z"}, {"uuid": "bd5cb0c4-4661-49eb-a4b2-f797726a367c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32959", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12938", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32959\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website.\n\ud83d\udccf Published: 2025-04-22T17:45:00.340Z\n\ud83d\udccf Modified: 2025-04-22T18:50:33.199Z\n\ud83d\udd17 References:\n1. https://github.com/cuba-platform/cuba/security/advisories/GHSA-w3mp-6vrj-875g\n2. https://github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m\n3. https://github.com/cuba-platform/cuba/commit/42b6c00fd0572b8e52ae31afd1babc827a3161a1\n4. https://docs.jmix.io/jmix/files-vulnerabilities.html\n5. https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application", "creation_timestamp": "2025-04-22T19:03:28.000000Z"}, {"uuid": "43cc2867-3ab4-4393-8c22-0fd3c6ffc324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32956", "type": "published-proof-of-concept", "source": "Telegram/I5Scwbbdp7WCzcFYeDRHdXSB07SWV9BvAC1tqlNr9m_BtWg", "content": "", "creation_timestamp": "2025-04-21T23:30:57.000000Z"}, {"uuid": "9b59c236-b1ba-42b0-9e27-b46381318092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32958", "type": "seen", "source": "https://t.me/cvedetector/23464", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32958 - Adept Language GitHub Token Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-32958 \nPublished : April 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in the AdeptLanguage/Adept repository. This issue has been patched in commit a1a41b7. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T00:00:24.000000Z"}, {"uuid": "831f8bc7-c2bb-496b-9ea3-3d3f70af3164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32955", "type": "seen", "source": "https://t.me/cvedetector/23462", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32955 - Harden-Runner Docker Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32955 \nPublished : April 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0. \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T00:00:22.000000Z"}, {"uuid": "1f44f1f0-a4e1-4040-822d-db8e0167c25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32956", "type": "seen", "source": "https://t.me/cvedetector/23463", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32956 - ManageWiki SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32956 \nPublished : April 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting `$wgManageWiki['namespaces'] = false;`. \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T00:00:23.000000Z"}, {"uuid": "0cd2b1c5-36b8-4f05-9028-27fd9613e8b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32959", "type": "seen", "source": "https://t.me/cvedetector/23553", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32959 - CUBA Platform Denial of Service File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32959 \nPublished : April 22, 2025, 6:16 p.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T22:35:32.000000Z"}, {"uuid": "687081e7-545e-4dce-976a-48fa89f78ed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32953", "type": "seen", "source": "https://t.me/cvedetector/23352", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32953 - Z80pack GitHub Token Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-32953 \nPublished : April 18, 2025, 9:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T00:56:36.000000Z"}, {"uuid": "cfce44e5-a111-4551-910d-410671dce12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32952", "type": "seen", "source": "https://t.me/cvedetector/23552", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32952 - Jmix File Size Limitation Dos\", \n  \"Content\": \"CVE ID : CVE-2025-32952 \nPublished : April 22, 2025, 6:16 p.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T22:35:31.000000Z"}, {"uuid": "7d08ad99-f192-4243-a41f-7a946b762f48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3295", "type": "seen", "source": "https://t.me/cvedetector/23216", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3295 - WordPress WP Editor Arbitrary File Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3295 \nPublished : April 17, 2025, 6:15 a.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T10:28:11.000000Z"}, {"uuid": "48711165-cec1-4c0e-9e07-2697509eb6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32958", "type": "published-proof-of-concept", "source": "Telegram/I5Scwbbdp7WCzcFYeDRHdXSB07SWV9BvAC1tqlNr9m_BtWg", "content": "", "creation_timestamp": "2025-04-21T23:30:57.000000Z"}, {"uuid": "e79f2c07-5a11-4570-b7b8-17e68abce3ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32953", "type": "published-proof-of-concept", "source": "Telegram/oRg411HAomHdISM9O3TVQssrB2w8dJGX9X47vD_NRx0yd1g", "content": "", "creation_timestamp": "2025-04-18T23:30:24.000000Z"}]}