{"uuid": "79114659-31ef-4c17-8c7f-241ba8e3fa53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-12383", "type": "seen", "source": "https://t.me/NinjaSec/300", "content": "Code execution, bypasses, and exploits \u2014 again, for educational purposes only:\n\n\n26. CVE-2025-12359 \u2013 RCE via unsafe deserialization in REST API (CVSS 9.4)\n27. CVE-2025-12360 \u2013 XSS in Admin Dashboard plugin (CVSS 7.6)\n28. CVE-2025-12361 \u2013 Remote file inclusion in CMS plugin (CVSS 8.9)\n29. CVE-2025-12362 \u2013 Logic flaw in session handler exposes tokens (CVSS 7.5)\n30. CVE-2025-12363 \u2013 RCE in PDF conversion tool via crafted input (CVSS 9.5)\n31. CVE-2025-12364 \u2013 Auth bypass in Single Sign-On service (CVSS 9.1)\n32. CVE-2025-12365 \u2013 LFI in backup module of web control panel (CVSS 8.6)\n33. CVE-2025-12366 \u2013 CSRF on firewall config panel (CVSS 8.0)\n34. CVE-2025-12367 \u2013 SSRF in metadata parser allows internal access (CVSS 9.0)\n35. CVE-2025-12368 \u2013 SQLi in search API of project management tool (CVSS 8.2)\n36. CVE-2025-12369 \u2013 Improper permission checks in job scheduler (CVSS 8.5)\n37. CVE-2025-12370 \u2013 Open redirect leads to phishing vector (CVSS 6.5)\n38. CVE-2025-12371 \u2013 DoS via XML bomb in document parser (CVSS 7.9)\n39. CVE-2025-12372 \u2013 Directory traversal in logs endpoint (CVSS 8.1)\n40. CVE-2025-12373 \u2013 Memory leak in image rendering library (CVSS 6.9)\n41. CVE-2025-12374 \u2013 Hardcoded credentials in IoT config interface (CVSS 9.0)\n42. CVE-2025-12375 \u2013 Insecure update mechanism in desktop agent (CVSS 9.3)\n43. CVE-2025-12376 \u2013 Path traversal in zip archive handler (CVSS 8.7)\n44. CVE-2025-12377 \u2013 Race condition in file uploader logic (CVSS 7.8)\n45. CVE-2025-12378 \u2013 Java deserialization bug in SOAP API (CVSS 9.2)\n46. CVE-2025-12379 \u2013 JWT token forgery via alg=none trick (CVSS 8.8)\n47. CVE-2025-12380 \u2013 CORS misconfig allows cross-origin token theft (CVSS 8.5)\n48. CVE-2025-12381 \u2013 Exploitable crash in media encoder (CVSS 7.0)\n49. CVE-2025-12382 \u2013 Server misconfig allows upload of executables (CVSS 8.6)\n50. CVE-2025-12383 \u2013 LDAP injection in auth form (CVSS 8.9)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"}