https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 01 May 2026 05:03:18 +0000 https://db.gcve.eu/sighting/e56c061c-333b-47e8-9ecd-a0e817c67226/export {"uuid": "e56c061c-333b-47e8-9ecd-a0e817c67226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31691", "type": "seen", "source": "https://t.me/cvedetector/21669", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31691 - Drupal OAuth2 Server Missing Authorization Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31691 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:39.000000Z"} {"uuid": "e56c061c-333b-47e8-9ecd-a0e817c67226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31691", "type": "seen", "source": "https://t.me/cvedetector/21669", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31691 - Drupal OAuth2 Server Missing Authorization Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31691 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:39.000000Z"} https://db.gcve.eu/sighting/e56c061c-333b-47e8-9ecd-a0e817c67226/export Tue, 01 Apr 2025 01:54:39 +0000 https://db.gcve.eu/sighting/a8fa0ded-be90-4087-9357-bfa597dcc775/export {"uuid": "a8fa0ded-be90-4087-9357-bfa597dcc775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31692", "type": "seen", "source": "https://t.me/cvedetector/21670", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31692 - Drupal AI OS Command Injection\", \n \"Content\": \"CVE ID : CVE-2025-31692 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:40.000000Z"} {"uuid": "a8fa0ded-be90-4087-9357-bfa597dcc775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31692", "type": "seen", "source": "https://t.me/cvedetector/21670", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31692 - Drupal AI OS Command Injection\", \n \"Content\": \"CVE ID : CVE-2025-31692 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:40.000000Z"} https://db.gcve.eu/sighting/a8fa0ded-be90-4087-9357-bfa597dcc775/export Tue, 01 Apr 2025 01:54:40 +0000 https://db.gcve.eu/sighting/7404916b-4848-4aa4-84cc-670c2b90278d/export {"uuid": "7404916b-4848-4aa4-84cc-670c2b90278d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31693", "type": "seen", "source": "https://t.me/cvedetector/21671", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31693 - Drupal AI OS Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31693 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:41.000000Z"} {"uuid": "7404916b-4848-4aa4-84cc-670c2b90278d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31693", "type": "seen", "source": "https://t.me/cvedetector/21671", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31693 - Drupal AI OS Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31693 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:41.000000Z"} https://db.gcve.eu/sighting/7404916b-4848-4aa4-84cc-670c2b90278d/export Tue, 01 Apr 2025 01:54:41 +0000 https://db.gcve.eu/sighting/dc07e528-78dd-4149-81be-82b23685ba7f/export {"uuid": "dc07e528-78dd-4149-81be-82b23685ba7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31693", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10277", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31693\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\n\ud83d\udccf Published: 2025-03-31T21:51:17.459Z\n\ud83d\udccf Modified: 2025-04-03T17:24:33.215Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-022", "creation_timestamp": "2025-04-03T17:35:33.000000Z"} {"uuid": "dc07e528-78dd-4149-81be-82b23685ba7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31693", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10277", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31693\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\n\ud83d\udccf Published: 2025-03-31T21:51:17.459Z\n\ud83d\udccf Modified: 2025-04-03T17:24:33.215Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-022", "creation_timestamp": "2025-04-03T17:35:33.000000Z"} https://db.gcve.eu/sighting/dc07e528-78dd-4149-81be-82b23685ba7f/export Thu, 03 Apr 2025 17:35:33 +0000 https://db.gcve.eu/sighting/c0169c05-91e3-4cbb-861d-44163b1025bf/export {"uuid": "c0169c05-91e3-4cbb-861d-44163b1025bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31692", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31692\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\n\ud83d\udccf Published: 2025-03-31T21:50:34.673Z\n\ud83d\udccf Modified: 2025-04-03T17:23:24.605Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-021", "creation_timestamp": "2025-04-03T17:35:34.000000Z"} {"uuid": "c0169c05-91e3-4cbb-861d-44163b1025bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31692", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31692\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\n\ud83d\udccf Published: 2025-03-31T21:50:34.673Z\n\ud83d\udccf Modified: 2025-04-03T17:23:24.605Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2025-021", "creation_timestamp": "2025-04-03T17:35:34.000000Z"} https://db.gcve.eu/sighting/c0169c05-91e3-4cbb-861d-44163b1025bf/export Thu, 03 Apr 2025 17:35:34 +0000 https://db.gcve.eu/sighting/bce5c847-d754-40c0-9907-845f46c9d4ba/export {"uuid": "bce5c847-d754-40c0-9907-845f46c9d4ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3169", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10285", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3169\n\ud83d\udd25 CVSS Score: 2.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that \"this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web.\"\n\ud83d\udccf Published: 2025-04-03T17:00:13.550Z\n\ud83d\udccf Modified: 2025-04-03T17:00:13.550Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303128\n2. https://vuldb.com/?ctiid.303128\n3. https://vuldb.com/?submit.543250\n4. https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md\n5. https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md#proof-of-concept-poc", "creation_timestamp": "2025-04-03T17:35:40.000000Z"} {"uuid": "bce5c847-d754-40c0-9907-845f46c9d4ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3169", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10285", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3169\n\ud83d\udd25 CVSS Score: 2.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that \"this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web.\"\n\ud83d\udccf Published: 2025-04-03T17:00:13.550Z\n\ud83d\udccf Modified: 2025-04-03T17:00:13.550Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303128\n2. https://vuldb.com/?ctiid.303128\n3. https://vuldb.com/?submit.543250\n4. https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md\n5. https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md#proof-of-concept-poc", "creation_timestamp": "2025-04-03T17:35:40.000000Z"} https://db.gcve.eu/sighting/bce5c847-d754-40c0-9907-845f46c9d4ba/export Thu, 03 Apr 2025 17:35:40 +0000 https://db.gcve.eu/sighting/e1a7edac-c248-4771-88f1-8ee949206ea7/export {"uuid": "e1a7edac-c248-4771-88f1-8ee949206ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3169", "type": "seen", "source": "https://t.me/cvedetector/22008", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3169 - Projeqtor Unrestricted File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3169 \nPublished : April 3, 2025, 5:15 p.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that \"this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web.\" \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T21:55:44.000000Z"} {"uuid": "e1a7edac-c248-4771-88f1-8ee949206ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3169", "type": "seen", "source": "https://t.me/cvedetector/22008", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3169 - Projeqtor Unrestricted File Upload Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3169 \nPublished : April 3, 2025, 5:15 p.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that \"this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web.\" \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T21:55:44.000000Z"} https://db.gcve.eu/sighting/e1a7edac-c248-4771-88f1-8ee949206ea7/export Thu, 03 Apr 2025 21:55:44 +0000 https://db.gcve.eu/sighting/ec6544ec-8679-4737-bd5c-9413357a62bd/export {"uuid": "ec6544ec-8679-4737-bd5c-9413357a62bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3169", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lospzqjlwu27", "content": "", "creation_timestamp": "2025-05-10T10:25:11.778650Z"} {"uuid": "ec6544ec-8679-4737-bd5c-9413357a62bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3169", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lospzqjlwu27", "content": "", "creation_timestamp": "2025-05-10T10:25:11.778650Z"} https://db.gcve.eu/sighting/ec6544ec-8679-4737-bd5c-9413357a62bd/export Sat, 10 May 2025 10:25:11 +0000 https://db.gcve.eu/sighting/1ce21115-d3f7-42f9-9401-a5f400604f25/export {"uuid": "1ce21115-d3f7-42f9-9401-a5f400604f25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31698", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/264", "content": "", "creation_timestamp": "2025-06-17T19:26:35.000000Z"} {"uuid": "1ce21115-d3f7-42f9-9401-a5f400604f25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31698", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/264", "content": "", "creation_timestamp": "2025-06-17T19:26:35.000000Z"} https://db.gcve.eu/sighting/1ce21115-d3f7-42f9-9401-a5f400604f25/export Tue, 17 Jun 2025 19:26:35 +0000 https://db.gcve.eu/sighting/7c415b9e-1564-4249-b482-53208a1a6f83/export {"uuid": "7c415b9e-1564-4249-b482-53208a1a6f83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31698", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18973", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31698\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.\n\nUsers can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.\u00a0\nThis issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.\n\ud83d\udccf Published: 2025-06-19T10:07:46.733Z\n\ud83d\udccf Modified: 2025-06-20T13:32:19.681Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8", "creation_timestamp": "2025-06-20T14:43:52.000000Z"} {"uuid": "7c415b9e-1564-4249-b482-53208a1a6f83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31698", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18973", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31698\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.\n\nUsers can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.\u00a0\nThis issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.\n\ud83d\udccf Published: 2025-06-19T10:07:46.733Z\n\ud83d\udccf Modified: 2025-06-20T13:32:19.681Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8", "creation_timestamp": "2025-06-20T14:43:52.000000Z"} https://db.gcve.eu/sighting/7c415b9e-1564-4249-b482-53208a1a6f83/export Fri, 20 Jun 2025 14:43:52 +0000