{"vulnerability": "CVE-2025-2320", "sightings": [{"uuid": "13aee7df-e71c-41a0-ad81-df70e796a839", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://t.me/thehackernews/6378", "content": "The CISA has flagged a critical vulnerability in Craft CMS, prompting urgent action.\n\nCVE-2025-23209 carries a high CVSS score of 8.1\u2014indicating significant risk to any organization still using outdated versions.\n\nThis code injection flaw opens the door to remote code execution, potentially exposing sensitive user security keys.\n\nLearn more: https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html", "creation_timestamp": "2025-02-21T08:31:14.000000Z"}, {"uuid": "ad6edf35-f455-498b-a79d-f0713b2f4821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23206", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113845625669555396", "content": "", "creation_timestamp": "2025-01-17T20:39:48.283001Z"}, {"uuid": "0166f935-3055-4950-afcb-df4e195378b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23205", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxpp44wsa2r", "content": "", "creation_timestamp": "2025-01-17T21:15:49.176650Z"}, {"uuid": "ffea3c3e-95de-43dd-98f0-2e5ac08b8aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23206", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxpp6fvbz2h", "content": "", "creation_timestamp": "2025-01-17T21:15:51.170856Z"}, {"uuid": "c8bade87-20eb-404e-8e6c-1c92b59145d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23202", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113845775391436167", "content": "", "creation_timestamp": "2025-01-17T21:17:52.893854Z"}, {"uuid": "687959ce-f5a7-4885-980e-fcb18d24fc68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23207", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113845820383025414", "content": "", "creation_timestamp": "2025-01-17T21:29:19.331059Z"}, {"uuid": "420f3e9a-cff3-4450-bbf8-7aef1570a542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23207", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxt2j325r2n", "content": "", "creation_timestamp": "2025-01-17T22:15:52.650529Z"}, {"uuid": "44c85a8f-9712-4390-98d2-a7d80ac00e2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23208", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113846041447410284", "content": "", "creation_timestamp": "2025-01-17T22:25:32.630393Z"}, {"uuid": "21bc6213-e7dd-4b74-8c43-41028cfe5ce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23206", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfxuf7zlor2e", "content": "", "creation_timestamp": "2025-01-17T22:39:47.645045Z"}, {"uuid": "f47fe85e-2789-4186-bb5b-20c1e1c6832c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23205", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfxufa6a4y2e", "content": "", "creation_timestamp": "2025-01-17T22:39:48.231945Z"}, {"uuid": "8c46889e-412f-4ac3-9cbe-5a7301834627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23208", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxwgfarhc2n", "content": "", "creation_timestamp": "2025-01-17T23:16:12.639647Z"}, {"uuid": "d319b300-e1c1-46fe-930b-e23b11f0fa1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2320", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkevuhetr326", "content": "", "creation_timestamp": "2025-03-15T00:51:34.172471Z"}, {"uuid": "c9fad2f0-cd72-4d10-88b6-5b0a4e95fc0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3liu4bzq7c223", "content": "", "creation_timestamp": "2025-02-23T15:06:08.082833Z"}, {"uuid": "26e78cd9-63ce-4f83-89ed-a5efb10a3e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:06.000000Z"}, {"uuid": "be4dd2ee-ddc3-4f46-8b52-45be094b904f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3liwl2vwbwy2s", "content": "", "creation_timestamp": "2025-02-24T14:35:51.981371Z"}, {"uuid": "2e8e7e09-1490-497e-85a0-5c1ba77ce02e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/calebpr.bsky.social/post/3llkwfcrlyo24", "content": "", "creation_timestamp": "2025-03-30T03:42:09.819742Z"}, {"uuid": "f77038ba-39e8-4e66-988a-76dbb7106db5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23201", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23201\n\ud83d\udd39 Description: librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-16T22:18:51.754Z\n\ud83d\udccf Modified: 2025-01-16T22:18:51.754Z\n\ud83d\udd17 References:\n1. https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc", "creation_timestamp": "2025-01-16T22:56:33.000000Z"}, {"uuid": "c32f0d13-83b4-4ce1-9bfb-33c64db446fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23207", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2224", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23207\n\ud83d\udd39 Description: KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\\htmlData` commands, forbid inputs containing the substring `\"\\\\htmlData\"` and sanitize HTML output from KaTeX.\n\ud83d\udccf Published: 2025-01-17T21:25:05.746Z\n\ud83d\udccf Modified: 2025-01-17T21:32:24.984Z\n\ud83d\udd17 References:\n1. https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546\n2. https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c", "creation_timestamp": "2025-01-17T21:56:59.000000Z"}, {"uuid": "a0883cc3-0ff3-41f6-bfe1-6aa32aa48ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23200", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2074", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23200\n\ud83d\udd39 Description: librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-16T22:20:51.907Z\n\ud83d\udccf Modified: 2025-01-16T22:20:51.907Z\n\ud83d\udd17 References:\n1. https://github.com/librenms/librenms/security/advisories/GHSA-c66p-64fj-jmc2", "creation_timestamp": "2025-01-16T22:56:31.000000Z"}, {"uuid": "420f5c43-fd07-4f71-a5c0-1da3d2b38456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4860", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23209\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.\n\ud83d\udccf Published: 2025-01-18T00:32:54.954Z\n\ud83d\udccf Modified: 2025-02-21T04:56:11.988Z\n\ud83d\udd17 References:\n1. https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x\n2. https://github.com/craftcms/cms/commit/e59e22b30c9dd39e5e2c7fe02c147bcbd004e603\n3. https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret", "creation_timestamp": "2025-02-21T05:18:29.000000Z"}, {"uuid": "f2a42933-f121-452d-a930-5b7de8867bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23203", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14506", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23203\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it.  This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.3 and 1.11.1. If upgrading is not feasible, disable the director module for the users other than admin role for the time being.\n\ud83d\udccf Published: 2025-03-26T13:44:58.110Z\n\ud83d\udccf Modified: 2025-05-02T16:02:38.737Z\n\ud83d\udd17 References:\n1. https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3233-ggc5-m3qg\n2. https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.10.3\n3. https://github.com/Icinga/icingaweb2-module-director/releases/tag/v1.11.3", "creation_timestamp": "2025-05-02T16:15:58.000000Z"}, {"uuid": "5557e836-f1a9-4c12-b4b7-cdf69cbb6fee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "Telegram/hUQapkg9UR2bkTaerwhU-B1RsVgKpzq9q7QwELm-pvvM1A", "content": "", "creation_timestamp": "2025-02-22T03:05:08.000000Z"}, {"uuid": "aec3f2cb-6346-46a6-9d89-a89d022448cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/TengkorakCyberCrewzz/132", "content": "CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks \u2013 thehackernews.com\n\nFri, 21 Feb 2025 15:26:00", "creation_timestamp": "2025-02-21T12:03:03.000000Z"}, {"uuid": "6c78dbdf-d0cc-43c1-83a7-219aaabd883b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/DarkWebInformer_News/1032", "content": "\ud83d\udea8 News Alert!\n\nSource: The Hacker News\nTitle: CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks\nLink: https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html", "creation_timestamp": "2025-02-21T08:26:31.000000Z"}, {"uuid": "cc4499d6-4a08-4b00-98c2-070c114d5c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23208", "type": "seen", "source": "https://t.me/cvedetector/15751", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23208 - Zot OCI Image Registry Group Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23208 \nPublished : Jan. 17, 2025, 11:15 p.m. | 38\u00a0minutes ago \nDescription : zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn't obvious to me if it were the case. Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP. This issue has been addressed in version 2.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T01:09:53.000000Z"}, {"uuid": "1486a089-bcdb-46c6-8171-2158c6858647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23207", "type": "seen", "source": "https://t.me/cvedetector/15750", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23207 - KaTeX HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23207 \nPublished : Jan. 17, 2025, 10:15 p.m. | 37\u00a0minutes ago \nDescription : KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\\htmlData` commands, forbid inputs containing the substring `\"\\\\htmlData\"` and sanitize HTML output from KaTeX. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T00:19:39.000000Z"}, {"uuid": "5e3468b7-123e-424f-9875-0e2795fb8e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/cibsecurity/82795", "content": "\ud83d\udd8b\ufe0f CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks \ud83d\udd8b\ufe0f\n\nA highseverity security flaw impacting the Craft content management system CMS has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE202523209 CVSS score 8.1, which impacts Craft CMS versions 4 and 5. It was addressed by the.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2025-02-21T11:46:24.000000Z"}, {"uuid": "cfd3ca56-e7ef-467c-b3de-b250743a9337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/ton618cyber/2532", "content": "CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks\n\nCISA adds CVE-2025-23209 to its KEV list as Craft CMS faces active exploitation, urging agencies to patch by March 13, 2025.\n\nThe Hacker News | thehackernews.com \u2022 Feb 21, 2025", "creation_timestamp": "2025-02-21T09:28:13.000000Z"}, {"uuid": "9985dada-aa04-4e5d-8520-ec1af58e0dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/MalaysiaHacktivistz/2064", "content": "CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks \u2013 thehackernews.com\n\nFri, 21 Feb 2025 15:26:00", "creation_timestamp": "2025-02-21T13:03:03.000000Z"}, {"uuid": "5b24f398-c147-4eea-9988-78dd31b0788d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "Telegram/PokG_xyqGpcuS2XK79WAsCDq6AN7zAvCxGDJgQBTFS7ZpAUW", "content": "", "creation_timestamp": "2025-02-21T22:10:24.000000Z"}, {"uuid": "43b705f6-0dad-4482-b30f-e71da9fff6f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "Telegram/UHMPZ2U6pWLly2gVE952KhK0O_0FD0IbULnVijwf8aDyIwQ0", "content": "", "creation_timestamp": "2025-02-21T08:03:23.000000Z"}, {"uuid": "1cda2f67-5639-4d6e-a268-dbe1d9c0c469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/TengkorakCyberCrewzz/28369", "content": "CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks \u2013 thehackernews.com\n\nFri, 21 Feb 2025 15:26:00", "creation_timestamp": "2025-02-21T13:03:03.000000Z"}, {"uuid": "1ab32e15-ad75-46f2-87ec-482de0c686b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2320", "type": "seen", "source": "Telegram/eCM4aHKdUiBHB9OwhsqXkdKvxoX4-6jxPypGuK3VSGlLfxU", "content": "", "creation_timestamp": "2025-03-15T00:00:40.000000Z"}, {"uuid": "49d5a5f8-2fd9-467d-bca4-cc699e79771d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/information_security_channel/53126", "content": "CISA Warns of Attacks Exploiting Craft CMS Vulnerability\nhttps://www.securityweek.com/cisa-warns-of-attacks-exploiting-craft-cms-vulnerability/\n\nCISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.\nThe post CISA Warns of Attacks Exploiting Craft CMS Vulnerability (https://www.securityweek.com/cisa-warns-of-attacks-exploiting-craft-cms-vulnerability/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2025-02-21T14:20:17.000000Z"}, {"uuid": "92f15c32-ce13-412c-88b9-b4f0def04112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23201", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfvfwxpmu32n", "content": "", "creation_timestamp": "2025-01-16T23:15:55.774739Z"}, {"uuid": "f5bad9f9-2355-44d8-afe6-b6e15ce4d8fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23200", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfvfwusqrv2n", "content": "", "creation_timestamp": "2025-01-16T23:15:52.727545Z"}, {"uuid": "1024c640-2717-4131-8220-946afd96968b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2320", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114163293011904157", "content": "", "creation_timestamp": "2025-03-14T23:06:47.430460Z"}, {"uuid": "f1fd913b-6997-4bd3-a95e-6a99ed25adc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-20T18:10:04.000000Z"}, {"uuid": "2e9c0014-3fb1-4061-a2b6-1b80b1dd8664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/aakl.bsky.social/post/3lin4tuupj22r", "content": "", "creation_timestamp": "2025-02-20T20:27:26.814773Z"}, {"uuid": "7b4875f1-7e03-42b6-94cc-d9518ffc77ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3linbnf6ceg2y", "content": "", "creation_timestamp": "2025-02-20T21:53:16.623057Z"}, {"uuid": "1fed09f5-aea2-485a-b184-2b1421e18c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3linvi6rzwc2p", "content": "", "creation_timestamp": "2025-02-21T03:48:16.723354Z"}, {"uuid": "8624265e-4529-4449-9e7e-0e525d28b4a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-23209", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lio5igw5zc2g", "content": "", "creation_timestamp": "2025-02-21T06:11:35.751040Z"}, {"uuid": "efac1587-bd6a-4671-8e67-5d55c5405f9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3liocqmki2j2n", "content": "", "creation_timestamp": "2025-02-21T07:45:38.346179Z"}, {"uuid": "93c9ab60-05fa-48a6-964e-4e627dc8889e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/shoebhakim.bsky.social/post/3liof2xudmy2b", "content": "", "creation_timestamp": "2025-02-21T08:27:13.230006Z"}, {"uuid": "d3713038-4b89-4564-9565-bf150a0ccda3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/techit.bsky.social/post/3liofa3lzjw22", "content": "", "creation_timestamp": "2025-02-21T08:30:06.154354Z"}, {"uuid": "8f6d5651-0f39-481e-bfe1-047bff795379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3liog2a2u3vh2", "content": "", "creation_timestamp": "2025-02-21T08:44:56.016944Z"}, {"uuid": "06b36e21-8c10-42d4-863d-0571f0cb7fc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/cti-news.bsky.social/post/3liog4rim3a24", "content": "", "creation_timestamp": "2025-02-21T08:46:07.475349Z"}, {"uuid": "7217a414-7a9c-498b-b24b-f49b20331ff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3liohdbzd3d27", "content": "", "creation_timestamp": "2025-02-21T09:07:39.697218Z"}, {"uuid": "6804288b-2c4d-4a11-8410-18a7b26cd7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3liohoulbil24", "content": "", "creation_timestamp": "2025-02-21T09:14:08.803901Z"}, {"uuid": "d0307800-07a6-4cf9-9f40-073c06c0830d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/cybersonar.bsky.social/post/3lj7v5gyvxz2n", "content": "", "creation_timestamp": "2025-02-28T07:30:11.492824Z"}, {"uuid": "90ca1ef0-ce70-4ef6-a20b-c58423ee3477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23206", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2200", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23206\n\ud83d\udd39 Description: The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag '@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections' is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-17T20:34:50.851Z\n\ud83d\udccf Modified: 2025-01-17T20:34:50.851Z\n\ud83d\udd17 References:\n1. https://github.com/aws/aws-cdk/security/advisories/GHSA-v4mq-x674-ff73\n2. https://github.com/aws/aws-cdk/issues/32920\n3. https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.ts#L34", "creation_timestamp": "2025-01-17T20:57:42.000000Z"}, {"uuid": "86d7f434-1509-4e61-8667-22f7b2dbc689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/itsec_news/5879", "content": "\u200b\u26a1\ufe0f\u041e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0445\u043e\u0440\u043e\u0448\u043e, \u0430 \u0434\u0432\u0435 \u2014 \u043f\u0443\u0442\u044c \u043a \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u043c\u0443 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0443: \u043d\u043e\u0432\u0430\u044f \u0430\u0442\u0430\u043a\u0430 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u043d\u0430 Craft CMS\n\n\ud83d\udcac\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b CSIRT \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Orange Cyberdefense \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u0443\u044e \u0441\u0435\u0440\u0438\u044e \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043d\u0430 \u0431\u0430\u0437\u0435 Craft CMS \u2014 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432. \u0420\u0430\u0441\u0441\u043b\u0435\u0434\u0443\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044e \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u043f\u043b\u043e\u0449\u0430\u0434\u043e\u043a, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432\u044b\u044f\u0432\u0438\u043b\u0438: \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0438\u0437 \u0434\u0432\u0443\u0445 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0431\u0440\u0435\u0448\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 \u043a\u0440\u0430\u0436\u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u0438\u0437\u044a\u044f\u043d \u0432 \u0437\u0430\u0449\u0438\u0442\u0435, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u0438\u043d\u0434\u0435\u043a\u0441 CVE-2025-32432, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430. \u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u043d\u043e\u043c\u0435\u0440\u043e\u043c CVE-2024-58136 \u0442\u0430\u0438\u0442\u0441\u044f \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 Yii, \u043b\u0435\u0436\u0430\u0449\u0435\u043c \u0432 \u043e\u0441\u043d\u043e\u0432\u0435 Craft CMS \u2014 \u043e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u044d\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0445\u0430\u043a\u0438\u043d\u0433\u0430 SensePost, \u0432\u0445\u043e\u0434\u044f\u0449\u0430\u044f \u0432 \u0441\u043e\u0441\u0442\u0430\u0432 Orange Cyberdefense, \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0430 \u043f\u043e\u043b\u043d\u0443\u044e \u043a\u0430\u0440\u0442\u0438\u043d\u0443 \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u044f. \u0410\u0432\u0442\u043e\u0440\u044b \u0432\u0437\u043b\u043e\u043c\u043e\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0431\u0430\u0433\u0438, \u0447\u0442\u043e\u0431\u044b \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u043d\u0430 \u0437\u0430\u0445\u0432\u0430\u0447\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 PHP-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438.\n\n\u0412\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0435 \u0441\u0442\u0430\u0440\u0442\u0443\u0435\u0442 \u0441 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2025-32432: \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044c \u0444\u043e\u0440\u043c\u0438\u0440\u0443\u0435\u0442 \u043e\u0441\u043e\u0431\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \"return URL\". \u041f\u0435\u0440\u0435\u0434\u0430\u043d\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 PHP-\u0444\u0430\u0439\u043b \u0441\u0435\u0441\u0441\u0438\u0438, \u0430 \u0435\u0451 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u043e\u0442\u0432\u0435\u0442\u0430 \u043d\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441.\n\n\u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u044d\u0442\u0430\u043f\u0435, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0443\u0436\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0430 CVE-2024-58136, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f JSON-\u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430, \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u044e\u0449\u0430\u044f PHP-\u043a\u043e\u0434 \u0438\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u043d\u0435\u0435 \u0441\u0435\u0441\u0441\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430. \u0422\u0430\u043a\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u0438 \u0440\u0430\u0437\u0432\u0438\u0442\u044c \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0432 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c, \u0432\u0437\u043b\u043e\u043c\u0449\u0438\u043a\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u044e\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u044b \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0443\u044e\u0442 \u043a\u0430\u043d\u0430\u043b\u044b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0430 \u043f\u043e\u0445\u0438\u0449\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u041f\u043e\u043b\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0441\u0445\u0435\u043c\u044b \u043f\u043e\u044f\u0432\u0438\u0442\u0441\u044f \u0447\u0443\u0442\u044c \u043f\u043e\u0437\u0436\u0435 \u0432 \u0433\u043e\u0442\u043e\u0432\u044f\u0449\u0435\u0439\u0441\u044f \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447\u0438. \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Yii \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-58136 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.0.52 \u043e\u0442 9 \u0430\u043f\u0440\u0435\u043b\u044f. \u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0434\u0435\u043d\u044c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Craft CMS \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f 3.9.15, 4.14.15 \u0438 5.6.17, \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0443\u044e\u0449\u0438\u0435 CVE-2025-32432.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0432 Craft CMS \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Yii 2.0.51, \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 Orange \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442: \u043f\u043e\u0441\u043b\u0435 \u0430\u043f\u0434\u0435\u0439\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0430\u0442\u0430\u043a \u0442\u0435\u0440\u044f\u0435\u0442 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0438\u0437\u044a\u044f\u043d \u0432\u043e \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 \u043f\u043e\u043f\u0440\u043e\u0441\u0442\u0443 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0445 \u043c\u0435\u0440\u043e\u043f\u0440\u0438\u044f\u0442\u0438\u0439. \u041f\u0435\u0440\u0432\u043e\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0447\u0430 \u2014 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u043b\u044e\u0447\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 php craft setup/security-key \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0430\u044f \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 CRAFT_SECURITY_KEY \u0432\u043e \u0432\u0441\u0435\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f\u0445.\n\n\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u043d\u0430 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439 \u0432 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438 S3, Stripe \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438) \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u043a\u0432\u0438\u0437\u0438\u0442\u043e\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0445. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043c\u0435\u0440\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0441\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0432\u0441\u0435\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b php craft resave/users --set passwordResetRequired --to \"fn() => true\".\n\n\u0418\u0441\u0447\u0435\u0440\u043f\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u0435\u0442\u0435\u0432\u044b\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u0438 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0438 \u043a \u043e\u0442\u0447\u0435\u0442\u0443 SensePost . \u0415\u0449\u0435 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410 (CISA) \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u043b\u043e \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0432 Craft CMS \u0432\u0435\u0440\u0441\u0438\u0439 4 \u0438 5 \u2014 CVE-2025-23209, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434. \u0427\u0435\u0440\u0435\u0434\u0430 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0440\u0430\u0441\u0442\u0443\u0449\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432 \u043a \u044d\u0442\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435, \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u043e\u0441\u043e\u0431\u043e\u0439 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u0442\u0440\u043e\u0433\u043e\u0433\u043e \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-04-28T04:49:19.000000Z"}, {"uuid": "f0f56659-e924-4960-bca8-a17da2e45ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23204", "type": "seen", "source": "https://t.me/cvedetector/20975", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23204 - API Platform Core GraphQL Security Check Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-23204 \nPublished : March 24, 2025, 4:15 p.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. The test in version 3.3.8 is probably broken. As of time of publication, a fixed version is not available. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T18:24:25.000000Z"}, {"uuid": "c9a5b09d-fd7b-4726-89fe-40474fc02f85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23205", "type": "seen", "source": "https://t.me/cvedetector/15743", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23205 - JupyterHub nbgrader Frame Ancestor Hack\", \n  \"Content\": \"CVE ID : CVE-2025-23205 \nPublished : Jan. 17, 2025, 9:15 p.m. | 15\u00a0minutes ago \nDescription : nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of `enable_subdomains = False`. #1915 disables a protection which would allow user Alice to craft a page embedding formgrader in an IFrame. If Bob visits that page, his credentials will be sent and the formgrader page loaded. Because Alice's page is on the same Origin as the formgrader iframe, Javasript on Alice's page has _full access_ to the contents of the page served by formgrader using Bob's credentials. This issue has been addressed in release 0.9.5 and all users are advised to upgrade. Users unable to upgrade may disable `frame-ancestors: self`, or enable per-user and per-service subdomains with `JupyterHub.enable_subdomains = True` (then even if embedding in an IFrame is allowed, the host page does not have access to the contents of the frame). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T22:39:14.000000Z"}, {"uuid": "542e3e72-798d-4ad4-9fd7-525397fc4f94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23202", "type": "seen", "source": "https://t.me/cvedetector/15742", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23202 - ROBLOX Bible Module API Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23202 \nPublished : Jan. 17, 2025, 9:15 p.m. | 15\u00a0minutes ago \nDescription : Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T22:39:10.000000Z"}, {"uuid": "0e7e04be-7131-46cd-b3de-92495c95d309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23206", "type": "seen", "source": "https://t.me/cvedetector/15738", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23206 - AWS CDK IAM OIDC Unverified Connections Weakness\", \n  \"Content\": \"CVE ID : CVE-2025-23206 \nPublished : Jan. 17, 2025, 9:15 p.m. | 15\u00a0minutes ago \nDescription : The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag '@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections' is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T22:39:07.000000Z"}, {"uuid": "f1686c76-85df-4f51-bf71-8c50e369f192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23201", "type": "seen", "source": "https://t.me/cvedetector/15667", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23201 - Librenms Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23201 \nPublished : Jan. 16, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T00:54:49.000000Z"}, {"uuid": "e6a685bd-5abf-4e19-9ee2-15dc90132492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23200", "type": "seen", "source": "https://t.me/cvedetector/15661", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23200 - Librenms Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23200 \nPublished : Jan. 16, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T00:54:42.000000Z"}, {"uuid": "193bd5ff-c376-4fa5-9fed-0102b2cc9b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/MalaysiaHacktivistz/8767", "content": "CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks \u2013 thehackernews.com\n\nFri, 21 Feb 2025 15:26:00", "creation_timestamp": "2025-02-21T13:03:03.000000Z"}, {"uuid": "9e58b46a-da4c-4c6e-a18d-4d866e07d3ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfy54asrpp2f", "content": "", "creation_timestamp": "2025-01-18T01:15:48.694310Z"}, {"uuid": "f84a8152-852b-452e-9b55-63220ab48401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfy6ximsry2k", "content": "", "creation_timestamp": "2025-01-18T01:48:56.626270Z"}, {"uuid": "f8e51290-7809-4d48-b4c9-ba80cbab067f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfy6xiwomx2b", "content": "", "creation_timestamp": "2025-01-18T01:48:57.446121Z"}, {"uuid": "0c1c90b5-4b76-4d7e-a4e4-3b4740d062fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113846839254614017", "content": "", "creation_timestamp": "2025-01-18T01:49:02.344583Z"}, {"uuid": "da020c4f-c4cf-423a-9d90-c01a0c9191c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/pressewelle.de/post/3ljprcnl3y72q", "content": "", "creation_timestamp": "2025-03-06T15:04:07.117574Z"}, {"uuid": "9ea1262e-0f3f-40c1-9883-d3207deeb991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lioqhmzmok2r", "content": "", "creation_timestamp": "2025-02-21T11:51:14.629530Z"}, {"uuid": "0e8c945c-b79b-4a61-a463-e46885bc33ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html", "content": "", "creation_timestamp": "2025-02-21T06:26:00.000000Z"}, {"uuid": "c51067b7-8e7c-4edc-9c4b-7c8d6a15de60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3lipbka4wle2f", "content": "", "creation_timestamp": "2025-02-21T16:56:50.584073Z"}, {"uuid": "591becfc-0ba4-41f4-9dc4-0e8a228f8535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3liplh43zlr2m", "content": "", "creation_timestamp": "2025-02-21T19:54:06.378823Z"}, {"uuid": "11e067e4-ea7a-48ce-9a6f-5b0732384dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lisam77cwc2g", "content": "", "creation_timestamp": "2025-02-22T21:18:02.043147Z"}, {"uuid": "6f4250d7-6c5c-4c8b-881d-f45cbc9cf3c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23202", "type": "seen", "source": "https://bsky.app/profile/b4nd1twillow.bsky.social/post/3ltdqtyp55k2i", "content": "", "creation_timestamp": "2025-07-07T02:35:57.861837Z"}, {"uuid": "a3a00b0e-7b33-419f-b0ed-68a755e67a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bf56ebb5-0a5a-41a0-97c0-cec1806b3cba", "content": "", "creation_timestamp": "2026-02-02T12:26:12.960645Z"}, {"uuid": "0053feaa-69c3-430d-9334-7189deba9d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bf56ebb5-0a5a-41a0-97c0-cec1806b3cba", "content": "", "creation_timestamp": "2026-02-02T12:26:12.960645Z"}, {"uuid": "72f212a6-cd1e-4047-86bf-8bb8b6f06526", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23202", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2211", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23202\n\ud83d\udd39 Description: Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-17T20:18:20.352Z\n\ud83d\udccf Modified: 2025-01-17T20:18:20.352Z\n\ud83d\udd17 References:\n1. https://github.com/devycreates/Bible-Module/security/advisories/GHSA-cm7w-99v2-prrq\n2. https://github.com/devycreates/Bible-Module/commit/5b783855fc3285be2da8639c97ac37af28f8c55a", "creation_timestamp": "2025-01-17T20:57:56.000000Z"}, {"uuid": "532bf35f-033b-47a6-aa44-f692a5eaefac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23205", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2209", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23205\n\ud83d\udd39 Description: nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of `enable_subdomains = False`. #1915 disables a protection which would allow user Alice to craft a page embedding formgrader in an IFrame. If Bob visits that page, his credentials will be sent and the formgrader page loaded. Because Alice's page is on the same Origin as the formgrader iframe, Javasript on Alice's page has _full access_ to the contents of the page served by formgrader using Bob's credentials. This issue has been addressed in release 0.9.5 and all users are advised to upgrade. Users unable to upgrade may disable `frame-ancestors: self`, or enable per-user and per-service subdomains with `JupyterHub.enable_subdomains = True` (then even if embedding in an IFrame is allowed, the host page does not have access to the contents of the frame).\n\ud83d\udccf Published: 2025-01-17T20:23:21.818Z\n\ud83d\udccf Modified: 2025-01-17T20:23:21.818Z\n\ud83d\udd17 References:\n1. https://github.com/jupyter/nbgrader/security/advisories/GHSA-fcr8-4r9f-r66m\n2. https://github.com/jupyter/nbgrader/pull/1915\n3. https://github.com/jupyter/nbgrader/commit/73e137511ac1dc02e95790d4fd6d4d88dab42325\n4. https://jupyterhub.readthedocs.io/en/stable/explanation/websecurity.html#:~:text=frame-ancestors", "creation_timestamp": "2025-01-17T20:57:55.000000Z"}, {"uuid": "a24065d0-1840-4af1-ac9b-abaf870eb8f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23208", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2235", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23208\n\ud83d\udd39 Description: zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn't obvious to me if it were the case. Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP. This issue has been addressed in version 2.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-17T22:24:09.406Z\n\ud83d\udccf Modified: 2025-01-17T22:24:09.406Z\n\ud83d\udd17 References:\n1. https://github.com/project-zot/zot/security/advisories/GHSA-c9p4-xwr9-rfhx\n2. https://github.com/project-zot/zot/commit/002ac62d8a15bf0cba010b3ba7bde86f9837b613\n3. https://github.com/project-zot/zot/blob/5e30fec65c49e3139907e2819ccb39b2e3bd784e/pkg/meta/boltdb/boltdb.go#L1665", "creation_timestamp": "2025-01-17T22:57:00.000000Z"}, {"uuid": "8d7cdd86-3508-46d1-ac4b-1c7f97d841cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2270", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23209\n\ud83d\udd39 Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue.\n\ud83d\udccf Published: 2025-01-18T00:32:54.954Z\n\ud83d\udccf Modified: 2025-01-18T00:32:54.954Z\n\ud83d\udd17 References:\n1. https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x\n2. https://github.com/craftcms/cms/commit/e59e22b30c9dd39e5e2c7fe02c147bcbd004e603\n3. https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret", "creation_timestamp": "2025-01-18T00:57:13.000000Z"}, {"uuid": "6b813328-328c-4d7e-a4c8-30d57fadeb83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2320", "type": "seen", "source": "https://t.me/cvedetector/20345", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2320 - SpringBoot-OpenAI-ChatGPT Unauthenticated Remote Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-2320 \nPublished : March 14, 2025, 10:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T01:04:35.000000Z"}, {"uuid": "7bdef2b3-d7d8-4177-9063-73d08382d696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23203", "type": "seen", "source": "https://t.me/cvedetector/21177", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23203 - Icinga Director Unauthenticated Information Disclosure and Configuration Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23203 \nPublished : March 26, 2025, 2:15 p.m. | 28\u00a0minutes ago \nDescription : Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it.  This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.3 and 1.11.1. If upgrading is not feasible, disable the director module for the users other than admin role for the time being. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T16:23:53.000000Z"}, {"uuid": "da6c8701-4e9d-414f-b367-37c3af70603e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "seen", "source": "https://t.me/cvedetector/15777", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23209 - Craft CMS Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23209 \nPublished : Jan. 18, 2025, 1:15 a.m. | 29\u00a0minutes ago \nDescription : Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue. \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T02:51:21.000000Z"}, {"uuid": "f906bec3-69b7-42ae-a9ec-c8bb4927e60f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/ton618cyber/6782", "content": "CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks\n\nCISA adds CVE-2025-23209 to its KEV list as Craft CMS faces active exploitation, urging agencies to patch by March 13, 2025.\n\nThe Hacker News | thehackernews.com \u2022 Feb 21, 2025", "creation_timestamp": "2025-02-21T09:28:12.000000Z"}, {"uuid": "5338e700-0914-49bd-ba54-9acd2c0e5e31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "Telegram/qLG_ePNm1WqHhVV75qq0AJyKKau4zZSivdGXh2FteRJ-LA", "content": "", "creation_timestamp": "2025-02-21T09:28:00.000000Z"}, {"uuid": "29ee06d1-114e-4668-b670-d23c325ea276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "published-proof-of-concept", "source": "Telegram/UfSe-6EGS8jfJ09VFnjg91CLSsjj-4fD6Vt4UjLUJiXedlI", "content": "", "creation_timestamp": "2025-01-18T03:00:37.000000Z"}, {"uuid": "f5c511c2-22aa-47ff-903c-6217a6a698a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "Telegram/5RqYKm4m4AMpBUMgG4-v2i95-ECMF1wKbNU2ZH6hQrFkk9M", "content": "", "creation_timestamp": "2025-02-22T20:41:49.000000Z"}, {"uuid": "fd72eed6-3085-47ff-8abf-e15a564a7613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23209", "type": "exploited", "source": "https://t.me/ctinow/231228", "content": "CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks\nhttps://ift.tt/Vi8Inxz", "creation_timestamp": "2025-02-21T09:34:26.000000Z"}]}