{"vulnerability": "CVE-2025-2321", "sightings": [{"uuid": "3db223dc-1b33-47ec-b7dc-2384b287df3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2321", "type": "seen", "source": "https://t.me/cvedetector/20367", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2321 - Springboot OpenAI ChatGPT Remote Business Logic Error Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2321 \nPublished : March 15, 2025, 12:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T15:17:12.000000Z"}, {"uuid": "ed570b06-1f1a-4ef5-9fa7-4b469bc4a6fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23215", "type": "seen", "source": "https://t.me/cvedetector/16967", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23215 - PMD Exposed Signing Passphrase Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23215 \nPublished : Jan. 31, 2025, 4:15 p.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net.sourceforge.pmd are not compromised and the signatures are valid. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T19:34:28.000000Z"}, {"uuid": "d1526b69-cfb7-4c38-8a42-795160940db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23210", "type": "seen", "source": "https://t.me/cvedetector/17123", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23210 - \"PhpSpreadsheet XSS Protocol Bypass\"\", \n  \"Content\": \"CVE ID : CVE-2025-23210 \nPublished : Feb. 3, 2025, 10:15 p.m. | 23\u00a0minutes ago \nDescription : phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T23:40:45.000000Z"}, {"uuid": "5e98c60f-5e30-4639-b7f3-9fae30ff6ca8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23214", "type": "seen", "source": "https://t.me/cvedetector/15900", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23214 - Cosmos Authentication Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-23214 \nPublished : Jan. 20, 2025, 6:15 p.m. | 41\u00a0minutes ago \nDescription : Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-20T20:03:40.000000Z"}, {"uuid": "93960369-c9f9-48d0-9d3b-b9044e1cdf9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23219", "type": "seen", "source": "https://t.me/cvedetector/15893", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23219 - WeGIA SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-23219 \nPublished : Jan. 20, 2025, 4:15 p.m. | 43\u00a0minutes ago \nDescription : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-20T18:23:17.000000Z"}, {"uuid": "9dae2177-0358-457c-9a9d-ddc8f0bc71d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "seen", "source": "https://t.me/cvedetector/15892", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23218 - WeGIA SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23218 \nPublished : Jan. 20, 2025, 4:15 p.m. | 43\u00a0minutes ago \nDescription : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-20T18:23:16.000000Z"}, {"uuid": "e4493d97-9d90-4b1a-accb-96c2da17baf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "seen", "source": "Telegram/ycJJ40upQQHFCPrjQqS1KyUsWYsMMwSiWg8vSySp2rDnsb9e", "content": "", "creation_timestamp": "2025-02-18T21:38:56.000000Z"}, {"uuid": "c864082d-1942-4247-a1b4-fe8f0f1ffa7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23217", "type": "seen", "source": "https://bsky.app/profile/hi.ls/post/3lhhwyw4vzs2d", "content": "", "creation_timestamp": "2025-02-06T01:34:24.798280Z"}, {"uuid": "33bbee49-ef74-4cdc-89c7-f8efb28ca260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23210", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhckygfz4w2n", "content": "", "creation_timestamp": "2025-02-03T22:16:01.724304Z"}, {"uuid": "19d061ad-0a33-426b-8a54-934050eab5b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23215", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh2fipn4fl2n", "content": "", "creation_timestamp": "2025-01-31T16:16:27.710564Z"}, {"uuid": "ab5f6772-6d2c-4e70-839a-0dcb1443a483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23210", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhcxycvdfp2g", "content": "", "creation_timestamp": "2025-02-04T02:08:41.781900Z"}, {"uuid": "b2bbee9a-965f-4a5c-a973-835682f7bafa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23217", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhjoz5k4rh2v", "content": "", "creation_timestamp": "2025-02-06T18:16:39.138631Z"}, {"uuid": "5b5eb856-c8ae-4aa0-ae00-de7c13c3968b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsu4525zy2t", "content": "", "creation_timestamp": "2025-01-28T16:16:34.076615Z"}, {"uuid": "3b8afdc1-d87d-4d16-8449-727decdf3142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23212", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsu4atqny2t", "content": "", "creation_timestamp": "2025-01-28T16:16:37.841810Z"}, {"uuid": "6fa97789-abeb-45d4-a6a8-1da9a83dc57a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23213", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsu4dhcoy2c", "content": "", "creation_timestamp": "2025-01-28T16:16:40.696259Z"}, {"uuid": "9e85a9bd-69ba-45d4-b0d1-f0f4c3472835", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23213", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:02.000000Z"}, {"uuid": "8b6488ff-9951-4e76-9c07-c4ed9aba79f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23212", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:02.000000Z"}, {"uuid": "c376f10c-037a-4c4a-9ef7-c316a778ba38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23219", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2364", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23219\n\ud83d\udd39 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.\n\ud83d\udccf Published: 2025-01-20T15:47:39.681Z\n\ud83d\udccf Modified: 2025-01-20T15:47:39.681Z\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h2mg-4c7q-w69v\n2. https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e", "creation_timestamp": "2025-01-20T16:01:43.000000Z"}, {"uuid": "687aa19b-9870-4b34-8405-bb8bf72b1a41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2365", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23218\n\ud83d\udd39 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.\n\ud83d\udccf Published: 2025-01-20T15:45:52.680Z\n\ud83d\udccf Modified: 2025-01-20T15:45:52.680Z\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xhv4-88gx-hvgh\n2. https://github.com/LabRedesCefetRJ/WeGIA/commit/7465f785651c0cff65059bba96b015ab54235de4", "creation_timestamp": "2025-01-20T16:01:44.000000Z"}, {"uuid": "57d06ed8-5428-458c-a7d0-39dcfd394732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23217", "type": "published-proof-of-concept", "source": "Telegram/wjbFsyzpQP11Ml-lHL7H7iubcZXwVaQmfBZteKGvee5xE4c", "content": "", "creation_timestamp": "2025-02-06T19:00:35.000000Z"}, {"uuid": "5dda5f30-5e1d-4fc7-893f-8c8963beef6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23213", "type": "published-proof-of-concept", "source": "Telegram/VQDyMSiZHY5xvEKb4oih99dlPq4vD6lnAW-AaTy3B_GN-vo", "content": "", "creation_timestamp": "2025-01-28T17:02:25.000000Z"}, {"uuid": "ab7f0389-4b04-44cd-8196-4aeae49eb98f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23212", "type": "published-proof-of-concept", "source": "Telegram/VQDyMSiZHY5xvEKb4oih99dlPq4vD6lnAW-AaTy3B_GN-vo", "content": "", "creation_timestamp": "2025-01-28T17:02:25.000000Z"}, {"uuid": "55eb29a4-2bb5-4e52-832e-04ab0a99e793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "published-proof-of-concept", "source": "Telegram/VQDyMSiZHY5xvEKb4oih99dlPq4vD6lnAW-AaTy3B_GN-vo", "content": "", "creation_timestamp": "2025-01-28T17:02:25.000000Z"}, {"uuid": "5e7e7edb-ce14-430b-ba75-101e0c1e50fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23213", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113907475919636948", "content": "", "creation_timestamp": "2025-01-28T18:49:14.504456Z"}, {"uuid": "db5fc9a2-9311-4e29-97fe-0895c049e0b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113907475819949386", "content": "", "creation_timestamp": "2025-01-28T18:49:16.548674Z"}, {"uuid": "bee50210-8037-4581-bc1d-17f4665f9155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113867128534299416", "content": "", "creation_timestamp": "2025-01-21T15:48:17.707761Z"}, {"uuid": "581bed02-a507-4c81-9be2-3d907b56ac1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23219", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113867128581650447", "content": "", "creation_timestamp": "2025-01-21T15:48:17.870201Z"}, {"uuid": "53f08bbb-2f76-428b-bca6-140f47b7a892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23219", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lgb7cylnhg2z", "content": "", "creation_timestamp": "2025-01-21T15:49:19.906784Z"}, {"uuid": "9e0f6511-786a-474b-a219-e46690af4e90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgt5riycrh2e", "content": "", "creation_timestamp": "2025-01-28T19:09:34.749532Z"}, {"uuid": "92fd69a3-fdaa-433a-8d8f-663787479275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lgv6puy7uk2w", "content": "", "creation_timestamp": "2025-01-29T14:31:53.556326Z"}, {"uuid": "482525a3-1566-4bc2-a4ba-cb9333d0a239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23217", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113958223039348997", "content": "", "creation_timestamp": "2025-02-06T17:54:47.783271Z"}, {"uuid": "2c9581a4-889c-4903-9f59-5c3345560939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2321", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkgfmsfqlg2x", "content": "", "creation_timestamp": "2025-03-15T15:06:16.685431Z"}, {"uuid": "ba155695-6693-47e0-863f-e2245c444786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23210", "type": "seen", "source": "Telegram/WmoiE54GMsGxnaKNDo0I1auR9Rxf5NSOeqX8berkqvLETMH0", "content": "", "creation_timestamp": "2025-02-06T02:40:20.000000Z"}, {"uuid": "a85d92f7-e43c-4b09-9ac3-f4cc3dc38e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23216", "type": "seen", "source": "https://t.me/cvedetector/16795", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23216 - Argo CD Secret Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23216 \nPublished : Jan. 30, 2025, 4:15 p.m. | 48\u00a0minutes ago \nDescription : Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T18:26:59.000000Z"}, {"uuid": "c960d59b-f0a1-46c3-8824-797aa8b2affe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23213", "type": "seen", "source": "https://t.me/cvedetector/16609", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23213 - Tandoor Recipes Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-23213 \nPublished : Jan. 28, 2025, 4:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T18:47:18.000000Z"}, {"uuid": "62339f12-76c3-4778-806e-4ac81cb4988b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23212", "type": "seen", "source": "https://t.me/cvedetector/16608", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23212 - Tandoor Recipes File Server Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-23212 \nPublished : Jan. 28, 2025, 4:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T18:47:18.000000Z"}, {"uuid": "e4c973b3-b85f-4ff1-a585-e79b986afa24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/53524", "content": "CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution\nhttps://www.offsec.com/blog/cve-2025-23211/\n\nA criticial SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise. \nThe post CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution (https://www.offsec.com/blog/cve-2025-23211/) appeared first on OffSec (https://www.offsec.com/).", "creation_timestamp": "2025-05-08T21:17:38.000000Z"}, {"uuid": "f4e37de9-36f5-42ba-bfcc-758980280420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861471488726196", "content": "", "creation_timestamp": "2025-01-20T15:49:36.417525Z"}, {"uuid": "ccfb2340-4096-43e4-a95c-9d944d6382c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23219", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861471504281674", "content": "", "creation_timestamp": "2025-01-20T15:49:36.589046Z"}, {"uuid": "b734f8a9-68b6-4bf2-a9ed-5021d196ecaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lg6qdqbt3j2n", "content": "", "creation_timestamp": "2025-01-20T16:15:59.519052Z"}, {"uuid": "995f86ad-5a14-45ff-bc37-8673684886d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23219", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lg6qdtjwq72c", "content": "", "creation_timestamp": "2025-01-20T16:16:02.538758Z"}, {"uuid": "da531768-03f8-481f-bb7a-82b05e212d20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23218", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lg6sigyoal2k", "content": "", "creation_timestamp": "2025-01-20T16:54:27.896429Z"}, {"uuid": "b1e4266c-7170-4d2c-a956-5fc87e60058e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23219", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lg6sih45wi2i", "content": "", "creation_timestamp": "2025-01-20T16:54:28.454134Z"}, {"uuid": "9fb8df7f-b0cf-43c3-9682-967fca7fddd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23214", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113862035227378788", "content": "", "creation_timestamp": "2025-01-20T18:12:58.227337Z"}, {"uuid": "8e2821d1-88c9-4c75-b591-46c5452a4206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23214", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lg6wznadlb2j", "content": "", "creation_timestamp": "2025-01-20T18:15:36.614673Z"}, {"uuid": "39d29555-2175-4e4d-8e60-db85482958be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23214", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lg72cywhk42i", "content": "", "creation_timestamp": "2025-01-20T19:14:33.054786Z"}, {"uuid": "4c6ea087-b53e-47b6-8143-4cfc256d1ab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23216", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxuyyn6gw2f", "content": "", "creation_timestamp": "2025-01-30T16:16:01.005693Z"}, {"uuid": "0c125064-5252-4248-9899-8999d9484dff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23210", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113942059711678817", "content": "", "creation_timestamp": "2025-02-03T21:24:14.951218Z"}, {"uuid": "a33e2ab2-da78-40b4-8cd0-ca4488baf9dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23215", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh2qmgmwcg2h", "content": "", "creation_timestamp": "2025-01-31T19:35:26.374193Z"}, {"uuid": "07fe3c47-86f9-4530-b110-02a550dd3031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23217", "type": "seen", "source": "https://t.me/cvedetector/17398", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23217 - Mitmweb SSRF Proxy Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23217 \nPublished : Feb. 6, 2025, 6:15 p.m. | 25\u00a0minutes ago \nDescription : mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T20:14:50.000000Z"}, {"uuid": "0eb6b138-f0e9-413c-955f-54afd06f4d1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2321", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7681", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2321\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-15T12:00:10.514Z\n\ud83d\udccf Modified: 2025-03-15T12:00:10.514Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299750\n2. https://vuldb.com/?ctiid.299750\n3. https://vuldb.com/?submit.505690\n4. https://www.cnblogs.com/aibot/p/18732250", "creation_timestamp": "2025-03-15T12:44:38.000000Z"}, {"uuid": "01772b21-e852-4480-869a-f67745a19f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23215", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10563", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23215\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear)\n\ud83d\udd39 Description: PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered potentially compromised. As a mitigation, both compromised keys have been revoked so that no future use of the keys are possible. Note, that the published artifacts in Maven Central under the group id net.sourceforge.pmd are not compromised and the signatures are valid.\n\ud83d\udccf Published: 2025-01-31T15:25:53.026Z\n\ud83d\udccf Modified: 2025-04-04T21:08:48.961Z\n\ud83d\udd17 References:\n1. https://github.com/pmd/pmd/security/advisories/GHSA-88m4-h43f-wx84\n2. https://github.com/pmd/pmd-designer/commit/1548f5f27ba2981b890827fecbd0612fa70a0362\n3. https://github.com/pmd/pmd-designer/commit/e87a45312753ec46b3e5576c6f6ac1f7de2f5891", "creation_timestamp": "2025-04-04T21:36:15.000000Z"}, {"uuid": "b65b6f75-3d20-4451-84bd-83f0f87e4d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23210", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/50333", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPOC for the vuln CVE-2025-23210\nURL\uff1ahttps://github.com/s0ck37/CVE-2025-23210-POC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-09-05T06:01:23.000000Z"}, {"uuid": "d94104c3-e49e-4d19-8daa-c2f7dca212fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23211", "type": "seen", "source": "https://t.me/cvedetector/16612", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23211 - Tandoor Recipes Jinja2 SSTI Remote Command Execution\", \n  \"Content\": \"CVE ID : CVE-2025-23211 \nPublished : Jan. 28, 2025, 4:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T18:47:24.000000Z"}]}