{"vulnerability": "CVE-2025-2715", "sightings": [{"uuid": "aa680053-f071-42a4-9318-845eaf537a39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27158", "type": "seen", "source": "https://t.me/itsec_news/5496", "content": "\u200b\u26a1\ufe0f\u041c\u0443\u0437\u044b\u043a\u0430 \u0432\u0437\u043b\u043e\u043c\u0430 \u0438 \u0442\u0435\u043a\u0441\u0442\u044b \u043e\u0431\u043c\u0430\u043d\u0430: FLAC \u0438 PDF \u043f\u043e\u043f\u043e\u043b\u043d\u0438\u043b\u0438 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 Cisco Talos \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Miniaudio \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Adobe Acrobat Reader. \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0438 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c TALOS-2024-2063 ( CVE-2024-41147 ) \u0432 Miniaudio \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u043c Cisco Talos \u042d\u043c\u043c\u0430\u043d\u0443\u044d\u043b\u0435\u043c \u0422\u0430\u0448\u043e. \u041e\u0448\u0438\u0431\u043a\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u044b\u0434\u0435\u043b\u044f\u0435\u043c\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u043e\u0431\u043b\u0430\u0441\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u042d\u0442\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u043f\u0440\u043e\u0432\u043e\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u0435\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e FLAC-\u0444\u0430\u0439\u043b\u0430, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e Miniaudio \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0437\u0432\u0443\u043a\u0430 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 C, \u043f\u043e\u0434\u043e\u0431\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0435\u0451.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0434\u0440\u0443\u0433\u043e\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Cisco Talos, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u043f\u043e\u0434 \u043f\u0441\u0435\u0432\u0434\u043e\u043d\u0438\u043c\u043e\u043c KPC, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0441\u0440\u0430\u0437\u0443 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Adobe Acrobat Reader. TALOS-2025-2134 ( CVE-2025-27163 ) \u0438 TALOS-2025-2136 ( CVE-2025-27164 ) \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0447\u0442\u0435\u043d\u0438\u044f \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u0435 \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0448\u0440\u0438\u0444\u0442\u043e\u0432. \u0418\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\nTALOS-2025-2135 ( CVE-2025-27158 ) \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u041e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430. \u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 PDF-\u0444\u0430\u0439\u043b, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0448\u0440\u0438\u0444\u0442.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Miniaudio \u0438 Adobe \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0412\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u0430\u0442\u0430\u043a. \u0414\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Cisco Talos \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 Snort.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-03-15T14:46:26.000000Z"}, {"uuid": "e4e6cc64-ad5a-4dab-8755-6f24e60acfe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "published-proof-of-concept", "source": "Telegram/t2mOu0CqYZ5qLLxESiGoH_sUvRUlHAHlqkD_UKh-Uep6sL0", "content": "", "creation_timestamp": "2025-06-07T03:00:07.000000Z"}, {"uuid": "07a5058e-1b7e-442d-9806-d7927e81a88f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2715", "type": "seen", "source": "https://t.me/cvedetector/21024", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2715 - timschofield webERP Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2715 \nPublished : March 24, 2025, 11:15 p.m. | 2\u00a0hours, 15\u00a0minutes ago \nDescription : A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T02:46:15.000000Z"}, {"uuid": "0f7ac260-7072-443c-85d8-7f062068cf3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-27152", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lk3kao2sm227", "content": "", "creation_timestamp": "2025-03-11T07:29:41.542457Z"}, {"uuid": "fe33b59f-e239-4794-a88c-d14f2bfa0932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27158", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lk6mfp5lp227", "content": "", "creation_timestamp": "2025-03-12T12:46:17.321887Z"}, {"uuid": "9fa085c3-14d9-4346-91df-cd9c945d37b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27154", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ljhpje5kwt2u", "content": "", "creation_timestamp": "2025-03-03T10:10:46.706302Z"}, {"uuid": "57f3cd56-7614-4b6b-be0f-3c7a552fa31f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27154", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lkllaqz3bu2t", "content": "", "creation_timestamp": "2025-03-17T16:30:15.206095Z"}, {"uuid": "fa74b080-f5c8-4f1e-a46b-fcb6789fc9cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27158", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lk6pmd3g2s2y", "content": "", "creation_timestamp": "2025-03-12T13:43:42.409423Z"}, {"uuid": "2d495a0e-225b-433b-ac71-8bde394cd756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2715", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lk6pmd3g2s2y", "content": "", "creation_timestamp": "2025-03-12T13:43:42.476791Z"}, {"uuid": "3ebb8ac7-b1ef-4c95-ba30-9e4bb416e7e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3llwgjl564x2y", "content": "", "creation_timestamp": "2025-04-03T17:30:11.044965Z"}, {"uuid": "8400863c-7522-44fb-afda-60aabc915f7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3llxdpwjlkr2n", "content": "", "creation_timestamp": "2025-04-04T02:12:41.518634Z"}, {"uuid": "b2bc25ef-fb3a-4c07-9b21-b84cd0f012b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27151", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqcnq6khbo2k", "content": "", "creation_timestamp": "2025-05-29T11:51:51.035554Z"}, {"uuid": "d98cb7ba-12e7-44b5-9076-faed79230f1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27151", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lrnjyzps3k2f", "content": "", "creation_timestamp": "2025-06-15T13:09:41.701742Z"}, {"uuid": "6ccca6c7-2ba5-4a0f-a770-1b0ed9ece31f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27151", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lrnmygxmyn2s", "content": "", "creation_timestamp": "2025-06-15T14:03:04.689591Z"}, {"uuid": "a6038b86-4d04-460a-97e3-a803535f50e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27151", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3ltexanaygc2q", "content": "", "creation_timestamp": "2025-07-07T14:03:03.802913Z"}, {"uuid": "b982c4c5-28e2-4091-9273-9ce74b07de96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27150", "type": "seen", "source": "MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7", "content": "", "creation_timestamp": "2025-08-18T18:31:00.000000Z"}, {"uuid": "11ee7f37-3fba-47c0-b2ed-31c38356b351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27156", "type": "seen", "source": "https://t.me/cvedetector/19534", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27156 - Tuleap HTML Email Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27156 \nPublished : March 4, 2025, 5:15 p.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T20:01:50.000000Z"}, {"uuid": "9cf05662-dea5-4dd1-b4d2-5216b48824ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27155", "type": "seen", "source": "https://t.me/cvedetector/19533", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27155 - Pinecone Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27155 \nPublished : March 4, 2025, 5:15 p.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconesim. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T20:01:49.000000Z"}, {"uuid": "4e7a4fe4-30a7-4717-a46e-16cecf76d4d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27150", "type": "seen", "source": "https://t.me/cvedetector/19532", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27150 - Tuleap Redis Password Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-27150 \nPublished : March 4, 2025, 5:15 p.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to this password. The vulnerability is fixed in Tuleap Community Edition 16.4.99.1740492866 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T20:01:49.000000Z"}, {"uuid": "be7d9e31-ab94-4ab1-a3cd-8edd15f1af21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/27242", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aDemonstration of CVE-2025-27152\nURL\uff1ahttps://github.com/andreglock/axios-ssrf\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-30T08:39:20.000000Z"}, {"uuid": "62d7cae8-9252-4035-ac08-1828cc3b4cdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27156", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6392", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27156\n\ud83d\udd25 CVSS Score: 4.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.\n\ud83d\udccf Published: 2025-03-04T16:53:49.741Z\n\ud83d\udccf Modified: 2025-03-04T17:22:15.113Z\n\ud83d\udd17 References:\n1. https://github.com/Enalean/tuleap/security/advisories/GHSA-x2v2-xr59-c9cf\n2. https://github.com/Enalean/tuleap/commit/a0bc657297b405debce1f5bcbbb30c733f3f09bd\n3. https://tuleap.net/plugins/tracker/?aid=42177", "creation_timestamp": "2025-03-04T17:34:03.000000Z"}, {"uuid": "57267cc2-ce5a-4cf1-ab27-0536532f5be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27153", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20085", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27153\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.\n\ud83d\udccf Published: 2025-07-01T18:27:50.677Z\n\ud83d\udccf Modified: 2025-07-01T19:35:43.790Z\n\ud83d\udd17 References:\n1. https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9\n2. https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11", "creation_timestamp": "2025-07-01T20:09:46.000000Z"}, {"uuid": "3f4e30df-5744-44d8-9de6-3776a0c14ea9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3lk5cpdjizk2y", "content": "", "creation_timestamp": "2025-03-12T00:20:03.225802Z"}, {"uuid": "ff64200f-d5f5-4999-b3da-165c7fe6f6a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27157", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114077225711677534", "content": "", "creation_timestamp": "2025-02-27T18:18:44.617425Z"}, {"uuid": "179f45ff-c628-4acb-8839-4274c0b3fb8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27157", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5720", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27157\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on `/auth/setup`. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 and 4.3.4 fix the issue.\n\ud83d\udccf Published: 2025-02-27T17:12:39.043Z\n\ud83d\udccf Modified: 2025-02-27T17:12:39.043Z\n\ud83d\udd17 References:\n1. https://github.com/mastodon/mastodon/security/advisories/GHSA-v39f-c9jj-8w7h\n2. https://github.com/mastodon/mastodon/commit/06f879ce9bea195344ac9f71e6799eea500628ec", "creation_timestamp": "2025-02-27T17:25:14.000000Z"}, {"uuid": "5a32b0c8-6e92-4ff5-9e4c-d3111f3570ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27158", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7269", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27158\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\ud83d\udccf Published: 2025-03-11T18:10:15.676Z\n\ud83d\udccf Modified: 2025-03-12T04:01:25.096Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/acrobat/apsb25-14.html", "creation_timestamp": "2025-03-12T04:42:56.000000Z"}, {"uuid": "7fa04ecb-6bfb-4246-8880-6821d7f78666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/39523", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aAxios CVE-2025-27152 PoC\nURL\uff1ahttps://github.com/davidblakecoe/axios-CVE-2025-27152-PoC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-06T21:24:39.000000Z"}, {"uuid": "efb2d838-7cdd-4b56-97d1-3a6bf95e5379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27159", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7275", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27159\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\ud83d\udccf Published: 2025-03-11T18:10:10.399Z\n\ud83d\udccf Modified: 2025-03-12T04:01:12.931Z\n\ud83d\udd17 References:\n1. https://helpx.adobe.com/security/products/acrobat/apsb25-14.html", "creation_timestamp": "2025-03-12T04:43:03.000000Z"}, {"uuid": "6850f6dc-a8a4-4cb3-a09c-9dc58525714e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "Telegram/TAnS5-0xeCyuh1s6B64uNQalBNBPo6r9_SpP-zjLThswhZUC", "content": "", "creation_timestamp": "2025-03-08T04:35:51.000000Z"}, {"uuid": "872d3029-d22f-4716-a7f3-a456e826c625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "Telegram/uSFG0tkddRv8u_t28dz7WXn7-H4ex8B2FDIB0RbG1xO7MaAq", "content": "", "creation_timestamp": "2025-03-08T04:35:53.000000Z"}, {"uuid": "1ae70c83-bb23-466d-8034-baf32a244acb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "published-proof-of-concept", "source": "Telegram/qtf5UlSjl8ansax6HEFOWjNwUYd29vo_Y6ok0vpVyjxeaHc", "content": "", "creation_timestamp": "2025-03-30T17:00:07.000000Z"}, {"uuid": "f09aed96-62a9-4c19-bfa4-c0a518a724a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "Telegram/GvPZHyEbeVxrI-_IlIz9tH0tmbQ0NIgaQyLb0r6ME-4MX0o", "content": "", "creation_timestamp": "2025-03-07T17:01:02.000000Z"}, {"uuid": "d2a8bf97-b5ee-4a8e-84e5-6136d5af3946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27154", "type": "published-proof-of-concept", "source": "Telegram/18aGabcqT47rhbAtmBCfjbslvF7WShvEcg6GVkQNwRNaIHA", "content": "", "creation_timestamp": "2025-02-27T15:30:14.000000Z"}, {"uuid": "f3ce0931-18cf-4217-94d9-65f6f0c7ea34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27159", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-132/", "content": "", "creation_timestamp": "2025-03-13T04:00:00.000000Z"}, {"uuid": "a871e3f0-43f0-4726-8ebc-11e26cde6581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lk34kmsxgc2y", "content": "", "creation_timestamp": "2025-03-11T03:24:45.761548Z"}, {"uuid": "c98dfca1-7e96-4c6f-a395-6db196f57e20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://bsky.app/profile/sushicomabacate.com/post/3lk445uagcc25", "content": "", "creation_timestamp": "2025-03-11T12:50:19.431883Z"}, {"uuid": "a36dc869-d288-4f3c-beae-75e0fe4954a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-271561", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-149/", "content": "", "creation_timestamp": "2025-03-18T04:00:00.000000Z"}, {"uuid": "018dfcfe-74f3-4bd5-bdcf-c9610535b747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-27154", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3ljha22fzp22y", "content": "", "creation_timestamp": "2025-03-03T05:33:47.188266Z"}, {"uuid": "658b1a60-cfb7-43ac-9f9e-610d0689f2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27155", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljlf3zcvlo2f", "content": "", "creation_timestamp": "2025-03-04T21:15:03.586489Z"}, {"uuid": "006a426f-d29c-4efc-a5ec-4782b6b9c3ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27154", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3ljhl73lbuc23", "content": "", "creation_timestamp": "2025-03-03T08:53:29.876543Z"}, {"uuid": "69a113c2-df48-4853-823d-78b488bd75ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27158", "type": "seen", "source": "https://infosec.place/objects/e904452e-f676-4343-8b59-5e4dcb8c51b9", "content": "", "creation_timestamp": "2025-03-12T12:30:11.477363Z"}, {"uuid": "73d7c3f0-0dae-4404-af15-0d0fc74de23f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27151", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqchwxanfuv2", "content": "", "creation_timestamp": "2025-05-29T10:08:28.903935Z"}, {"uuid": "73adbfbc-824b-4cfc-ad44-d6d7dfe2dae2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "ab00e96c-a1f3-4604-a918-9ffe0c90aca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27157", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:22.000000Z"}, {"uuid": "d49fc923-fe31-4596-a5c4-d6aaf0c3f8f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "8f36523a-7ade-4283-a43d-b1e8788516cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mj36pji3jc2f", "content": "", "creation_timestamp": "2026-04-09T16:04:15.265934Z"}, {"uuid": "d8807362-7591-4b94-ab49-d02cabe99e02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "seen", "source": "https://t.me/cvedetector/19834", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27152 - Axios SSRF and Credential Leakage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27152 \nPublished : March 7, 2025, 4:15 p.m. | 58\u00a0minutes ago \nDescription : axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T18:17:23.000000Z"}, {"uuid": "7348c862-65da-4aa8-808a-800f322c11dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27157", "type": "seen", "source": "https://t.me/cvedetector/19050", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27157 - Mastodon Email Address Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27157 \nPublished : Feb. 27, 2025, 5:15 p.m. | 17\u00a0minutes ago \nDescription : Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on `/auth/setup`. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 and 4.3.4 fix the issue. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T19:15:38.000000Z"}, {"uuid": "de91f0d1-6d5f-498f-8fec-132b615474c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27154", "type": "seen", "source": "https://t.me/cvedetector/19039", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27154 - Spotify Cache File Permission Weakness\", \n  \"Content\": \"CVE ID : CVE-2025-27154 \nPublished : Feb. 27, 2025, 2:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T16:45:04.000000Z"}, {"uuid": "fb4cd201-0624-4316-8b43-4f700448a5da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27150", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6409", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27150\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to this password. The vulnerability is fixed in Tuleap Community Edition 16.4.99.1740492866 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.\n\ud83d\udccf Published: 2025-03-04T16:48:43.226Z\n\ud83d\udccf Modified: 2025-03-04T18:52:59.756Z\n\ud83d\udd17 References:\n1. https://github.com/Enalean/tuleap/security/advisories/GHSA-jc5r-684x-j46q\n2. https://github.com/Enalean/tuleap/commit/a6702622a8db969a17522b8fac0774afdb1c916f\n3. https://tuleap.net/plugins/tracker/?aid=41870", "creation_timestamp": "2025-03-04T19:33:55.000000Z"}, {"uuid": "6e37dd08-4061-4fa8-a128-f34bc1f841c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27152", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6839", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27152\n\ud83d\udd25 CVSS Score: 7.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\n\ud83d\udccf Published: 2025-03-07T15:13:15.155Z\n\ud83d\udccf Modified: 2025-03-07T15:13:15.155Z\n\ud83d\udd17 References:\n1. https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\n2. https://github.com/axios/axios/issues/6463", "creation_timestamp": "2025-03-07T15:35:16.000000Z"}, {"uuid": "b2d7a9dd-ecbd-4474-b904-d67ff0b59534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2715", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8568", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2715\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-24T22:31:04.189Z\n\ud83d\udccf Modified: 2025-03-24T22:31:04.189Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300735\n2. https://vuldb.com/?ctiid.300735\n3. https://vuldb.com/?submit.519791\n4. https://github.com/janssensjelle/published-pocs/blob/main/weberp-xss-confirm-dispatch.md", "creation_timestamp": "2025-03-24T23:23:28.000000Z"}]}