{"vulnerability": "cve-2025-2710", "sightings": [{"uuid": "361a25fa-52b8-426b-8495-0c8a17fa611c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27101", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7246", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27101\n\ud83d\udd25 CVSS Score: 7.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Opal is OBiBa\u2019s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal filesystem. This also means that low-privilege users such as DataShield users can retrieve the files of other users. Version 5.1.1 contains a patch for the issue.\n\ud83d\udccf Published: 2025-03-11T21:32:48.746Z\n\ud83d\udccf Modified: 2025-03-11T21:32:48.746Z\n\ud83d\udd17 References:\n1. https://github.com/obiba/opal/security/advisories/GHSA-rxmx-gqjj-vhv8\n2. https://github.com/obiba/opal/commit/fca7dc9c8348064741b2e8b2c31b66660a935743", "creation_timestamp": "2025-03-11T21:39:49.000000Z"}, {"uuid": "ee999f5a-585b-466e-bdbd-ed764ffed32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27102", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27102\n\ud83d\udd25 CVSS Score: 5.4 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P)\n\ud83d\udd39 Description: Agate is central authentication server software for OBiBa epidemiology applications. Prior to version 3.3.0, when registering for an Agate account, arbitrary HTML code can be injected into a user's first and last name. This HTML is then rendered in the email sent to administrative users. The Agate service account sends this email and appears trustworthy, making this a significant risk for phishing attacks. Administrative users are impacted, as they can be targeted by unauthenticated users. Version 3.3.0 fixes the issue.\n\ud83d\udccf Published: 2025-03-17T13:11:53.696Z\n\ud83d\udccf Modified: 2025-03-17T13:31:23.176Z\n\ud83d\udd17 References:\n1. https://github.com/obiba/agate/security/advisories/GHSA-v3wj-7vj5-xj5v\n2. https://github.com/obiba/agate/releases/tag/3.3.0", "creation_timestamp": "2025-03-17T13:46:59.000000Z"}, {"uuid": "a275cd67-7294-4179-b17c-4be98ffda21e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27103", "type": "seen", "source": "https://t.me/cvedetector/20246", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27103 - DataEase File Deserialization Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-27103 \nPublished : March 13, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T19:48:26.000000Z"}, {"uuid": "f6342438-edd3-4b81-b035-2fa51821bca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2710", "type": "seen", "source": "https://t.me/cvedetector/21009", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2710 - Yonyou UFIDA ERP-NC Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2710 \nPublished : March 24, 2025, 9:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T01:05:44.000000Z"}, {"uuid": "5fae13e5-3e43-4cc4-8895-01385ef67dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2710", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lu6tdmfcdk2h", "content": "", "creation_timestamp": "2025-07-17T21:02:31.683400Z"}, {"uuid": "00903b55-8572-4e1c-a9d4-2e847efb5bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27105", "type": "seen", "source": "https://t.me/cvedetector/18696", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27105 - Vyper Smart Contract Language DynArray AugAssign Out-of-Bounds Write\", \n  \"Content\": \"CVE ID : CVE-2025-27105 \nPublished : Feb. 21, 2025, 10:15 p.m. | 33\u00a0minutes ago \nDescription : vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:34.000000Z"}, {"uuid": "21a3496e-1a6c-44d4-824e-57bbbdcaf59f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27100", "type": "seen", "source": "https://t.me/cvedetector/18621", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27100 - LakeFS Server Memory Exhaustion Denial-of-Service\", \n  \"Content\": \"CVE ID : CVE-2025-27100 \nPublished : Feb. 21, 2025, 12:15 a.m. | 1\u00a0hour, 29\u00a0minutes ago \nDescription : lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory.  This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versions 1.49.1 and below are affected. Users are advised to upgrade. Users unable to upgrade should either set the environment variable `LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART` to `true` or configure the `disable_pre_signed_multipart` key to true in their config yaml. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T03:04:08.000000Z"}, {"uuid": "a4ee1b2d-3d2d-48ac-acbc-e089f157d640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27100", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4840", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27100\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory.  This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versions 1.49.1 and below are affected. Users are advised to upgrade. Users unable to upgrade should either set the environment variable `LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART` to `true` or configure the `disable_pre_signed_multipart` key to true in their config yaml.\n\ud83d\udccf Published: 2025-02-21T00:03:01.411Z\n\ud83d\udccf Modified: 2025-02-21T00:03:01.411Z\n\ud83d\udd17 References:\n1. https://github.com/treeverse/lakeFS/security/advisories/GHSA-j7jw-28jm-whr6\n2. https://github.com/treeverse/lakeFS/commit/3a625752acdf3f8e137bec20451e71d0f9fa82f2", "creation_timestamp": "2025-02-21T00:17:47.000000Z"}, {"uuid": "24993d42-4e67-4834-ba33-1debf2ff1a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27104", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4998", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27104\n\ud83d\udd25 CVSS Score: 2.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-02-21T21:32:24.621Z\n\ud83d\udccf Modified: 2025-02-21T21:32:24.621Z\n\ud83d\udd17 References:\n1. https://github.com/vyperlang/vyper/security/advisories/GHSA-h33q-mhmp-8p67\n2. https://github.com/vyperlang/vyper/pull/4488", "creation_timestamp": "2025-02-21T22:18:56.000000Z"}, {"uuid": "66fc7881-db6e-41ae-afcc-1e239fd12e83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27106", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5043", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27106\n\ud83d\udd25 CVSS Score: 7.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Authenticated users of binance-trading-bot can achieve Remote Code Execution on the host system due to a command injection vulnerability in the `/restore` endpoint. The restore endpoint of binance-trading-bot is vulnerable to command injection via the `/restore` endpoint. The name of the uploaded file is passed to shell.exec without sanitization other than path normalization, resulting in Remote Code Execution. This may allow any authorized user to execute code in the context of the host machine. This issue has been addressed in version 0.0.100 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-02-21T21:18:18.284Z\n\ud83d\udccf Modified: 2025-02-22T15:40:06.071Z\n\ud83d\udd17 References:\n1. https://github.com/chrisleekr/binance-trading-bot/security/advisories/GHSA-wq6j-4388-4gg5\n2. https://github.com/chrisleekr/binance-trading-bot/commit/99d464cf8ef858d441189993054ec5f5f86e6213\n3. https://github.com/chrisleekr/binance-trading-bot/blob/dd8e1a91b872a48aec47bbe1280c1c6ea96784d9/app/frontend/webserver/handlers/restore-post.js#L14", "creation_timestamp": "2025-02-22T16:25:15.000000Z"}, {"uuid": "58a2e2c4-2e12-47e5-b352-239c885de435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27109", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5179", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27109\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-02-21T21:12:58.218Z\n\ud83d\udccf Modified: 2025-02-24T17:05:00.409Z\n\ud83d\udd17 References:\n1. https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6\n2. https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236", "creation_timestamp": "2025-02-24T17:21:42.000000Z"}, {"uuid": "506ff469-3a37-45a7-9132-240774c92b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27107", "type": "seen", "source": "https://t.me/cvedetector/20237", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27107 - Minecraft Integrated Scripting Java Reflection Sandbox Escape\", \n  \"Content\": \"CVE ID : CVE-2025-27107 \nPublished : March 13, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods.  \nThis vulnerability allows for execution of arbitrary Java methods, and by extension arbitrary native code e.g. from `java.lang.Runtime.exec`, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card. Versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 fix the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T19:48:13.000000Z"}, {"uuid": "95421220-3c3f-458d-b94e-f69a33c83ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27104", "type": "seen", "source": "https://t.me/cvedetector/18695", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27104 - Vyper Smart Contract Iterator Side-Effect Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27104 \nPublished : Feb. 21, 2025, 10:15 p.m. | 33\u00a0minutes ago \nDescription : vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:31.000000Z"}, {"uuid": "8a415b6c-44dc-420c-919a-6f4621b8891e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27108", "type": "seen", "source": "https://t.me/cvedetector/18692", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27108 - Solid-Meta DOM-Expressions XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27108 \nPublished : Feb. 21, 2025, 10:15 p.m. | 33\u00a0minutes ago \nDescription : dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's `.replace()` opens up to potential Cross-site Scripting (XSS) vulnerabilities with the special replacement patterns beginning with `$`. Particularly, when the attributes of `Meta` tag from solid-meta are user-defined, attackers can utilise the special replacement patterns, either `$'` or `$\\`` to achieve XSS. The solid-meta package has this issue since it uses `useAffect` and context providers, which injects the used assets in the html header. \"dom-expressions\" uses `.replace()` to insert the assets, which is vulnerable to the special replacement patterns listed above.  This effectively means that if the attributes of an asset tag contained user-controlled data, it would be vulnerable to XSS. For instance, there might be meta tags for the open graph protocol in a user profile page, but if attackers set the user query to some payload abusing `.replace()`, then they could execute arbitrary javascript in the victim's web browser. Moreover, it could be stored and cause more problems. This issue has been addressed in version 0.39.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:29.000000Z"}, {"uuid": "9e6d0709-237c-4a56-a48f-8b8736885e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27106", "type": "seen", "source": "https://t.me/cvedetector/18691", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27106 - Binance Trading Bot Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27106 \nPublished : Feb. 21, 2025, 10:15 p.m. | 33\u00a0minutes ago \nDescription : binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Authenticated users of binance-trading-bot can achieve Remote Code Execution on the host system due to a command injection vulnerability in the `/restore` endpoint. The restore endpoint of binance-trading-bot is vulnerable to command injection via the `/restore` endpoint. The name of the uploaded file is passed to shell.exec without sanitization other than path normalization, resulting in Remote Code Execution. This may allow any authorized user to execute code in the context of the host machine. This issue has been addressed in version 0.0.100 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:28.000000Z"}, {"uuid": "453b3a19-7ff7-4fbd-8550-c8df49a58fdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27100", "type": "seen", "source": "Telegram/gX2usgmFFKJ2pv-udzgAblLXZlxiQRuWHtTIOz9tTmPtMN88", "content": "", "creation_timestamp": "2025-02-21T02:11:50.000000Z"}, {"uuid": "25f3bb43-829b-4b71-be0b-ab3ac10dca1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27109", "type": "published-proof-of-concept", "source": "Telegram/z-TEGJuLb-MI9QSBe5sQLLsDPvx9hpDxWNGhFcSyGduHviQ", "content": "", "creation_timestamp": "2025-02-21T23:31:55.000000Z"}, {"uuid": "d4c66ff0-9562-4f9c-8ae0-27ed2b5a914d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27108", "type": "published-proof-of-concept", "source": "Telegram/z-TEGJuLb-MI9QSBe5sQLLsDPvx9hpDxWNGhFcSyGduHviQ", "content": "", "creation_timestamp": "2025-02-21T23:31:55.000000Z"}, {"uuid": "4cc0abf9-d4b9-4281-bb4f-284821332ec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27106", "type": "published-proof-of-concept", "source": "Telegram/z-TEGJuLb-MI9QSBe5sQLLsDPvx9hpDxWNGhFcSyGduHviQ", "content": "", "creation_timestamp": "2025-02-21T23:31:55.000000Z"}, {"uuid": "4b09ba7e-b1ad-469c-8dc8-f6cebe0a3477", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27102", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lklphthwha2x", "content": "", "creation_timestamp": "2025-03-17T17:45:46.904959Z"}, {"uuid": "6a79cd51-3035-4a7d-8bd0-b5015de8a966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27106", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114044196487307845", "content": "", "creation_timestamp": "2025-02-21T22:18:58.763390Z"}, {"uuid": "8b56d499-8ebc-4fd1-a325-86c711ca2012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27105", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114048796240672246", "content": "", "creation_timestamp": "2025-02-22T17:48:45.343704Z"}, {"uuid": "0f9d97bc-f2dc-4ee4-93b3-30437e53955c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27106", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114048796287261525", "content": "", "creation_timestamp": "2025-02-22T17:48:46.918604Z"}, {"uuid": "f5c3a71f-d860-4aa1-8824-41df7ce965f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27105", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lisjnzo3uj2z", "content": "", "creation_timestamp": "2025-02-23T00:00:07.376842Z"}, {"uuid": "2c782c64-b9fa-4e2a-b7ec-a764bcaa9fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2710", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-2710.yaml", "content": "", "creation_timestamp": "2025-07-16T13:27:11.000000Z"}, {"uuid": "f7503c0a-5129-436c-bceb-02391087d42b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27109", "type": "seen", "source": "https://t.me/cvedetector/18693", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27109 - Solid-js Unescaped User Input Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27109 \nPublished : Feb. 21, 2025, 10:15 p.m. | 33\u00a0minutes ago \nDescription : solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T23:57:29.000000Z"}, {"uuid": "e6d3f8c6-fc37-4792-9b87-bf290c23e7a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27105", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5044", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27105\n\ud83d\udd25 CVSS Score: 2.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-02-21T21:27:28.056Z\n\ud83d\udccf Modified: 2025-02-22T15:37:28.734Z\n\ud83d\udd17 References:\n1. https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp", "creation_timestamp": "2025-02-22T16:25:15.000000Z"}]}