{"vulnerability": "cve-2025-3148", "sightings": [{"uuid": "0697776e-1cce-477c-8798-ba2f72afac44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "published-proof-of-concept", "source": "Telegram/7JHDzw-HLPT_JnUbBZs7JBy68Z843gQ-DmHjqOAMxLpbpZU", "content": "", "creation_timestamp": "2025-07-26T19:00:08.000000Z"}, {"uuid": "2f8d3b9d-4991-4178-b25a-4d376919e43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31487", "type": "seen", "source": "https://t.me/cvedetector/22032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31487 - XWiki JIRA Extension XML External Entity (XXE) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31487 \nPublished : April 3, 2025, 7:15 p.m. | 2\u00a0hours ago \nDescription : The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the returned JIRA fields (such as the summary or description for example). The vulnerability has been patched in the JIRA Extension v8.6.5. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T23:36:35.000000Z"}, {"uuid": "59f444d8-737a-4805-9ca3-302f042d0ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31488", "type": "seen", "source": "https://t.me/cvedetector/22228", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31488 - Plain Craft Launcher (PCL) Background Web Page Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31488 \nPublished : April 6, 2025, 8:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T00:20:06.000000Z"}, {"uuid": "50d2c055-3842-4ec2-b4b5-61af9b362483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "published-proof-of-concept", "source": "Telegram/Vj3yBYYkYbLaud5ygahnU_3G6kYxmhBX_ge6KhfvcG22Fnk", "content": "", "creation_timestamp": "2025-04-07T17:00:14.000000Z"}, {"uuid": "e0fa0891-3a3a-43c8-b9ae-d314d591b572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "published-proof-of-concept", "source": "Telegram/hAF6FKdpjYuECXQoPP2zwfPMJS3VwjnUj1G2aKjirn0WF2A", "content": "", "creation_timestamp": "2025-04-07T17:00:07.000000Z"}, {"uuid": "4ec204e9-e5e0-420f-990e-09a68a310045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31482", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqsq5rrd5642", "content": "", "creation_timestamp": "2025-06-04T21:18:04.182194Z"}, {"uuid": "3dc91559-7b5b-4c41-a914-9adf71942873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:37.000000Z"}, {"uuid": "7b24de72-edbf-4de7-b7dd-31fa587fabb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:38.000000Z"}, {"uuid": "4c860121-1515-4b00-800b-c8233f6e0e8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31481", "type": "seen", "source": "https://gist.github.com/alon710/d62b8d758aabba574401fb9e79bd74ca", "content": "", "creation_timestamp": "2026-01-24T21:25:40.000000Z"}, {"uuid": "287f170f-87b8-4931-9441-0522e5e5e12d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31483", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10303", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31483\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed from default-src 'self' to default-src 'none'; form-action 'none'; sandbox;. This vulnerability is fixed in 2.2.7.\n\ud83d\udccf Published: 2025-04-03T18:07:32.241Z\n\ud83d\udccf Modified: 2025-04-03T18:07:32.241Z\n\ud83d\udd17 References:\n1. https://github.com/miniflux/v2/security/advisories/GHSA-cq88-842x-2jhp\n2. https://github.com/miniflux/v2/commit/cb695e653a08af4cabcb277c271ce74bd0c746e6", "creation_timestamp": "2025-04-03T18:35:33.000000Z"}, {"uuid": "559e49c8-6eb5-452c-99d7-f928b99363ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31481", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10335", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31481\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22.\n\ud83d\udccf Published: 2025-04-03T19:20:22.916Z\n\ud83d\udccf Modified: 2025-04-03T19:20:22.916Z\n\ud83d\udd17 References:\n1. https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m\n2. https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568", "creation_timestamp": "2025-04-03T19:35:46.000000Z"}, {"uuid": "e5c323ea-ec2b-424c-b329-5072bfbafbb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31480", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10472", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31480\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in.\n\ud83d\udccf Published: 2025-04-04T14:49:30.863Z\n\ud83d\udccf Modified: 2025-04-04T14:57:54.321Z\n\ud83d\udd17 References:\n1. https://github.com/aiven/aiven-extras/security/advisories/GHSA-33xh-jqgf-6627\n2. https://github.com/aiven/aiven-extras/commit/77b5f19a0c1d196bc741ff5c774f85fe7ca3063b", "creation_timestamp": "2025-04-04T15:36:55.000000Z"}, {"uuid": "5cb7ef08-238a-44aa-920d-643c8f873ecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31488", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10643", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31488\n\ud83d\udd25 CVSS Score: 4.9 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3.\n\ud83d\udccf Published: 2025-04-06T19:56:24.648Z\n\ud83d\udccf Modified: 2025-04-06T19:56:24.648Z\n\ud83d\udd17 References:\n1. https://github.com/Hex-Dragon/PCL2/security/advisories/GHSA-wfpw-hfcp-9m73", "creation_timestamp": "2025-04-06T20:44:01.000000Z"}, {"uuid": "20a53f13-a28c-4ca3-85f6-6120894286e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31484", "type": "seen", "source": "https://t.me/cvedetector/21918", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31484 - Conda-Forge Azure CF-Staging Token Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-31484 \nPublished : April 2, 2025, 10:15 p.m. | 20\u00a0minutes ago \nDescription : conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure.  \nBetween 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T01:01:24.000000Z"}, {"uuid": "aa8eb3ed-ffdc-4f43-a12c-530300cebe8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31481", "type": "seen", "source": "https://t.me/cvedetector/22019", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31481 - API Platform Core Relay Security Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-31481 \nPublished : April 3, 2025, 8:15 p.m. | 1\u00a0hour ago \nDescription : API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T23:36:16.000000Z"}, {"uuid": "2e2fbcaa-9878-4a00-9968-40e15f59c75c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "https://t.me/cvedetector/22021", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31489 - MinIO Signature Invalid Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31489 \nPublished : April 3, 2025, 8:15 p.m. | 1\u00a0hour ago \nDescription : MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access  \nto - and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T23:36:20.000000Z"}, {"uuid": "176f76df-aa28-4c0f-be5c-e8a0e7e0d9e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31485", "type": "seen", "source": "https://t.me/cvedetector/22020", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31485 - API Platform Core GraphQL Cache Key Tampering Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31485 \nPublished : April 3, 2025, 8:15 p.m. | 1\u00a0hour ago \nDescription : API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\\GraphQl\\Serializer\\ItemNormalizer::isCacheKeySafe() method is meant to prevent the caching but the parent::normalize method that is called afterwards still creates the cache key and causes the issue. This vulnerability is fixed in 4.0.22. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T23:36:19.000000Z"}, {"uuid": "5d2b30ba-010d-403d-ab83-786b7483cafa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31483", "type": "seen", "source": "https://t.me/cvedetector/22005", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31483 - Miniflux Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-31483 \nPublished : April 3, 2025, 6:15 p.m. | 56\u00a0minutes ago \nDescription : Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed from default-src 'self' to default-src 'none'; form-action 'none'; sandbox;. This vulnerability is fixed in 2.2.7. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T21:55:38.000000Z"}, {"uuid": "1f1dd5bc-24bf-4420-97c4-bad1d4574d71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/30307", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aVite\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u6279\u91cf\u68c0\u6d4b\u811a\u672cCVE-2025-31486\nURL\uff1ahttps://github.com/iSee857/CVE-2025-31486-PoC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-07T09:09:35.000000Z"}, {"uuid": "f44b8e83-c5be-4b1f-928a-60d5fe7eb80b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/31074", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-31486 poc\nURL\uff1ahttps://github.com/Ly4j/CVE-2025-31486\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-11T09:39:38.000000Z"}, {"uuid": "156e4ba7-093b-4b9e-9b8d-7e71d6b8e06f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3148", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10187", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3148\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in codeprojects Product Management System 1.0 and classified as problematic. This issue affects some unknown processing of the component Login. The manipulation of the argument Str1 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T07:00:16.937Z\n\ud83d\udccf Modified: 2025-04-03T07:00:16.937Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303053\n2. https://vuldb.com/?ctiid.303053\n3. https://vuldb.com/?submit.525395\n4. https://github.com/LxxxtSec/CVE/blob/main/CVE-Product_Management_System.md", "creation_timestamp": "2025-04-03T07:34:23.000000Z"}, {"uuid": "df5648fc-2b3b-4a1e-b4e2-c1d05ad985d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31484", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10155", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31484\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure.\nBetween 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found.\n\ud83d\udccf Published: 2025-04-02T21:38:03.493Z\n\ud83d\udccf Modified: 2025-04-02T21:38:03.493Z\n\ud83d\udd17 References:\n1. https://github.com/conda-forge/infrastructure/security/advisories/GHSA-m4h2-49xf-vq72\n2. https://github.com/conda-forge/infrastructure/commit/70f3f09e64968d5f0a7b0525846f17cad42dd052", "creation_timestamp": "2025-04-02T22:34:43.000000Z"}, {"uuid": "1906ef8d-63b2-4b6e-8a44-fddeea72deef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31480", "type": "seen", "source": "https://t.me/cvedetector/22130", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31480 - Aiven-Extras PostgreSQL Format Function Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-31480 \nPublished : April 4, 2025, 3:15 p.m. | 41\u00a0minutes ago \nDescription : aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:14.000000Z"}, {"uuid": "91f6caea-3dcb-4aef-8d04-ea08efa293e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "published-proof-of-concept", "source": "Telegram/9k_C5JXeLGhpcgGl3TlsIBGRr_8CSnsQH8RurvDjcthq00c", "content": "", "creation_timestamp": "2025-04-11T17:00:09.000000Z"}, {"uuid": "ed8fec3d-3970-4535-bbf1-a8101bf0dd18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "published-proof-of-concept", "source": "Telegram/B3Ix6c3MChBxGtjJd9wydNqCLtkZFp2u31J3Uh-KqNTLVQg", "content": "", "creation_timestamp": "2025-04-12T01:00:08.000000Z"}, {"uuid": "207d8033-1e72-4761-a5e5-48befe24faa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31484", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114270661068874157", "content": "", "creation_timestamp": "2025-04-02T22:11:54.289319Z"}, {"uuid": "5648378e-2984-4bbd-ab87-986c5ba02610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31484", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114270661068874157", "content": "", "creation_timestamp": "2025-04-02T22:11:54.290376Z"}, {"uuid": "f442e34c-1ed3-4623-96a8-0485d7faa490", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31484", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lluhfgnjdx2s", "content": "", "creation_timestamp": "2025-04-02T22:40:25.108371Z"}, {"uuid": "0da8d3b7-6df3-4d9e-85ed-93498ddd283f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31484", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lluikvpbh22w", "content": "", "creation_timestamp": "2025-04-02T23:01:29.820234Z"}, {"uuid": "ef97bdc2-57a8-4989-bb5f-4bada8e59527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114275934621714005", "content": "", "creation_timestamp": "2025-04-03T20:33:02.243727Z"}, {"uuid": "c5ebb057-ebeb-486c-b010-09d422059edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114275934621714005", "content": "", "creation_timestamp": "2025-04-03T20:33:02.244986Z"}, {"uuid": "66b49cec-796b-412f-94fd-a3913c702c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmdxaje2c", "content": "", "creation_timestamp": "2025-04-03T21:06:27.688134Z"}, {"uuid": "28c5c8dc-c7ef-459c-a30a-9914c88e6b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31487", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmeamd42c", "content": "", "creation_timestamp": "2025-04-03T21:06:28.360879Z"}, {"uuid": "ea2b936b-9723-4da4-9b57-853513116eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmfilty2z", "content": "", "creation_timestamp": "2025-04-03T21:06:35.306010Z"}, {"uuid": "dee74ea4-58ff-4889-8289-b3ea72fa7422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31481", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmfsvb62k", "content": "", "creation_timestamp": "2025-04-03T21:06:37.219462Z"}, {"uuid": "7a0d7ab7-a708-4087-ac19-6b81c0d39584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31485", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmflxze2c", "content": "", "creation_timestamp": "2025-04-03T21:06:35.939323Z"}, {"uuid": "11218356-e6b5-46be-bab9-3395d69ec4ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31480", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llyqu4xlon2g", "content": "", "creation_timestamp": "2025-04-04T15:40:21.411859Z"}, {"uuid": "8f2d3e04-2b5e-4b05-83c0-12427531bab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31480", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llys3nrduk2u", "content": "", "creation_timestamp": "2025-04-04T16:02:27.748539Z"}, {"uuid": "b9332134-b1b8-476a-99af-63a5e35b9176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31480", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280948857377494", "content": "", "creation_timestamp": "2025-04-04T17:48:13.437841Z"}, {"uuid": "16d92ed1-f8ef-4bf4-a49f-d43ea92112dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31480", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280948857377494", "content": "", "creation_timestamp": "2025-04-04T17:48:13.441080Z"}, {"uuid": "6d7e53c3-e0b9-45fb-868d-4f7294433960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31488", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm6l22rg672f", "content": "", "creation_timestamp": "2025-04-06T23:12:19.290883Z"}, {"uuid": "f0e5ad9d-e4b1-41c4-8d97-9c1db138ad2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3lmbdihwc3c2u", "content": "", "creation_timestamp": "2025-04-08T01:35:12.967100Z"}, {"uuid": "4d8ff2bc-d776-41a9-876b-0a311c83de21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-31489.yaml", "content": "", "creation_timestamp": "2025-04-10T12:00:24.000000Z"}, {"uuid": "126bbdc0-7f88-4dc4-904a-82b7d26a23ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmkw4cy4uh2h", "content": "", "creation_timestamp": "2025-04-11T21:02:29.375810Z"}, {"uuid": "ee5bab54-0470-40f8-b723-8f1f6179e2c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lqingczmmw2u", "content": "", "creation_timestamp": "2025-05-31T21:02:27.259282Z"}, {"uuid": "ca5144d4-5582-47dc-b047-32bab24f251e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31489", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:41.000000Z"}, {"uuid": "a2eaf9dc-019c-4bcb-8c01-51bcd66a45ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:39.000000Z"}, {"uuid": "578438cd-aba7-4fb9-b718-68fe7fa8fe11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31486", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m5cjgqr6ey25", "content": "", "creation_timestamp": "2025-11-10T21:02:30.708268Z"}, {"uuid": "0a256ac7-bfba-4f2f-b579-70c75df994ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31481", "type": "seen", "source": "https://gist.github.com/alon710/6d07eaa50a9c65dee03f6d48a556821e", "content": "", "creation_timestamp": "2026-01-24T22:41:05.000000Z"}]}