{"vulnerability": "cve-2025-3149", "sightings": [{"uuid": "24ac1d6f-0418-43f3-b556-7fc235d93619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:38.000000Z"}, {"uuid": "1d3ff249-24fa-4c73-8bdb-8d7acc7712b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:37.000000Z"}, {"uuid": "e3a3cb93-22c6-46cd-88ff-974f45b5911f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q4/253", "content": "", "creation_timestamp": "2025-12-08T16:04:49.000000Z"}, {"uuid": "8aa0a87b-7c1d-4ab0-913b-a71db78f51f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3149", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10172", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3149\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.\n\ud83d\udccf Published: 2025-04-03T07:31:10.817Z\n\ud83d\udccf Modified: 2025-04-03T07:31:10.817Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303054\n2. https://vuldb.com/?ctiid.303054\n3. https://vuldb.com/?submit.525403\n4. https://gitee.com/nwtmd5/cve/issues/IBVLXL", "creation_timestamp": "2025-04-03T07:34:01.000000Z"}, {"uuid": "90e51041-d88b-4a81-bfbf-684226a6a855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31492", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10642", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31492\n\ud83d\udd25 CVSS Score: 8.2 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11.\n\ud83d\udccf Published: 2025-04-06T20:02:20.511Z\n\ud83d\udccf Modified: 2025-04-06T20:02:20.511Z\n\ud83d\udd17 References:\n1. https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-59jp-rwph-878r\n2. https://github.com/OpenIDC/mod_auth_openidc/commit/b59b8ad63411857090ba1088e23fe414c690c127", "creation_timestamp": "2025-04-06T20:44:00.000000Z"}, {"uuid": "fa28df3e-954d-4e24-9786-744fd3f9b369", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31490", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11735", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31490\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardening the application against SSRF. The code for this wrapper can be found in autogpt_platform/backend/backend/util/request.py. The requested hostname of a URL which is being requested is validated, ensuring that it does not resolve to any local ipv4 or ipv6 addresses. However, this check is not sufficient, as a DNS server may initially respond with a non-blocked address, with a TTL of 0. This means that the initial resolution would appear as a non-blocked address. In this case, validate_url() will return the url as successful. After validate_url() has successfully returned the url, the url is then passed to the real request() function. When the real request() function is called with the validated url, request() will once again resolve the address of the hostname, because the record will not have been cached (due to TTL 0). This resolution may be in the \"invalid range\". This type of attack is called a \"DNS Rebinding Attack\". This vulnerability is fixed in 0.6.1.\n\ud83d\udccf Published: 2025-04-14T23:07:25.840Z\n\ud83d\udccf Modified: 2025-04-14T23:15:32.637Z\n\ud83d\udd17 References:\n1. https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-wvjg-9879-3m7w\n2. https://github.com/Significant-Gravitas/AutoGPT/commit/66ebe4376eab3434af90808796b54c2139847b37", "creation_timestamp": "2025-04-14T23:53:50.000000Z"}, {"uuid": "110c39ba-e19b-4df0-8c16-8bc744d1b79f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31493", "type": "seen", "source": "https://t.me/cvedetector/25205", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31493 - Kirby Path Traversal and Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31493 \nPublished : May 13, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T19:43:48.000000Z"}, {"uuid": "1ee58fe3-c9cb-480d-bc30-82938767dc55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31497", "type": "seen", "source": "https://t.me/cvedetector/23008", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31497 - TEIGarage XXE Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31497 \nPublished : April 15, 2025, 8:15 p.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability in its document conversion functionality. The service processes XML files during the conversion process but fails to disable external entity processing, allowing an attacker to read arbitrary files from the server's filesystem. This vulnerability could allow attackers to read sensitive files from the server's filesystem, potentially exposing configuration files, credentials, or other confidential information. Additionally, depending on the server configuration, this could potentially be used to perform server-side request forgery (SSRF) attacks by making the server connect to internal services. This issue is patched in version 1.2.4. A workaround for this vulnerability includes disabling external entity processing in the XML parser by setting the appropriate security features (e.g., XMLConstants.FEATURE_SECURE_PROCESSING). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T00:08:26.000000Z"}, {"uuid": "8909fa3b-a18e-4e7c-bab8-294c64e4dd2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31494", "type": "seen", "source": "https://t.me/cvedetector/22898", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31494 - AutoGPT WebSocket API Graph ID Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31494 \nPublished : April 15, 2025, 12:15 a.m. | 34\u00a0minutes ago \nDescription : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no check prohibiting users from subscribing with another user's graph_id+graph_version. As a result, node execution updates from one user's graph execution could be received by another user within the same instance. This vulnerability does not occur between different instances or between users and non-users of the platform. Single-user instances are not affected. In private instances with a user white-list, the impact is limited by the fact that all potential unintended recipients of these node execution updates must have been admitted by the administrator. This vulnerability is fixed in 0.6.1. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T03:13:12.000000Z"}, {"uuid": "bd137abc-cf01-451a-a4ff-c76e8bb00a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31490", "type": "seen", "source": "https://t.me/cvedetector/22902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31490 - AutoGPT SSRF via DNS Rebinding\", \n  \"Content\": \"CVE ID : CVE-2025-31490 \nPublished : April 14, 2025, 11:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardening the application against SSRF. The code for this wrapper can be found in autogpt_platform/backend/backend/util/request.py. The requested hostname of a URL which is being requested is validated, ensuring that it does not resolve to any local ipv4 or ipv6 addresses. However, this check is not sufficient, as a DNS server may initially respond with a non-blocked address, with a TTL of 0. This means that the initial resolution would appear as a non-blocked address. In this case, validate_url() will return the url as successful. After validate_url() has successfully returned the url, the url is then passed to the real request() function. When the real request() function is called with the validated url, request() will once again resolve the address of the hostname, because the record will not have been cached (due to TTL 0). This resolution may be in the \"invalid range\". This type of attack is called a \"DNS Rebinding Attack\". This vulnerability is fixed in 0.6.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T03:13:18.000000Z"}, {"uuid": "dac305be-8841-404b-94a4-335e0b5ccb85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31491", "type": "seen", "source": "https://t.me/cvedetector/22899", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31491 - \"AutoGPT Cross-Domain Cookie and Header Leakage Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-31491 \nPublished : April 15, 2025, 12:15 a.m. | 34\u00a0minutes ago \nDescription : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests python library, located in autogpt_platform/backend/backend/util/request.py. In this wrapper, redirects are specifically NOT followed for the first request. If the wrapper is used with allow_redirects set to True (which is the default), any redirect is not followed by the initial request, but rather re-requested by the wrapper using the new location. However, there is a fundamental flaw in manually re-requesting the new location: it does not account for security-sensitive headers which should not be sent cross-origin, such as the Authorization and Proxy-Authorization header, and cookies. For example in autogpt_platform/backend/backend/blocks/github/_api.py, an Authorization header is set when retrieving data from the GitHub API. However, if GitHub suffers from an open redirect vulnerability (such as the made-up example of {owner}/{repo}/issues/comments/{comment_id}/../../../../../redirect/?url=), and the script can be coerced into visiting it with the Authorization header, the GitHub credentials in the Authorization header will be leaked. This allows leaking auth headers and private cookies. This vulnerability is fixed in 0.6.1. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T03:13:13.000000Z"}, {"uuid": "1f5224ea-f561-4870-ae31-2daa8da1254f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://t.me/cvedetector/22459", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31498 - \"C-ares Use-After-Free Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-31498 \nPublished : April 8, 2025, 2:15 p.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T18:10:50.000000Z"}, {"uuid": "659cef45-722a-4471-b28e-3fe130669682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31496", "type": "seen", "source": "https://t.me/cvedetector/22366", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31496 - Apollo Compiler Named Fragment Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31496 \nPublished : April 7, 2025, 9:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in some cases during query validation, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service in applications. This vulnerability is fixed in 1.27.0. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T01:26:38.000000Z"}, {"uuid": "ef212494-ab1a-4a2f-963a-3ab3803cac53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3149", "type": "seen", "source": "https://t.me/cvedetector/21955", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3149 - \"ITing Student Homework Management System Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-3149 \nPublished : April 3, 2025, 8:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T11:03:13.000000Z"}, {"uuid": "5d3ae9ad-7183-42bb-9dbd-0bc7b11f4b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31492", "type": "seen", "source": "https://t.me/cvedetector/22226", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31492 - Apache mod_auth_openidc Unauthenticated Content Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-31492 \nPublished : April 6, 2025, 8:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T00:20:04.000000Z"}, {"uuid": "c6d331e9-afdb-47c9-a5bf-3387fbefb851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3149", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvrfdq3qk2u", "content": "", "creation_timestamp": "2025-04-03T11:12:04.648223Z"}, {"uuid": "f3fee4d9-83f8-4e13-af74-b7bc6f2bc4c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmcks5r5in2l", "content": "", "creation_timestamp": "2025-04-08T13:18:29.590866Z"}, {"uuid": "07aac423-2141-4692-9f9a-65c40a214eba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmcygf2jk52q", "content": "", "creation_timestamp": "2025-04-08T17:22:30.339368Z"}, {"uuid": "d0b24d81-3285-4bbe-a426-e7eef5817c44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31492", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lmg6awqtek2h", "content": "", "creation_timestamp": "2025-04-09T23:44:50.460811Z"}, {"uuid": "c64e63b2-21e3-400f-884b-9e1ccefd4df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31490", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114339165376498544", "content": "", "creation_timestamp": "2025-04-15T00:33:26.566552Z"}, {"uuid": "2a991dae-b237-4656-a2a9-32435aadb8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31491", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114339165376498544", "content": "", "creation_timestamp": "2025-04-15T00:33:26.630650Z"}, {"uuid": "76e879b8-4f30-4cb8-87bc-04078992b4d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31494", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114339165376498544", "content": "", "creation_timestamp": "2025-04-15T00:33:26.709731Z"}, {"uuid": "7d9aaba7-fe35-4e30-b331-9bc19b85f36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31494", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmt2bkm3h52r", "content": "", "creation_timestamp": "2025-04-15T02:38:08.829063Z"}, {"uuid": "499aeede-22ed-4eb8-afcb-7e6f6abdf375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31490", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmt2bktcqe2j", "content": "", "creation_timestamp": "2025-04-15T02:38:09.928532Z"}, {"uuid": "1512598c-a554-4952-b442-085301ee0f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31491", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmt2bkx54z2g", "content": "", "creation_timestamp": "2025-04-15T02:38:10.517811Z"}, {"uuid": "e442b123-8d49-4ec6-8291-347dfd01f24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31491", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114339696292020113", "content": "", "creation_timestamp": "2025-04-15T02:48:27.877884Z"}, {"uuid": "3b1c0f1f-e150-43cd-b205-752233c7afd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31491", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:34.427054Z"}, {"uuid": "dcf4c7b5-8779-4e71-a9b6-f0fd16ab597a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31494", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:35.094799Z"}, {"uuid": "2eb66aa2-161b-4d83-8abc-ecdd1faac5ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3loh6o6hjes27", "content": "", "creation_timestamp": "2025-05-05T20:15:15.405489Z"}, {"uuid": "177b00b4-0bbb-4ba9-80e8-62db2703e007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31493", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vixor7zr2", "content": "", "creation_timestamp": "2025-05-13T16:31:44.149698Z"}, {"uuid": "96343e51-e941-4687-a2a3-529470fbb106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31493", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wsu7f3c2h", "content": "", "creation_timestamp": "2025-05-13T16:48:02.771574Z"}, {"uuid": "3b7570c8-059a-4e2d-a6d6-ed7d2e6afbe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31493", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16214", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31493\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a collection name that depends on request or user data). Sites that only use fixed calls to the `collection()` helper/`$kirby->collection()` method (i.e. calls with a simple string for the collection name) are *not* affected. A missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the collections root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic collection names, such as `collection('tags-' . get('tags'))`. It generally also requires knowledge of the site structure and the server's file system by the attacker, although it can be possible to find vulnerable setups through automated methods such as fuzzing. In a vulnerable setup, this could cause damage to the confidentiality and integrity of the server. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have added a check for the collection path that ensures that the resulting path is contained within the configured collections root. Collection paths that point outside of the collections root will not be loaded.\n\ud83d\udccf Published: 2025-05-13T15:24:40.178Z\n\ud83d\udccf Modified: 2025-05-13T19:08:37.490Z\n\ud83d\udd17 References:\n1. https://github.com/getkirby/kirby/security/advisories/GHSA-x275-h9j4-7p4h\n2. https://github.com/getkirby/kirby/releases/tag/3.10.1.2\n3. https://github.com/getkirby/kirby/releases/tag/3.9.8.3\n4. https://github.com/getkirby/kirby/releases/tag/4.7.1", "creation_timestamp": "2025-05-13T19:31:11.000000Z"}, {"uuid": "12fc47c5-39d3-4084-9ae2-326d7d2df650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31492", "type": "published-proof-of-concept", "source": "Telegram/KQHgBG0pvBiePsgZbFhCl3OvqKepMrf4RCQXURbQUkhOgT4", "content": "", "creation_timestamp": "2025-04-06T23:30:47.000000Z"}, {"uuid": "421fdb43-2960-4280-a462-bc677a5fcdf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31492", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm6l22uqci2w", "content": "", "creation_timestamp": "2025-04-06T23:12:20.173579Z"}, {"uuid": "58399eb7-9c21-43c7-a898-43ef108d29c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lmj7aqbaq42w", "content": "", "creation_timestamp": "2025-04-11T04:40:32.554696Z"}, {"uuid": "858647c2-c310-408b-9b81-958167cdd9be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lmjiiouiek2x", "content": "", "creation_timestamp": "2025-04-11T07:26:05.180773Z"}, {"uuid": "e01ed87f-b7b6-4c41-b222-70136f964242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lmlygddvfc2j", "content": "", "creation_timestamp": "2025-04-12T07:16:24.596842Z"}, {"uuid": "701b35b1-dda5-4a88-af86-5778e54b4fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31498", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3lyvqzxkfzs2x", "content": "", "creation_timestamp": "2025-09-15T21:33:08.208339Z"}, {"uuid": "b7c6d790-0775-4a9c-bb7a-0521a4e7301f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31496", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10784", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31496\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in some cases during query validation, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service in applications. This vulnerability is fixed in 1.27.0.\n\ud83d\udccf Published: 2025-04-07T20:34:46.624Z\n\ud83d\udccf Modified: 2025-04-07T20:34:46.624Z\n\ud83d\udd17 References:\n1. https://github.com/apollographql/apollo-rs/security/advisories/GHSA-7mpv-9xg6-5r79\n2. https://github.com/apollographql/apollo-rs/pull/952", "creation_timestamp": "2025-04-07T20:46:13.000000Z"}, {"uuid": "e70d23b4-c2c1-4297-8082-b0c8112cb306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31494", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31494\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no check prohibiting users from subscribing with another user's graph_id+graph_version. As a result, node execution updates from one user's graph execution could be received by another user within the same instance. This vulnerability does not occur between different instances or between users and non-users of the platform. Single-user instances are not affected. In private instances with a user white-list, the impact is limited by the fact that all potential unintended recipients of these node execution updates must have been admitted by the administrator. This vulnerability is fixed in 0.6.1.\n\ud83d\udccf Published: 2025-04-14T23:21:10.070Z\n\ud83d\udccf Modified: 2025-04-14T23:21:10.070Z\n\ud83d\udd17 References:\n1. https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-958f-37vw-jx8f\n2. https://github.com/Significant-Gravitas/AutoGPT/pull/9660\n3. https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.1", "creation_timestamp": "2025-04-14T23:53:48.000000Z"}, {"uuid": "5079f7be-dd13-4a1d-b6c7-b92a4cf9e93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31491", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11734", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31491\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests python library, located in autogpt_platform/backend/backend/util/request.py. In this wrapper, redirects are specifically NOT followed for the first request. If the wrapper is used with allow_redirects set to True (which is the default), any redirect is not followed by the initial request, but rather re-requested by the wrapper using the new location. However, there is a fundamental flaw in manually re-requesting the new location: it does not account for security-sensitive headers which should not be sent cross-origin, such as the Authorization and Proxy-Authorization header, and cookies. For example in autogpt_platform/backend/backend/blocks/github/_api.py, an Authorization header is set when retrieving data from the GitHub API. However, if GitHub suffers from an open redirect vulnerability (such as the made-up example of https://api.github.com/repos/{owner}/{repo}/issues/comments/{comment_id}/../../../../../redirect/?url=https://joshua.hu/), and the script can be coerced into visiting it with the Authorization header, the GitHub credentials in the Authorization header will be leaked. This allows leaking auth headers and private cookies. This vulnerability is fixed in 0.6.1.\n\ud83d\udccf Published: 2025-04-14T23:15:56.611Z\n\ud83d\udccf Modified: 2025-04-14T23:15:56.611Z\n\ud83d\udd17 References:\n1. https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-ggcm-93qg-gfhp", "creation_timestamp": "2025-04-14T23:53:49.000000Z"}]}