{"vulnerability": "cve-2025-3278", "sightings": [{"uuid": "0d508f68-3882-438d-b208-fadb8b1d59b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32786", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4th3y4tlov2", "content": "", "creation_timestamp": "2025-11-04T21:11:00.060669Z"}, {"uuid": "094584b7-6548-44e8-a188-c91eea45dd2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32782", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11949", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32782\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, and email previewers) may automatically follow these links, unintentionally confirming the account. This allows an attacker to register an account using another user\u2019s email and potentially have it auto-confirmed by the victim\u2019s email client. This does not allow attackers to take over or access existing accounts or private data. It is limited to account confirmation of new accounts only. This vulnerability is fixed in 4.7.0.\n\ud83d\udccf Published: 2025-04-15T22:04:41.667Z\n\ud83d\udccf Modified: 2025-04-15T22:04:41.667Z\n\ud83d\udd17 References:\n1. https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-3988-q8q7-p787\n2. https://github.com/team-alembic/ash_authentication/commit/99ea38977fd4f421d2aaae0c2fb29f8e5f8f707d", "creation_timestamp": "2025-04-15T22:55:53.000000Z"}, {"uuid": "7503ef7a-ab03-4dd6-bc23-27f322d2327d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32784", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11953", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32784\n\ud83d\udd25 CVSS Score: 7.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized as a Time-of-Check to Time-of-Use (TOCTOU) issue, can be exploited to introduce unauthorized modifications to build artifacts stored in the cf-staging Anaconda channel. Exploitation may result in the unauthorized publication of malicious artifacts to the production conda-forge channel. The core vulnerability results from the absence of atomicity between the hash validation and the artifact copy operation. This gap allows an attacker, with access to the cf-staging token, to overwrite the validated artifact with a malicious version immediately after hash verification, but before the copy action is executed. As the cf-staging channel permits artifact overwrites, such an operation can be carried out using the anaconda upload --force command. This vulnerability is fixed in 2025.4.10.\n\ud83d\udccf Published: 2025-04-15T21:56:27.639Z\n\ud83d\udccf Modified: 2025-04-15T21:56:27.639Z\n\ud83d\udd17 References:\n1. https://github.com/conda-forge/conda-forge-webservices/security/advisories/GHSA-28cx-74fp-g2g2\n2. https://github.com/conda-forge/conda-forge-webservices/commit/141ed27617068debd150956341551df3a5a3807d", "creation_timestamp": "2025-04-15T22:55:57.000000Z"}, {"uuid": "c5332be1-ca44-4e71-8cce-ebbc27fc2cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://t.me/cvedetector/23369", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3278 - \"UrbanGo Membership Plugin Privilege Escalation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-3278 \nPublished : April 19, 2025, 3:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T06:47:42.000000Z"}, {"uuid": "58c5741e-eb82-48fc-add5-82a692843bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32782", "type": "seen", "source": "https://t.me/cvedetector/23015", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32782 - Ash Authentication Auto Confirmation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32782 \nPublished : April 15, 2025, 10:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, and email previewers) may automatically follow these links, unintentionally confirming the account. This allows an attacker to register an account using another user\u2019s email and potentially have it auto-confirmed by the victim\u2019s email client. This does not allow attackers to take over or access existing accounts or private data. It is limited to account confirmation of new accounts only. This vulnerability is fixed in 4.7.0. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T01:48:46.000000Z"}, {"uuid": "e3baf786-bebe-489b-af6c-7e08c0874c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12559", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3278\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.\n\ud83d\udccf Published: 2025-04-19T02:22:33.746Z\n\ud83d\udccf Modified: 2025-04-19T02:22:33.746Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve\n2. https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624", "creation_timestamp": "2025-04-19T02:59:07.000000Z"}, {"uuid": "726c4eaa-5935-4c05-9c20-9da0ffc0e40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32780", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114343058254160495", "content": "", "creation_timestamp": "2025-04-15T17:03:27.402995Z"}, {"uuid": "cadb9c11-da32-4f53-bf37-65716718d9dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32780", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmuqaln2na2q", "content": "", "creation_timestamp": "2025-04-15T18:44:03.875272Z"}, {"uuid": "7d2c308c-e723-4939-97fb-98cd6170cb4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32784", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmv5o37nd42q", "content": "", "creation_timestamp": "2025-04-15T22:44:15.452586Z"}, {"uuid": "06e369c6-e121-4b78-b088-a1485cf1aaf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32787", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo3ljcr22i", "content": "", "creation_timestamp": "2025-04-16T22:43:26.918373Z"}, {"uuid": "b0799cd1-8142-4e41-bcd5-82bfb89ee7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32783", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo5clxcv2q", "content": "", "creation_timestamp": "2025-04-16T22:44:21.078326Z"}, {"uuid": "a6510343-1743-4749-bc23-aead162be361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32789", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo5ctc2i24", "content": "", "creation_timestamp": "2025-04-16T22:44:22.351825Z"}, {"uuid": "8dca4d12-b9f7-47f3-af86-f814447e84a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln55ovm2zmo2", "content": "", "creation_timestamp": "2025-04-19T03:06:50.565960Z"}, {"uuid": "9580565f-022d-464a-ac5a-868142cf838f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114363053490062654", "content": "", "creation_timestamp": "2025-04-19T05:48:30.453443Z"}, {"uuid": "3642421f-f5e3-468e-85b5-84e354b5d7e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32788", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13456", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32788\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.\n\ud83d\udccf Published: 2025-04-22T17:14:39.690Z\n\ud83d\udccf Modified: 2025-04-25T16:03:30.506Z\n\ud83d\udd17 References:\n1. https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x\n2. https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2", "creation_timestamp": "2025-04-25T16:07:12.000000Z"}, {"uuid": "a89acb3b-30b5-4163-b9de-d10b43581487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32784", "type": "seen", "source": "https://t.me/cvedetector/23016", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32784 - Conda-Forge WebServices TOCTOU Artifact Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32784 \nPublished : April 15, 2025, 10:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized as a Time-of-Check to Time-of-Use (TOCTOU) issue, can be exploited to introduce unauthorized modifications to build artifacts stored in the cf-staging Anaconda channel. Exploitation may result in the unauthorized publication of malicious artifacts to the production conda-forge channel. The core vulnerability results from the absence of atomicity between the hash validation and the artifact copy operation. This gap allows an attacker, with access to the cf-staging token, to overwrite the validated artifact with a malicious version immediately after hash verification, but before the copy action is executed. As the cf-staging channel permits artifact overwrites, such an operation can be carried out using the anaconda upload --force command. This vulnerability is fixed in 2025.4.10. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T01:48:46.000000Z"}, {"uuid": "73527afe-ff90-4706-971d-077c8f4d552d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32780", "type": "seen", "source": "https://t.me/cvedetector/22993", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32780 - BleachBit Windows DLL Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32780 \nPublished : April 15, 2025, 5:15 p.m. | 2\u00a0hours, 3\u00a0minutes ago \nDescription : BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\\Users\\\\AppData\\Local\\Microsoft\\WindowsApps\\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T21:37:57.000000Z"}, {"uuid": "4001d9fd-4ed4-49a7-a182-f0369c060456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32787", "type": "seen", "source": "https://t.me/cvedetector/23206", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32787 - SoftEtherVPN NULL Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32787 \nPublished : April 16, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:44.000000Z"}, {"uuid": "98db5ca1-11d2-4fee-9ef8-b81301b02dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32783", "type": "seen", "source": "https://t.me/cvedetector/23205", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32783 - XWiki Platform Cross-Site Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-32783 \nPublished : April 16, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting \"Prevent unregistered users to view pages\" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to \"everyone\" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private. This issue will not be patched as Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. A workaround for this issue involves keeping Message Stream disabled by default. It's advised to keep it disabled from Administration > Social > Message Stream. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:43.000000Z"}]}