{"vulnerability": "CVE-2025-2480", "sightings": [{"uuid": "2efc09e0-9232-4675-8f32-637c11a0d4ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24800", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgt5rjiyvq2h", "content": "", "creation_timestamp": "2025-01-28T19:09:36.601157Z"}, {"uuid": "b6c560ab-e541-46f2-81dc-6c75e67cd205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24805", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhhmw5khqv2k", "content": "", "creation_timestamp": "2025-02-05T22:33:51.396507Z"}, {"uuid": "d008cd49-5767-4cf1-9208-937284103067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24803", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhhmw64f6u27", "content": "", "creation_timestamp": "2025-02-05T22:33:53.504168Z"}, {"uuid": "992903cc-bdd1-4257-903b-338022f71bb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24804", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhhmw5yamk2z", "content": "", "creation_timestamp": "2025-02-05T22:33:52.868810Z"}, {"uuid": "cded49de-1ec1-44c4-beb1-54afcc9bc08b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24802", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918942752937670", "content": "", "creation_timestamp": "2025-01-30T19:25:18.271500Z"}, {"uuid": "3495626b-fe48-47eb-a2ae-673f3279ed8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24802", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgycgujpnx2j", "content": "", "creation_timestamp": "2025-01-30T20:16:25.272656Z"}, {"uuid": "22d71f16-de20-41aa-b578-3f2c6a1f03d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24802", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113919742771804337", "content": "", "creation_timestamp": "2025-01-30T22:48:46.629197Z"}, {"uuid": "af70fa84-54f5-47a2-bb29-89f7496225c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24800", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113906744458245865", "content": "", "creation_timestamp": "2025-01-28T15:43:06.928329Z"}, {"uuid": "24a02180-d9a2-4b20-aab9-22f37857e9a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24802", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgynbkvp4q2g", "content": "", "creation_timestamp": "2025-01-30T23:30:21.601285Z"}, {"uuid": "f4c92d4b-6914-4326-9003-30f1960ec8b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24804", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113952756187471780", "content": "", "creation_timestamp": "2025-02-05T18:44:30.260087Z"}, {"uuid": "8e17878d-c148-4e3a-afa0-b3b462d838d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24805", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113952756201766643", "content": "", "creation_timestamp": "2025-02-05T18:44:30.509393Z"}, {"uuid": "f5596462-e66f-494f-96af-e70c47018eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24800", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsu4i3xjh2f", "content": "", "creation_timestamp": "2025-01-28T16:16:45.368870Z"}, {"uuid": "f8b5db07-2e3b-4830-8563-c02c2f955057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24803", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113952756172745897", "content": "", "creation_timestamp": "2025-02-05T18:44:29.994424Z"}, {"uuid": "d295740d-294b-4621-96f7-86767e2d6bc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24803", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhhbz6hwmx2w", "content": "", "creation_timestamp": "2025-02-05T19:18:42.271771Z"}, {"uuid": "e7436e66-a57f-4dd7-945f-eb48d7158962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24804", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhhbzbexmv2e", "content": "", "creation_timestamp": "2025-02-05T19:18:45.152350Z"}, {"uuid": "5b3c43dd-d993-42e6-be82-00dde10049d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24805", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhhbze7k762p", "content": "", "creation_timestamp": "2025-02-05T19:18:47.852119Z"}, {"uuid": "68b769a5-8d92-49f7-94e1-563a1e0ae5bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3lk6geieskt2j", "content": "", "creation_timestamp": "2025-03-12T10:58:14.248324Z"}, {"uuid": "99032cf0-3c3e-4197-93ba-7dd060aa6163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24807", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhw2nwx4a22a", "content": "", "creation_timestamp": "2025-02-11T16:17:04.873497Z"}, {"uuid": "e374b5cb-4bd4-4685-ad04-0a501349d03c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkoii25z2w2k", "content": "", "creation_timestamp": "2025-03-18T20:18:42.938058Z"}, {"uuid": "045accb5-26e6-4713-8971-60c01beb16b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/it-connect.bsky.social/post/3lkn3vvzuf32u", "content": "", "creation_timestamp": "2025-03-18T07:01:04.699138Z"}, {"uuid": "e4de77ba-4ee1-4bc5-964e-b13c69b002c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3lk6kdzgvaa2a", "content": "", "creation_timestamp": "2025-03-12T12:09:32.796763Z"}, {"uuid": "3a0b1780-95a2-41c3-ac3d-f690f5d39654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114185140719428080", "content": "", "creation_timestamp": "2025-03-18T19:42:57.057564Z"}, {"uuid": "35a2bece-104b-42de-a674-24ed7779111a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114185162962943617", "content": "", "creation_timestamp": "2025-03-18T19:48:36.705593Z"}, {"uuid": "d0118b81-9f86-4bc8-8cc9-317d988d6c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3lkt4jwpsi22b", "content": "", "creation_timestamp": "2025-03-20T16:28:14.440343Z"}, {"uuid": "bd73f853-a9b4-49f3-973e-973f4738e668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/114154763751292664", "content": "", "creation_timestamp": "2025-03-13T10:57:43.431265Z"}, {"uuid": "656d140c-2d66-47cb-a7b8-632620d45c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/bearstech.com/post/3lknbcpxkch2n", "content": "", "creation_timestamp": "2025-03-18T08:37:42.716011Z"}, {"uuid": "7466f87a-e41b-4aa9-855f-68986f89905c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24806", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3likrwszimm2a", "content": "", "creation_timestamp": "2025-02-19T22:06:55.024549Z"}, {"uuid": "9a6614f5-ff00-43f2-85b2-61419163e689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24806", "type": "seen", "source": "https://t.me/cvedetector/18450", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24806 - Authelia Brute-Force Regulation Limitation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24806 \nPublished : Feb. 19, 2025, 6:15 p.m. | 23\u00a0minutes ago \nDescription : Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. If users are allowed to sign in via both username and email the regulation system treats these as separate login events. This leads to the regulation limitations being effectively doubled assuming an attacker using brute-force to find a user password. It's important to note that due to the effective operation of regulation where no user-facing sign of their regulation ban being visible either via timing or via API responses, it's effectively impossible to determine if a failure occurs due to a bad username password combination, or a effective ban blocking the attempt which heavily mitigates any form of brute-force. This occurs because the records and counting process for this system uses the method utilized for sign in rather than the effective username attribute. This has a minimal impact on account security, this impact is increased naturally in scenarios when there is no two-factor authentication required and weak passwords are used. This makes it a bit easier to brute-force a password. A patch for this issue has been applied to versions 4.38.19, and 4.39.0. Users are advised to upgrade. Users unable to upgrade should 1. Not heavily modify the default settings in a way that ends up with shorter or less frequent regulation bans. The default settings effectively mitigate any potential for this issue to be exploited. and 2. Disable the ability for users to login via an email address. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T20:24:50.000000Z"}, {"uuid": "8606e8bc-f787-4f86-8b38-4c0ee736357b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lk6i6evc3a2c", "content": "", "creation_timestamp": "2025-03-12T11:30:36.209339Z"}, {"uuid": "3eb13eec-5d7d-49c2-9282-4ef6c248aa32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lk6nzfq5z227", "content": "", "creation_timestamp": "2025-03-12T13:15:11.893836Z"}, {"uuid": "be4dd7da-329c-456a-9ee3-73096d57f75f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24805", "type": "seen", "source": "https://t.me/cvedetector/17319", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24805 - MobSF Windows Permission Token Vulnerability (Privilege Escalation)\", \n  \"Content\": \"CVE ID : CVE-2025-24805 \nPublished : Feb. 5, 2025, 7:15 p.m. | 56\u00a0minutes ago \nDescription : Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T21:39:48.000000Z"}, {"uuid": "f78cbc09-6a09-4749-a0c2-8a5816c06f48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24803", "type": "seen", "source": "https://t.me/cvedetector/17318", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24803 - Apple Corellium Stored XSS Following Unvalidated Bundle ID\", \n  \"Content\": \"CVE ID : CVE-2025-24803 \nPublished : Feb. 5, 2025, 7:15 p.m. | 56\u00a0minutes ago \nDescription : Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A\u2013Z, a\u2013z, and 0\u20139), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `CFBundleIdentifier` value. The `dynamic_analysis.html` file does not sanitize the received bundle value from Corellium and as a result, it is possible to break the HTML context and achieve Stored XSS. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T21:39:47.000000Z"}, {"uuid": "1f3cb315-3711-4b3c-bace-8686acad0302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24804", "type": "seen", "source": "https://t.me/cvedetector/17317", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24804 - Apple iOS Bundle ID Special Character Injection\", \n  \"Content\": \"CVE ID : CVE-2025-24804 \nPublished : Feb. 5, 2025, 7:15 p.m. | 56\u00a0minutes ago \nDescription : Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A\u2013Z, a\u2013z, and 0\u20139), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `CFBundleIdentifier` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T21:39:46.000000Z"}, {"uuid": "8b5ba3aa-428e-498c-9698-92dd4b132e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/2002296b-dd57-45e0-b127-feeaa53cc204", "content": "", "creation_timestamp": "2025-03-13T09:40:21.398312Z"}, {"uuid": "5dc4f149-b89d-4e51-844a-83e7ece9681a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7968", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24801\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.\n\ud83d\udccf Published: 2025-03-18T18:32:06.401Z\n\ud83d\udccf Modified: 2025-03-18T18:32:06.401Z\n\ud83d\udd17 References:\n1. https://github.com/glpi-project/glpi/security/advisories/GHSA-g2p3-33ff-r555", "creation_timestamp": "2025-03-18T19:03:05.000000Z"}, {"uuid": "576a9bf3-2ec6-4473-96e3-963f9bd5e780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2480", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8239", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2480\n\ud83d\udd25 CVSS Score: 8.4 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker.\n\ud83d\udccf Published: 2025-03-20T16:49:07.713Z\n\ud83d\udccf Modified: 2025-03-20T16:49:07.713Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-079-01\n2. https://santesoft.com/win/sante-dicom-viewer-pro/download.html", "creation_timestamp": "2025-03-20T17:18:48.000000Z"}, {"uuid": "4df1eeec-32eb-41d9-acb6-2041e7eaa921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24802", "type": "seen", "source": "https://t.me/cvedetector/16815", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24802 - Plonky2 Lookup Table Padding overwrite vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24802 \nPublished : Jan. 30, 2025, 8:15 p.m. | 58\u00a0minutes ago \nDescription : Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) = 0 for any lookup table f (unless its length happens to be divisible by 26). The cause of problem is that the LookupTableGate-s are padded with zeros. A workaround from the user side is to extend the table (by repeating some entries) so that its length becomes divisible by 26. This vulnerability is fixed in 1.0.1. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T22:38:10.000000Z"}, {"uuid": "6be37d25-f7c4-4c25-8c4c-8b05d4644269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/432", "content": "Top Security News for Today\n\nImpossible XXE in PHP  \nhttps://www.reddit.com/r/netsec/comments/1j9f0i7/impossible_xxe_in_php/\n\nAnalysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE  \nhttps://www.reddit.com/r/netsec/comments/1j9f0ur/analysis_of_cve202524813_apache_tomcat_path/\n\nCybersecurity Can\u2019t Wait: Modern Enterprises Must Adapt  \nhttps://www.tripwire.com/state-of-security/cybersecurity-cant-wait-modern-enterprises-must-adapt\n\nPre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)  \nhttps://www.reddit.com/r/netsec/comments/1j9hcdw/preauthentication_sql_injection_to_rce_in_glpi/\n\nChina, Russia, Iran, and North Korea Intelligence Sharing  \nhttps://www.schneier.com/blog/archives/2025/03/china-russia-iran-and-north-korea-intelligence-sharing.html\n\nBehind the Scenes of Burp AI: How we built it, and what's next  \nhttps://portswigger.net/blog/behind-the-scenes-of-burp-ai-how-we-built-it-and-whats-next\n\nNew Lumma Stealer campaign abuses Reddit threads to drop malware via fake WeTransfer links  \nhttps://www.reddit.com/r/netsec/comments/1j9xq07/new_lumma_stealer_campaign_abuses_reddit_threads/\n\nRuthless Mantis - Modus Operandi  \nhttps://www.reddit.com/r/netsec/comments/1j9v0dh/ruthless_mantis_modus_operandi/\n\nFollow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2025-03-13T09:30:43.000000Z"}, {"uuid": "d4a7ea4d-257a-4872-b3ae-bd0cf66c1f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24808", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8845", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24808\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due to a race condition. The patch in versions `3.3.4` and `3.4.0.beta5` uses the `lock` step in service to wrap part of the `add_users_to_channel` service inside a distributed lock/mutex in order to avoid the race condition.\n\ud83d\udccf Published: 2025-03-26T14:08:38.915Z\n\ud83d\udccf Modified: 2025-03-26T14:14:38.212Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-hfcx-qjw6-573r\n2. https://github.com/discourse/discourse/commit/a16b2f224860f6678f89f5ffa012f0ede17e4095", "creation_timestamp": "2025-03-26T14:25:09.000000Z"}, {"uuid": "debbc8cf-04cf-4e6c-adb4-451dfabb5d61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35931", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-24801 Exploit \nURL\uff1ahttps://github.com/fatkz/CVE-2025-24801\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-07T18:19:52.000000Z"}, {"uuid": "fdb1139d-a7c5-40dd-aec4-def89d3fcfca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24800", "type": "seen", "source": "https://t.me/cvedetector/16607", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24800 - Hyperbridge Cross-Chain Header Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24800 \nPublished : Jan. 28, 2025, 4:15 p.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or compromise other kinds of cross-chain applications. This vulnerability is fixed in 15.0.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T18:47:17.000000Z"}, {"uuid": "fbdb079d-3669-483e-8f91-b87f19659655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://t.me/cvedetector/20604", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24801 - \"GLPI PHP File Upload Execution Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-24801 \nPublished : March 18, 2025, 7:15 p.m. | 1\u00a0hour, 22\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T21:55:37.000000Z"}, {"uuid": "fcee542f-5ff6-4213-bd02-bdb4d869d053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2480", "type": "seen", "source": "https://t.me/cvedetector/20750", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2480 - Santesoft Sante DICOM Viewer Pro Out-of-Bounds Write Arbitrary Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-2480 \nPublished : March 20, 2025, 5:15 p.m. | 55\u00a0minutes ago \nDescription : Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T19:54:34.000000Z"}, {"uuid": "57228ff8-9f5a-46e6-861e-f87f58747d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24808", "type": "seen", "source": "https://t.me/cvedetector/21178", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24808 - Discourse Race Condition in Group DM User Addition\", \n  \"Content\": \"CVE ID : CVE-2025-24808 \nPublished : March 26, 2025, 2:15 p.m. | 28\u00a0minutes ago \nDescription : Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due to a race condition. The patch in versions `3.3.4` and `3.4.0.beta5` uses the `lock` step in service to wrap part of the `add_users_to_channel` service inside a distributed lock/mutex in order to avoid the race condition. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T16:23:54.000000Z"}, {"uuid": "61fedd65-bbb7-421a-9bbd-a04818fc1e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11966", "content": "#exploit\n1. CVE-2025-1974, CVE-2025-24514:\nIngress(Nightmare) NGINX RCE\nhttps://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities\n\n2. CVE-2025-24799, CVE-2025-24801:\nPre-auth SQLi to RCE in GLPI\nhttps://blog.lexfo.fr/glpi-sql-to-rce.html\n\n3. CVE-2025-29927:\nAuthorization Bypass in Next.js Middleware\nhttps://github.com/arvion-agent/next-CVE-2025-29927\n]-> Bypass Checker:\nhttps://github.com/RoyCampos/CVE-2025-29927", "creation_timestamp": "2025-03-26T00:36:58.000000Z"}, {"uuid": "d1046a14-ce96-461f-93ae-4f48ded945df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "published-proof-of-concept", "source": "Telegram/oYmpRnsP0n5l9UoNVnmi0Tqagk8hdqptE5SM8rliaeN2ddE", "content": "", "creation_timestamp": "2025-04-19T13:00:06.000000Z"}, {"uuid": "2b1ef5dd-7c40-4298-b648-3e479b026c44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2480", "type": "seen", "source": "Telegram/8l2RSQlViSUyF2KsQhAoP-bQskZZ5Tff2UjLP0sTHZ0abL4", "content": "", "creation_timestamp": "2025-03-20T19:00:27.000000Z"}, {"uuid": "9662ebd2-c2cc-4e27-8b84-b5136d610606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "seen", "source": "https://t.me/CyberBulletin/2597", "content": "\u26a1Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801).\n\n#CyberBulletin", "creation_timestamp": "2025-03-12T14:25:22.000000Z"}, {"uuid": "2033b291-01e6-4d32-ba1a-f2ef7e74c36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24807", "type": "seen", "source": "Telegram/2DDFFS7u-wqCl6VBDMp3WHjW0m9VZwuUIOHTnvEEppayIQb7", "content": "", "creation_timestamp": "2025-02-21T22:10:24.000000Z"}, {"uuid": "cae2ca9f-d206-424c-8de4-d3d52a53c62d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "published-proof-of-concept", "source": "Telegram/aFwfStP8wFlVkLpHBloIlhn7vOW90LKUAH04hsmOYUZn0T4", "content": "", "creation_timestamp": "2025-05-06T09:00:07.000000Z"}, {"uuid": "9274d966-7b4e-4029-b1c9-20c83ef3804f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24801", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9727", "content": "Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)\n\nhttps://blog.lexfo.fr/glpi-sql-to-rce.html", "creation_timestamp": "2025-03-13T17:55:31.000000Z"}]}