{
"Source": "CVE FEED",
"Title": "CVE-2025-4081 - DaVinci Resolve Dynamic Library Validation Bypass",
"Content": "CVE ID : CVE-2025-4081
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue affects DaVinci Resolve on macOS in all versions.
Last tested version: 19.1.3
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4081 - DaVinci Resolve Dynamic Library Validation Bypass",
"Content": "CVE ID : CVE-2025-4081
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue affects DaVinci Resolve on macOS in all versions.
Last tested version: 19.1.3
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5321 - Aimhubio Aim Remote Sandbox Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-5321
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5321 - Aimhubio Aim Remote Sandbox Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-5321
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5334 - Devolutions Remote Desktop Manager Private Data Exposure and Unauthorized Access",
"Content": "CVE ID : CVE-2025-5334
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager
allows an authenticated user to gain unauthorized access to private personal information.
Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.
This issue affects the following versions :
* Remote Desktop Manager Windows 2025.1.34.0 and earlier
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5334 - Devolutions Remote Desktop Manager Private Data Exposure and Unauthorized Access",
"Content": "CVE ID : CVE-2025-5334
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager
allows an authenticated user to gain unauthorized access to private personal information.
Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.
This issue affects the following versions :
* Remote Desktop Manager Windows 2025.1.34.0 and earlier
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-22653 - Yasm NULL Pointer Dereference Vulnerability",
"Content": "CVE ID : CVE-2024-22653
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-22653 - Yasm NULL Pointer Dereference Vulnerability",
"Content": "CVE ID : CVE-2024-22653
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-22654 - "tcpreplay Infinite Loop Vulnerability"",
"Content": "CVE ID : CVE-2024-22654
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-22654 - "tcpreplay Infinite Loop Vulnerability"",
"Content": "CVE ID : CVE-2024-22654
Published : May 29, 2025, 3:15 p.m. | 1 hour, 22 minutes ago
Description : tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5323 - Fossasia Open-Event-Server Encryption Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-5323
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5323 - Fossasia Open-Event-Server Encryption Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-5323
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46823 - OpenMRS FHIR2 Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-46823
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46823 - OpenMRS FHIR2 Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-46823
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-41591 - ONOS ARP Spoofing Vulnerability",
"Content": "CVE ID : CVE-2023-41591
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-41591 - ONOS ARP Spoofing Vulnerability",
"Content": "CVE ID : CVE-2023-41591
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53423 - ONOS Denial of Service (DoS) Vulnerability",
"Content": "CVE ID : CVE-2024-53423
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53423 - ONOS Denial of Service (DoS) Vulnerability",
"Content": "CVE ID : CVE-2024-53423
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-29632 - Free5gc Buffer Overflow Denial of Service",
"Content": "CVE ID : CVE-2025-29632
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-29632 - Free5gc Buffer Overflow Denial of Service",
"Content": "CVE ID : CVE-2025-29632
Published : May 29, 2025, 6:15 p.m. | 27 minutes ago
Description : Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-51392 - OpenKnowledgeMaps Headstart Remote Privilege Escalation",
"Content": "CVE ID : CVE-2024-51392
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-51392 - OpenKnowledgeMaps Headstart Remote Privilege Escalation",
"Content": "CVE ID : CVE-2024-51392
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46570 - Apache vLLM PageAttention Chunk Prefill Timing Vulnerability",
"Content": "CVE ID : CVE-2025-46570
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46570 - Apache vLLM PageAttention Chunk Prefill Timing Vulnerability",
"Content": "CVE ID : CVE-2025-46570
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.
Severity: 2.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46722 - VLLM Image Hash Collision Vulnerability",
"Content": "CVE ID : CVE-2025-46722
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the imageโs shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46722 - VLLM Image Hash Collision Vulnerability",
"Content": "CVE ID : CVE-2025-46722
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image objects using only obj.tobytes(), which returns only the raw pixel data, without including metadata such as the imageโs shape (width, height, mode). As a result, two images of different sizes (e.g., 30x100 and 100x30) with the same pixel byte sequence could generate the same hash value. This may lead to hash collisions, incorrect cache hits, and even data leakage or security risks. This issue has been patched in version 0.9.0.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-48475 - FreeScout Unrestricted Client Access Vulnerability",
"Content": "CVE ID : CVE-2025-48475
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the existing mailboxes, as well as to any of the existing conversations, has the ability to view and edit the System's clients. The limitation of client visibility can be implemented by the limit_user_customer_visibility setting, however, in the specified scenarios, there is no check for the presence of this setting. This issue has been patched in version 1.8.180.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-48475 - FreeScout Unrestricted Client Access Vulnerability",
"Content": "CVE ID : CVE-2025-48475
Published : May 29, 2025, 5:15 p.m. | 1 hour, 27 minutes ago
Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the existing mailboxes, as well as to any of the existing conversations, has the ability to view and edit the System's clients. The limitation of client visibility can be implemented by the limit_user_customer_visibility setting, however, in the specified scenarios, there is no check for the presence of this setting. This issue has been patched in version 1.8.180.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5326 - Zhilink ADP Application Developer Platform Deserialization Vulnerability",
"Content": "CVE ID : CVE-2025-5326
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : A vulnerability was found in zhilink ๆบไบ่(ๆทฑๅณ)็งๆๆ้ๅ ฌๅธ ADP Application Developer Platform ๅบ็จๅผๅ่ ๅนณๅฐ 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5326 - Zhilink ADP Application Developer Platform Deserialization Vulnerability",
"Content": "CVE ID : CVE-2025-5326
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : A vulnerability was found in zhilink ๆบไบ่(ๆทฑๅณ)็งๆๆ้ๅ ฌๅธ ADP Application Developer Platform ๅบ็จๅผๅ่ ๅนณๅฐ 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-47288 - Discourse Policy Plugin Group Policy Information Disclosure",
"Content": "CVE ID : CVE-2025-47288
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-47288 - Discourse Policy Plugin Group Policy Information Disclosure",
"Content": "CVE ID : CVE-2025-47288
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-47933 - Argo CD Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-47933
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-47933 - Argo CD Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-47933
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4967 - Esri Portal for ArcGIS SSRF Bypass",
"Content": "CVE ID : CVE-2025-4967
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portalโs SSRF protections.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4967 - Esri Portal for ArcGIS SSRF Bypass",
"Content": "CVE ID : CVE-2025-4967
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portalโs SSRF protections.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5325 - Zhilink ADP Application Developer Platform Template Engine Code Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5325
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : A vulnerability has been found in zhilink ๆบไบ่(ๆทฑๅณ)็งๆๆ้ๅ ฌๅธ ADP Application Developer Platform ๅบ็จๅผๅ่ ๅนณๅฐ 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5325 - Zhilink ADP Application Developer Platform Template Engine Code Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5325
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : A vulnerability has been found in zhilink ๆบไบ่(ๆทฑๅณ)็งๆๆ้ๅ ฌๅธ ADP Application Developer Platform ๅบ็จๅผๅ่ ๅนณๅฐ 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-54952 - MikroTik RouterOS SMB Service Remote Denial of Service",
"Content": "CVE ID : CVE-2024-54952
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-54952 - MikroTik RouterOS SMB Service Remote Denial of Service",
"Content": "CVE ID : CVE-2024-54952
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-2518 - IBM Db2 Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-2518
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1
is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-2518 - IBM Db2 Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-2518
Published : May 29, 2025, 8:15 p.m. | 27 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1
is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 May 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น