{"vulnerability": "CVE-2025-2779", "sightings": [{"uuid": "d87d9263-6588-42a4-920b-e081d707f740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2779", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llsfizqkzo2n", "content": "", "creation_timestamp": "2025-04-02T03:01:23.346310Z"}, {"uuid": "4a1446a3-f400-48d8-a129-f92370967cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27797", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114307846667500911", "content": "", "creation_timestamp": "2025-04-09T11:48:41.110553Z"}, {"uuid": "95e55e0a-633a-4ba4-80d8-61862ffb6bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27791", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114343784101287084", "content": "", "creation_timestamp": "2025-04-15T20:08:02.893076Z"}, {"uuid": "fba56615-d948-42d5-9c7d-d7b478605a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27795", "type": "seen", "source": "https://t.me/cvedetector/19786", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27795 - GraphicsMagick JXL Image Dimension Resource Limit Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27795 \nPublished : March 7, 2025, 6:15 a.m. | 37\u00a0minutes ago \nDescription : JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T08:14:50.000000Z"}, {"uuid": "d33d28e1-9629-4736-8107-bbb22445d5df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27796", "type": "seen", "source": "https://t.me/cvedetector/19785", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27796 - GraphicsMagick Palette Buffer Allocation Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27796 \nPublished : March 7, 2025, 6:15 a.m. | 36\u00a0minutes ago \nDescription : WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation. \nSeverity: 4.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T08:14:50.000000Z"}, {"uuid": "4cad8b46-3c4e-41b6-9d16-7018b7f8bb03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27796", "type": "seen", "source": "Telegram/qf2fKY3-HsheiipsK3GkCM4CPdhWkatPX9-miBSGjDO4eKrY", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "18b739db-f891-44b3-9391-917caa4b488b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27795", "type": "seen", "source": "Telegram/NYLTm9MkO-28O4EJXTpSMpPZObttpomqvJCUH9w4rA9_uJCL", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "9ac59792-3d3b-421a-a3ba-52017847cbcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27797", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11030", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27797\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.\n\ud83d\udccf Published: 2025-04-09T09:03:29.067Z\n\ud83d\udccf Modified: 2025-04-09T09:03:29.067Z\n\ud83d\udd17 References:\n1. https://www.inaba.co.jp/abaniact/news/security_20250404.pdf\n2. https://jvn.jp/en/vu/JVNVU93925742/", "creation_timestamp": "2025-04-09T09:47:31.000000Z"}, {"uuid": "8a173eed-ff6a-4df1-ab17-bf40b2cd0fb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27795", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27795\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)\n\ud83d\udd39 Description: JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.\n\ud83d\udccf Published: 2025-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T05:47:02.163Z\n\ud83d\udd17 References:\n1. http://www.graphicsmagick.org/NEWS.html", "creation_timestamp": "2025-03-07T06:34:50.000000Z"}, {"uuid": "554a2b05-33a7-4074-8123-bb848132093a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27796", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6798", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27796\n\ud83d\udd25 CVSS Score: 4.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L)\n\ud83d\udd39 Description: WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.\n\ud83d\udccf Published: 2025-03-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-07T05:49:30.741Z\n\ud83d\udd17 References:\n1. http://www.graphicsmagick.org/NEWS.html\n2. https://sourceforge.net/p/graphicsmagick/bugs/750/", "creation_timestamp": "2025-03-07T06:34:49.000000Z"}, {"uuid": "1d3fdc35-836b-4d26-b30c-1899cf340729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27793", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9118", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27793\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library was used with the `vega-interpreter`. Vega version 5.32.0 and vega-functions version 5.17.0 fix the issue. As a workaround, use `vega` with expression interpreter.\n\ud83d\udccf Published: 2025-03-27T14:07:52.264Z\n\ud83d\udccf Modified: 2025-03-27T15:17:18.354Z\n\ud83d\udd17 References:\n1. https://github.com/vega/vega/security/advisories/GHSA-963h-3v39-3pqf\n2. https://github.com/vega/vega/commit/694560c0aa576df8b6c5f0f7d202ac82233e6966\n3. https://github.com/vega/vega/releases/tag/v5.32.0\n4. https://vega.github.io/vega/usage/interpreter", "creation_timestamp": "2025-03-27T15:26:49.000000Z"}, {"uuid": "87191f78-af44-41b9-a22e-6eb3b867704e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2779", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10026", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2779\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: The Insert Headers and Footers Code \u2013 HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.\n\ud83d\udccf Published: 2025-04-02T01:44:29.451Z\n\ud83d\udccf Modified: 2025-04-02T01:44:29.451Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/75bc2295-bf9a-430f-92b7-d380eed6df11?source=cve\n2. https://plugins.trac.wordpress.org/browser/insert-headers-and-footers-script/tags/1.1.2/admin/class-rating-notice.php#L59", "creation_timestamp": "2025-04-02T02:35:49.000000Z"}, {"uuid": "3e185de8-f48b-4056-8206-bd76668e6b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27791", "type": "seen", "source": "https://t.me/cvedetector/23001", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27791 - Collabora Online Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27791 \nPublished : April 15, 2025, 7:16 p.m. | 56\u00a0minutes ago \nDescription : Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T22:28:06.000000Z"}, {"uuid": "dbdd7eef-7980-464c-8a88-bae08bfecc0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27797", "type": "seen", "source": "https://t.me/cvedetector/22549", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27797 - Wi-Fi AP UNIT AC-WPS-11ac series OS Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27797 \nPublished : April 9, 2025, 9:15 a.m. | 48\u00a0minutes ago \nDescription : OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T12:35:34.000000Z"}, {"uuid": "8fe39021-f277-4505-9e6d-cb057718bbc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2779", "type": "seen", "source": "https://t.me/cvedetector/21842", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2779 - WordPress HT Script Plugin Unauthenticated Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2779 \nPublished : April 2, 2025, 2:15 a.m. | 1\u00a0hour, 41\u00a0minutes ago \nDescription : The Insert Headers and Footers Code \u2013 HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-02T06:37:30.000000Z"}, {"uuid": "d615853d-ded2-49b4-93d3-4042f1c21a08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-27794", "type": "published-proof-of-concept", "source": "https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px", "content": "", "creation_timestamp": "2025-03-12T10:22:26.000000Z"}, {"uuid": "ff4544a8-5214-4ba1-8733-3beb7274961f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27796", "type": "seen", "source": "Telegram/TicWXb6eg9Z8A7-_jG2PDaLOAWSCTMzt5oDdI6S6Dkaj7yMV", "content": "", "creation_timestamp": "2025-03-08T04:36:10.000000Z"}, {"uuid": "fb64145f-c703-40b5-b9dc-5944a8a56261", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27796", "type": "seen", "source": "Telegram/ADFYCd8ivCMkxAevFw_YQIjO2ZJf04hMUnbc6lMOO5d74RyU", "content": "", "creation_timestamp": "2025-03-08T04:34:57.000000Z"}, {"uuid": "c3808cde-c7ad-4a55-a865-91839bd98321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27795", "type": "seen", "source": "Telegram/zUmrl4EHy8R_jY6Os77rVRkXolzU3eNAY5m8VwGAzj3g8xYU", "content": "", "creation_timestamp": "2025-03-08T04:34:57.000000Z"}, {"uuid": "0d7c07f1-de79-45af-9d4f-b692daecbc55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-27793", "type": "published-proof-of-concept", "source": "https://github.com/vega/vega/security/advisories/GHSA-963h-3v39-3pqf", "content": "", "creation_timestamp": "2025-03-27T02:45:19.000000Z"}]}