{"vulnerability": "CVE-2025-4672", "sightings": [{"uuid": "acf8706b-3e89-4ba8-b130-cf1770c21880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46722", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqdcfkkdvo32", "content": "", "creation_timestamp": "2025-05-29T18:02:03.492438Z"}, {"uuid": "4b43fc04-d182-4e02-b9a0-29e9afc7c862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4672", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqh6zoqbpi42", "content": "", "creation_timestamp": "2025-05-31T07:12:29.129286Z"}, {"uuid": "87b3a4b9-4adf-440a-bc2e-9b9554b17b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4672", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqhglxhhl42e", "content": "", "creation_timestamp": "2025-05-31T09:27:31.619037Z"}, {"uuid": "b0df044b-976e-4ac8-85e8-64250be8c6d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46726", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lohmh7gwxu2r", "content": "", "creation_timestamp": "2025-05-06T00:21:51.567953Z"}, {"uuid": "85f76b41-26b2-4087-b0a1-a1ff5f87727b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lpmcnvbq3s26", "content": "", "creation_timestamp": "2025-05-20T14:35:10.496576Z"}, {"uuid": "f08f2ed8-2e81-4773-8708-fc4364d770cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46724", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lqdo2hm5ys25", "content": "", "creation_timestamp": "2025-05-29T21:30:15.895588Z"}, {"uuid": "97843689-f8ca-4ed5-9506-2f53a7013f34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46723", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo7vcxbg7uz2", "content": "", "creation_timestamp": "2025-05-03T01:36:03.870232Z"}, {"uuid": "904457a1-3efe-4e26-a6c0-277b598155d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46723", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loaavfzvjp2p", "content": "", "creation_timestamp": "2025-05-03T02:06:25.598591Z"}, {"uuid": "0451cae5-259b-4703-9c04-b3edcf745092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46728", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lohzk2opsq2e", "content": "", "creation_timestamp": "2025-05-06T04:16:06.640179Z"}, {"uuid": "dd208ade-d77a-46d7-b521-5230f5a5fc68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3ls4rmeyqjp2z", "content": "", "creation_timestamp": "2025-06-21T14:35:43.397928Z"}, {"uuid": "c2f67635-00f9-4dda-9c7b-54467a2acf76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46728", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lolfp7i4sn2t", "content": "", "creation_timestamp": "2025-05-07T12:31:43.441817Z"}, {"uuid": "c25913f8-7edf-437f-992a-1a4078657e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lomnoosfie2w", "content": "", "creation_timestamp": "2025-05-08T00:27:22.831425Z"}, {"uuid": "6022fdc9-68e1-4068-9186-500c0bbe8543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lompefh54ck2", "content": "", "creation_timestamp": "2025-05-08T00:57:27.974176Z"}, {"uuid": "18357d9a-eba0-434f-8a4a-3b47e7705eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3ls4prtzp772f", "content": "", "creation_timestamp": "2025-06-21T14:02:59.568986Z"}, {"uuid": "b2a106c7-dd2a-407d-b285-a3abe2e8a89d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46729", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loy7dudim62w", "content": "", "creation_timestamp": "2025-05-12T14:42:36.981067Z"}, {"uuid": "a868d430-4f4e-4355-8a83-e488fade96e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46724", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3me2x7obf6t25", "content": "", "creation_timestamp": "2026-02-04T22:44:09.260113Z"}, {"uuid": "2b2f6eb2-cbef-46e7-b80c-752eb7a793eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46721", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wstuioc2o", "content": "", "creation_timestamp": "2025-05-13T16:48:01.067952Z"}, {"uuid": "351da123-cc93-420a-94df-2b5aa71435e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46721", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vsdeta7r2", "content": "", "creation_timestamp": "2025-05-13T16:50:09.545035Z"}, {"uuid": "46ce0d22-5353-418a-9dd2-4073473ef0a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3luiglow3nk2y", "content": "", "creation_timestamp": "2025-07-21T16:40:51.656108Z"}, {"uuid": "29b5eba5-e814-4478-9f78-0fe6d65210eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3luivaeqvrs2y", "content": "", "creation_timestamp": "2025-07-21T21:02:58.680068Z"}, {"uuid": "5413ca69-3c28-47f1-90e3-3f1b7e43ab64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "0f3e706d-9af9-4279-aaa3-981471848c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46726", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14979", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46726\n\ud83d\udd25 CVSS Score: 7.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.\n\ud83d\udccf Published: 2025-05-05T19:21:19.597Z\n\ud83d\udccf Modified: 2025-05-05T20:07:01.257Z\n\ud83d\udd17 References:\n1. https://github.com/langroid/langroid/security/advisories/GHSA-pw95-88fg-3j6f\n2. https://github.com/langroid/langroid/commit/36e7e7db4dd1636de225c2c66c84052b1e9ac3c3\n3. https://github.com/langroid/langroid/blob/df6227e6c079ec22bb2768498423148d6685acff/langroid/agent/xml_tool_message.py#L51-L52", "creation_timestamp": "2025-05-05T20:20:04.000000Z"}, {"uuid": "780b9603-c3cd-406b-9e76-52b5f33f446a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46723", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14630", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46723\n\ud83d\udd25 CVSS Score: 7.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0.\n\ud83d\udccf Published: 2025-05-02T22:18:55.696Z\n\ud83d\udccf Modified: 2025-05-02T22:18:55.696Z\n\ud83d\udd17 References:\n1. https://github.com/openvm-org/openvm/security/advisories/GHSA-jf2r-x3j4-23m7\n2. https://github.com/openvm-org/openvm/commit/68da4b50c033da5603517064aa0a08e1bbf70a01\n3. https://cantina.xyz/code/c486d600-bed0-4fc6-aed1-de759fd29fa2/findings/21\n4. https://github.com/openvm-org/openvm/blob/0f94c8a3dfa7536c1231465d1bdee5fc607a5993/extensions/rv32im/circuit/src/auipc/core.rs#L135\n5. https://github.com/openvm-org/openvm/releases/tag/v1.1.0", "creation_timestamp": "2025-05-02T23:17:25.000000Z"}, {"uuid": "27f16665-aa77-44d9-9151-ee80ae0f2d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46728", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15020", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46728\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attacker can send a chunked request without the terminating zero-length chunk, causing uncontrolled memory allocation on the server. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits during parsing. If the limit is exceeded at any point during reading, the connection is terminated immediately. A short-term workaround through a Reverse Proxy is available. If updating the library immediately is not feasible, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the `cpp-httplib` application. Configure the proxy to enforce maximum request body size limits, thereby stopping excessively large requests before they reach the vulnerable library code.\n\ud83d\udccf Published: 2025-05-06T00:45:25.130Z\n\ud83d\udccf Modified: 2025-05-06T00:45:25.130Z\n\ud83d\udd17 References:\n1. https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-px83-72rx-v57c\n2. https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e", "creation_timestamp": "2025-05-06T01:20:33.000000Z"}, {"uuid": "18dba5fb-3d64-4b5d-a140-b80781d5311f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46721", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16215", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46721\n\ud83d\udd25 CVSS Score: 6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass CSRF checks and issue requests on user's behalf. Due to misuse of the Go `net/http` library, nosurf categorizes all incoming requests as plain-text HTTP requests, in which case the `Referer` header is not checked to have the same origin as the target webpage. If the attacker has control over HTML contents on either the target website (e.g. `example.com`), or on a website hosted on a subdomain of the target (e.g. `attacker.example.com`), they will also be able to manipulate cookies set for the target website. By acquiring the secret CSRF token from the cookie, or overriding the cookie with a new token known to the attacker, `attacker.example.com` is able to craft cross-site requests to `example.com`. A patch for the issue was released in nosurf 1.2.0. In lieu of upgrading to a patched version of nosurf, users may additionally use another HTTP middleware to ensure that a non-safe HTTP request is coming from the same origin (e.g. by requiring a `Sec-Fetch-Site: same-origin` header in the request).\n\ud83d\udccf Published: 2025-05-13T15:29:30.068Z\n\ud83d\udccf Modified: 2025-05-13T19:07:23.093Z\n\ud83d\udd17 References:\n1. https://github.com/justinas/nosurf/security/advisories/GHSA-w9hf-35q4-vcjw\n2. https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\n3. https://github.com/advisories/GHSA-rq77-p4h8-4crw\n4. https://github.com/justinas/nosurf-cve-2025-46721\n5. https://github.com/justinas/nosurf/releases/tag/v1.2.0", "creation_timestamp": "2025-05-13T19:31:12.000000Z"}, {"uuid": "93564a83-e7e8-407f-ae61-9fe7aba8988c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15459", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46727\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix the issue. Some other mitigations are available. One may use middleware to enforce a maximum query string size or parameter count, or employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies. Limiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.\n\ud83d\udccf Published: 2025-05-07T23:07:40.563Z\n\ud83d\udccf Modified: 2025-05-07T23:07:40.563Z\n\ud83d\udd17 References:\n1. https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx\n2. https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712\n3. https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3\n4. https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74", "creation_timestamp": "2025-05-07T23:23:29.000000Z"}, {"uuid": "a64e15a9-3e7a-42a8-b0f6-2b6bf9e3ae1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46725", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17024", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46725\n\ud83d\udd25 CVSS Score: 8.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious commands through `QueryPlan.dataframe_calc]`) compromising the host system. Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.\n\ud83d\udccf Published: 2025-05-20T17:24:31.618Z\n\ud83d\udccf Modified: 2025-05-20T17:24:31.618Z\n\ud83d\udd17 References:\n1. https://github.com/langroid/langroid/security/advisories/GHSA-22c2-9gwg-mj59\n2. https://github.com/langroid/langroid/commit/0d9e4a7bb3ae2eef8d38f2e970ff916599a2b2a6", "creation_timestamp": "2025-05-20T17:43:47.000000Z"}, {"uuid": "0c99329e-7f55-4e94-b85b-91c0b51bacf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46724", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17025", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46724\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.\n\ud83d\udccf Published: 2025-05-20T17:22:13.475Z\n\ud83d\udccf Modified: 2025-05-20T17:23:50.936Z\n\ud83d\udd17 References:\n1. https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj\n2. https://github.com/langroid/langroid/commit/0d9e4a7bb3ae2eef8d38f2e970ff916599a2b2a6", "creation_timestamp": "2025-05-20T17:43:48.000000Z"}, {"uuid": "20671da2-82ff-42ca-8766-26ccda3b2e40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46728", "type": "seen", "source": "https://t.me/NinjaSec/298", "content": "Certainly! Below is a curated list of critical CVEs from 2025 that involve code execution, browser bypasses, and internal service exposure. These are provided strictly for educational purposes to aid in understanding and mitigating such vulnerabilities.\n\n\n\ud83d\udd10 Critical CVEs from 2025 (Educational Use Only)\n\n1. CVE-2025-47241\n\nDescription: Whitelist bypass in the Browser Use automation tool allows attackers to access internal services via crafted URLs.\n\nCVSS Score: 9.3\n\nReference: \n\n\n\n2. CVE-2025-25014\n\nDescription: Prototype pollution in Kibana leads to arbitrary code execution through crafted HTTP requests to machine learning and reporting endpoints.\n\nCVSS Score: 9.1\n\nReference: \n\n\n\n3. CVE-2025-29927\n\nDescription: Authorization bypass in Next.js middleware allows attackers to access protected routes by manipulating internal headers.\n\nCVSS Score: 9.1\n\nReference: \n\n\n\n4. CVE-2025-24813\n\nDescription: \n\nCVSS Score: \n\nReference: \n\n\n\n5. CVE-2025-2783\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n6. CVE-2025-2636\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n7. CVE-2025-2505\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n8. CVE-2025-2746 & CVE-2025-2747\n\nDescription: \n\nCVSS Score: \n\nReference: \n\n\n\n9. CVE-2025-3066\n\nDescription: \n\nCVSS Score: High\n\nReference: \n\n\n\n10. CVE-2025-46728\n\nDescription: Denial of Service vulnerability in cpp-httplib, potentially exposing servers to service disruptions.\n\nCVSS Score: High\n\nReference: \n\n#HackersFactory", "creation_timestamp": "2025-05-19T12:58:14.000000Z"}, {"uuid": "7887add9-8f30-4890-a987-11cd7a35d64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46721", "type": "seen", "source": "https://t.me/cvedetector/25203", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46721 - Apache NOSurf CSRF Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46721 \nPublished : May 13, 2025, 4:15 p.m. | 59\u00a0minutes ago \nDescription : nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass CSRF checks and issue requests on user's behalf. Due to misuse of the Go `net/http` library, nosurf categorizes all incoming requests as plain-text HTTP requests, in which case the `Referer` header is not checked to have the same origin as the target webpage. If the attacker has control over HTML contents on either the target website (e.g. `example.com`), or on a website hosted on a subdomain of the target (e.g. `attacker.example.com`), they will also be able to manipulate cookies set for the target website. By acquiring the secret CSRF token from the cookie, or overriding the cookie with a new token known to the attacker, `attacker.example.com` is able to craft cross-site requests to `example.com`. A patch for the issue was released in nosurf 1.2.0. In lieu of upgrading to a patched version of nosurf, users may additionally use another HTTP middleware to ensure that a non-safe HTTP request is coming from the same origin (e.g. by requiring a `Sec-Fetch-Site: same-origin` header in the request). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T19:43:43.000000Z"}, {"uuid": "b8e43c69-2e2b-4bf1-8d78-f60c46f75ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46728", "type": "seen", "source": "https://t.me/NinjaSec/299", "content": "Code execution, and bypass vulnerabilities \u2014 for educational purposes only:\n\n\n1. CVE-2025-47241 \u2013 Whitelist bypass in Browser Use tool (CVSS 9.3)\n2. CVE-2025-25014 \u2013 Prototype pollution in Kibana (CVSS 9.1)\n3. CVE-2025-29927 \u2013 Next.js middleware authorization bypass (CVSS 9.1)\n4. CVE-2025-24813 \u2013 Apache Tomcat path traversal RCE (Critical)\n5. CVE-2025-2783 \u2013 Chrome Mojo use-after-free (High)\n6. CVE-2025-2636 \u2013 WordPress InstaWP plugin LFI (High)\n7. CVE-2025-2505 \u2013 WordPress Age Gate plugin LFI (High)\n8. CVE-2025-2746 \u2013 Kentico CMS auth bypass (CVSS 9.8)\n9. CVE-2025-2747 \u2013 Kentico CMS staging sync auth bypass (CVSS 9.8)\n10. CVE-2025-3066 \u2013 Chrome Site Isolation use-after-free (High)\n11. CVE-2025-46728 \u2013 cpp-httplib DoS vulnerability\n12. CVE-2025-12345 \u2013 Buffer overflow in XYZ app (CVSS 9.0)\n13. CVE-2025-12346 \u2013 SQL injection in ABC web app (CVSS 8.5)\n14. CVE-2025-12347 \u2013 XSS in DEF platform (CVSS 7.8)\n15. CVE-2025-12348 \u2013 Auth bypass in GHI system (CVSS 9.2)\n16. CVE-2025-12349 \u2013 RCE in JKL service via crafted packets (CVSS 9.5)\n17. CVE-2025-12350 \u2013 Privilege escalation in MNO app (CVSS 8.7)\n18. CVE-2025-12351 \u2013 Info disclosure in PQR system (CVSS 7.5)\n19. CVE-2025-12352 \u2013 DoS in STU server (CVSS 6.8)\n20. CVE-2025-12353 \u2013 Directory traversal in VWX app (CVSS 8.0)\n21. CVE-2025-12354 \u2013 Command injection in YZA tool (CVSS 9.1)\n22. CVE-2025-12355 \u2013 Insecure deserialization in BCD lib (CVSS 9.3)\n23. CVE-2025-12356 \u2013 CSRF in EFG portal (CVSS 7.2)\n24. CVE-2025-12357 \u2013 Memory corruption in HIJ driver (CVSS 8.9)\n25. CVE-2025-12358 \u2013 Improper auth in KLM API (CVSS 9.0)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"}, {"uuid": "592e5c3c-a9e7-4f3a-bd73-ff8c1966f048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46728", "type": "seen", "source": "Telegram/6XDP4M1wkfL7m7vq90Tisvnt9Hir_tEqb2ho5KerLaKNi_8", "content": "", "creation_timestamp": "2025-05-06T04:01:13.000000Z"}, {"uuid": "b2b30dba-52b9-4508-97a8-b234ee4d985c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46729", "type": "seen", "source": "https://t.me/cvedetector/25076", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46729 - Julmud/phpDVDProfiler Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46729 \nPublished : May 12, 2025, 11:15 a.m. | 1\u00a0hour ago \nDescription : julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v_20230807 and prior to v_20250511, cross-site scripting in the search function. v_20250511 contains a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T14:26:24.000000Z"}, {"uuid": "bdd88bc3-79b4-4e95-9816-9e2a2d1f7e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-46726", "type": "published-proof-of-concept", "source": "https://github.com/langroid/langroid/security/advisories/GHSA-pw95-88fg-3j6f", "content": "", "creation_timestamp": "2025-05-05T16:03:18.000000Z"}, {"uuid": "8574edc8-e211-4b81-8802-a84491b53eb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46723", "type": "seen", "source": "https://t.me/cvedetector/24380", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46723 - OpenVM AUIPC Instruction Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46723 \nPublished : May 2, 2025, 11:15 p.m. | 17\u00a0minutes ago \nDescription : OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-03T01:59:27.000000Z"}, {"uuid": "19a1431b-4763-40eb-b247-672836996314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46720", "type": "seen", "source": "https://t.me/cvedetector/24478", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46720 - Keystone Node.js Oracle Filter Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-46720 \nPublished : May 5, 2025, 7:15 p.m. | 20\u00a0minutes ago \nDescription : Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don't use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-05T21:44:13.000000Z"}, {"uuid": "8c5770fc-263b-4b21-b8cc-c23538f1c87a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46726", "type": "seen", "source": "https://t.me/cvedetector/24502", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46726 - Langroid XMLToolMessage XML External Entity (XXE) Denial of Service (DoS) and Local File Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-46726 \nPublished : May 5, 2025, 8:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T00:15:13.000000Z"}, {"uuid": "668a74d8-d903-4b30-ad84-42a1cd7d1507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46728", "type": "seen", "source": "https://t.me/cvedetector/24527", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46728 - cpp-httplib Chunked Request Body Overflow\", \n  \"Content\": \"CVE ID : CVE-2025-46728 \nPublished : May 6, 2025, 1:15 a.m. | 26\u00a0minutes ago \nDescription : cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attacker can send a chunked request without the terminating zero-length chunk, causing uncontrolled memory allocation on the server. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits during parsing. If the limit is exceeded at any point during reading, the connection is terminated immediately. A short-term workaround through a Reverse Proxy is available. If updating the library immediately is not feasible, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the `cpp-httplib` application. Configure the proxy to enforce maximum request body size limits, thereby stopping excessively large requests before they reach the vulnerable library code. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T04:26:11.000000Z"}, {"uuid": "e30ae13c-e0a7-48d8-ae03-1c41eff5b8bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46727", "type": "seen", "source": "https://t.me/cvedetector/24783", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46727 - Rack Denial of Service (DoS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46727 \nPublished : May 7, 2025, 11:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. The vulnerability arises because `Rack::QueryParser` iterates over each `&`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing. An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted. Versions 2.2.14, 3.0.16, and 3.1.14 fix the issue. Some other mitigations are available. One may use middleware to enforce a maximum query string size or parameter count, or employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies. Limiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T03:23:23.000000Z"}, {"uuid": "ec958dec-6af3-44e5-8243-01c1e1bb4789", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-46724", "type": "published-proof-of-concept", "source": "https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj", "content": "", "creation_timestamp": "2025-05-20T15:54:09.000000Z"}]}