CVE/GHSA: CVE-2025-64518 / GHSA-6fhj-vr9j-g45r
Component: org.cyclonedx:cyclonedx-core-java (XmlParser.validate)
Tested release: 11.0.0 (vulnerable) vs 11.0.1 (patched)
Date analysed: 2025-11-11
Analyst: Internal Product Security
CWE: CWE-611 (Improper Restriction of XML External Entity Reference)
Giuseppe Massaro N3mes1s
N3mes1s
/ CVE-2025-64518.md
Created
November 11, 2025 12:49
CVE-2025-64518 - CycloneDX Core Java Validator XXE
N3mes1s
/ CVE-2025-21624.md
Created
November 6, 2025 22:08
CVE-2025-21624 - LangGraph JsonPlusSerializer "json" Mode Constructor RCE
- Product / Component:
langgraph-checkpoint–JsonPlusSerializer(libs/checkpoint/langgraph/checkpoint/serde/jsonplus.py) - CVE: CVE-2025-21624
- Advisory: GHSA-wwqv-p2pp-99h5
- Tested Version:
langgraph-checkpoint==2.1.2(representative of all< 3.0releases) - Attack Vector: Crafted checkpoint deserialization
- Impact: Arbitrary Python code execution when deserializing crafted checkpoints saved with the
"json"serialization mode
N3mes1s
/ honeypot-CVE-2025-41390.md
Created
November 6, 2025 15:40
TruffleHog Honeypot & Detection Playbook (CVE-2025-41390)
TruffleHog v3.x (prior to the 2025-10-17 fix) shells out to git against the
workspace that is being scanned. Any repository that ships with a malicious
.git/config can execute shell commands via options such as core.fsmonitor,
core.pager, or diff.*. Defenders can turn this weakness into an early
warning system by planting honeypot hooks that only hostile scanners should
trigger.
This guide shows how to seed those hooks, which markers to use, and how to
N3mes1s
/ CVE-2025-47151.md
Created
November 6, 2025 14:32
CVE-2025-47151 — Lasso `SNIPPET_ANY` Type Confusion
CVE: CVE-2025-47151
Component: Entr'ouvert Lasso XML parser (lasso_node_impl_init_from_xml)
Tested release: 2.8.2 (vulnerable)
Date analysed: 2025-11-06
Analyst: Internal Product Security
CWE: CWE-843 (Access of Resource Using Incompatible Type)
N3mes1s
/ CVE-2025-10966.md
Created
November 6, 2025 14:22
CVE-2025-10966 - curl + wolfSSH Known-Hosts MITM Bypass
Component: curl SFTP backend compiled against wolfSSH
Tested release: curl 8.16.0-DEV (curl-8_16_0 tag) with wolfSSH 1.4.21
Fixed release: curl 8.17.0 (CVE-2025-10966)
Date analysed: 2025-11-06
Analyst: Internal Product Security
CWE: CWE-300 (Channel Accessible by Non-Endpoint “Man-in-the-Middle”), CWE-297 (Improper Validation of Certificate with Host Mismatch)
N3mes1s
/ FlatBuffers-ResizeVector.md
Created
November 6, 2025 13:54
FlatBuffers Reflection `ResizeVector` Heap Corruption → RCE
Exposure note: The vulnerable helpers (ResizeVector / ResizeAnyVector) live in the reflection API and are usually only reachable in tooling or admin interfaces. Typical FlatBuffers consumers do not expose these calls directly to untrusted users. Reproduction therefore assumes an environment where an attacker can influence reflection-driven resizing (e.g., malicious plugins, automation, or internal tooling).
- Target: google/flatbuffers
ResizeVector/ResizeAnyVectorreflection helpers - Commit tested:
599847236c35fa3802ea4e46e20e93a55d3a4a94(master, unreleased) - Impact: Critical – attacker-controlled
newsizevalues corrupt heap metadata and enable code execution - Release status: Bug exists in public releases since commit
7101224d8(2015‑07‑31); still present in tagv25.9.23
N3mes1s
/ CVE-2025-64459.md
Created
November 6, 2025 12:53
CVE-2025-64459 — Django QuerySet `_connector` SQL Injection
CVE: CVE-2025-64459
Component: Django ORM (QuerySet _connector handling)
Tested release: 5.2.7 (vulnerable)
Date analysed: 2025-11-06
Analyst: Internal Product Security
CWE: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command)
N3mes1s
/ CVE-2025-47776.md
Created
November 4, 2025 07:21
CVE-2025-47776 — MantisBT MD5 Type Juggling Authentication Bypass
CVE: CVE-2025-47776 (GHSA-4v8w-gg5j-ph37)
Component: MantisBT core authentication (core/authentication_api.php)
Vulnerable versions: < 2.27.2 with g_login_method = MD5
Patched version: 2.27.2
Date analysed: 2025-11-03
Analyst: Internal Product Security
CWE: CWE-287 (Improper Authentication), CWE-697 (Incorrect Comparison)
Reference advisory: https://github.com/advisories/GHSA-4v8w-gg5j-ph37
N3mes1s
/ CVE-2025-24893.md
Created
November 2, 2025 13:40
CVE-2025-24893 - XWiki SolrSearch Guest Remote Code Execution (GHSA-rr6p-3pfg-562j / XWIKI-22149)
- CVE: CVE-2025-24893
- Issue: XWiki exposes the
/xwiki/bin/get/Main/SolrSearchendpoint that renders user-controlled wiki macros inside the RSS response whenmedia=rssis supplied. This allows unauthenticated remote attackers to execute arbitrary Groovy code on affected installations. - Affected build confirmed:
xwiki-platform-distribution-flavor-jetty-hsqldb-16.4.0(Jetty + HSQLDB bundle). - Exploit outcome: The proof-of-concept payload executes server-side Groovy and writes a marker file to
/tmp/xwiki_rce_marker, demonstrating arbitrary code execution and file system modification. - Severity: Critical (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
- CWE: CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection').
N3mes1s
/ CVE-2025-64112.md
Created
October 31, 2025 18:47
CVE-2025-64112: Statamic Control Panel Stored XSS + CSRF
- Ticket: STATAMIC-CP-STORED-XSS-CSRF
- Application: Statamic CMS Control Panel
- Tested build: Statamic CMS 5.22.0 (Composer install) on PHP 8.1.2, SQLite backend
- Date analysed: 2025-10-31
- Analyst: Internal Product Security
- CWE: CWE-79 (Stored XSS), CWE-352 (Cross-Site Request Forgery)