{"vulnerability": "CVE-2025-2322", "sightings": [{"uuid": "bc9b9070-3d22-4b3d-bf82-0542f0414bc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23221", "type": "seen", "source": "https://bsky.app/profile/cert-illicium.bsky.social/post/3lgaqhl66zk2g", "content": "", "creation_timestamp": "2025-01-21T11:23:28.561169Z"}, {"uuid": "f79ab816-d0e5-47bd-bb1c-6f222b2ea6fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23220", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861495354774247", "content": "", "creation_timestamp": "2025-01-20T15:55:40.551360Z"}, {"uuid": "404cd358-e0f4-4265-bfd1-cab10726ef30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23221", "type": "seen", "source": "https://bsky.app/profile/fedify.hollo.social.ap.brid.gy/post/3lg6qthfoxzg2", "content": "", "creation_timestamp": "2025-01-20T16:24:55.909231Z"}, {"uuid": "ac88a589-c679-4e58-a384-440b0a025895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23221", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861725489994406", "content": "", "creation_timestamp": "2025-01-20T16:54:14.039212Z"}, {"uuid": "8bbb68d1-6df6-435c-b783-39e4439691a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23220", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lg6siguvda2e", "content": "", "creation_timestamp": "2025-01-20T16:54:27.195079Z"}, {"uuid": "2856df7d-3976-4516-aa23-e24ca9ad362d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23221", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lg6to2dokn2r", "content": "", "creation_timestamp": "2025-01-20T17:15:27.048002Z"}, {"uuid": "22aae131-6259-4994-8b75-9c7361601042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23221", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lg6uywrpb62k", "content": "", "creation_timestamp": "2025-01-20T17:39:25.688088Z"}, {"uuid": "41d40c02-9686-4bb3-978a-ee2bd120a0b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113884397944832603", "content": "", "creation_timestamp": "2025-01-24T17:00:06.205181Z"}, {"uuid": "c5564d74-a47c-4b43-9f7c-5cdcb5d683f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgnykdzmzb25", "content": "", "creation_timestamp": "2025-01-26T17:52:47.313411Z"}, {"uuid": "1270340b-f1a8-40b8-adc5-2884e6dc6fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lho4lfycgi2q", "content": "", "creation_timestamp": "2025-02-08T12:30:10.135032Z"}, {"uuid": "7ddb7384-65a8-4f3d-98e5-72e6b1ab644f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lq2gykpbkz2g", "content": "", "creation_timestamp": "2025-05-26T05:29:58.255979Z"}, {"uuid": "efd0413b-3f97-4a4c-a889-8a92dc5d38aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23225", "type": "seen", "source": "https://t.me/cvedetector/19116", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23225 - IBM MQ Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23225 \nPublished : Feb. 28, 2025, 3:15 a.m. | 42\u00a0minutes ago \nDescription : IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T05:19:13.000000Z"}, {"uuid": "81b6b5a0-175c-4a5f-8459-793cf2f650c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/16311", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23222 - Deepin dde-api-proxy Root Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2025-23222 \nPublished : Jan. 24, 2025, 5:15 p.m. | 44\u00a0minutes ago \nDescription : An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T19:25:40.000000Z"}, {"uuid": "fb35ee65-8d8a-40dd-9169-72967fcca187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23225", "type": "seen", "source": "Telegram/DwdqHZpGcqpx4p_68y1_NCxFKWbDK9PFUa8ZT_UR5EX5prJ7", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "a6b683d2-5d2c-4cd1-a168-d95f343ba420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2322", "type": "seen", "source": "https://t.me/cvedetector/20370", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2322 - Springblade OpenController.java Hard-Coded Credentials Remote Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-2322 \nPublished : March 15, 2025, 2:15 p.m. | 1\u00a0hour, 58\u00a0minutes ago \nDescription : A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T17:47:42.000000Z"}, {"uuid": "b5b554d2-8559-44ac-8bce-e941e47af108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23221", "type": "seen", "source": "https://t.me/cvedetector/15899", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23221 - Fedify Blind SSRF and DoS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23221 \nPublished : Jan. 20, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim\u2019s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-20T19:13:34.000000Z"}, {"uuid": "f68e347b-bfad-4a66-9c9c-67bae705b9bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23220", "type": "seen", "source": "https://t.me/cvedetector/15894", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23220 - WeGIA SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23220 \nPublished : Jan. 20, 2025, 4:15 p.m. | 43\u00a0minutes ago \nDescription : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-20T18:23:18.000000Z"}, {"uuid": "9351405e-e939-48bd-9e0e-aeaeac9e0648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23227", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113878851777568302", "content": "", "creation_timestamp": "2025-01-23T17:29:38.622170Z"}, {"uuid": "2d673372-9986-4f8f-900a-da7a0d1fb388", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23227", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lggjsbic3i2w", "content": "", "creation_timestamp": "2025-01-23T18:40:12.119003Z"}, {"uuid": "9b3e91d1-9a18-401a-a45b-bc4c69c3fbbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23225", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj7phjtrjw2t", "content": "", "creation_timestamp": "2025-02-28T05:48:28.091881Z"}, {"uuid": "daec76d0-278e-4dd7-9255-298485e4a4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "MISP/f7787455-9994-4047-b6f7-77347597c104", "content": "", "creation_timestamp": "2025-08-26T18:36:20.000000Z"}, {"uuid": "a2ec93b5-c1ad-44c3-8530-2a1ea769dc97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2935", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23222\n\ud83d\udd39 Description: An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the actual D-Bus services don't know about the proxy situation (they believe that root is asking them to do things). Consequently several proxied methods, that shouldn't be accessible to non-root users, are accessible to non-root users. In situations where Polkit is involved, the caller would be treated as admin, resulting in a similar escalation of privileges.\n\ud83d\udccf Published: 2025-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T16:58:18.102Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=1229918\n2. https://www.openwall.com/lists/oss-security/2025/01/24/3\n3. https://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html", "creation_timestamp": "2025-01-24T17:04:47.000000Z"}, {"uuid": "a10316b0-a7ed-4c3c-bd0b-c8f05a6d764b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2322", "type": "seen", "source": "Telegram/3ntChVSRPIz3nervfZJuLde4FHe8w2CwaqD4Ndokfi4u0uc", "content": "", "creation_timestamp": "2025-03-15T15:30:39.000000Z"}, {"uuid": "c49cc6d9-f64c-4d73-8c58-71897b620898", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11762", "content": "#Threat_Research\n1. dde-api-proxy: Authentication Bypass in Deepin D-Bus Proxy Service (CVE-2025-23222)\nhttps://security.opensuse.org/2025/01/24/dde-api-proxy-privilege-escalation.html\n2. Exploring Recent CVEs in HPE Insight Remote Support\nhttps://www.pwnfuzz.com/posts/hpe-irs-cve-deep-dive", "creation_timestamp": "2025-02-02T01:23:28.000000Z"}, {"uuid": "1877776b-1a86-4091-b01f-535347c2bb9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23220", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113867128641644822", "content": "", "creation_timestamp": "2025-01-21T15:48:18.034999Z"}, {"uuid": "e2eb80a3-34ad-4990-a9d8-040b2477e6f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lgxcn7args2j", "content": "", "creation_timestamp": "2025-01-30T10:47:20.916448Z"}, {"uuid": "608860cd-d0e0-4f68-b97e-b7817889339d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23222", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113884588460255457", "content": "", "creation_timestamp": "2025-01-24T17:48:33.874944Z"}, {"uuid": "49b298fd-ab3c-4681-bac0-a4cce5b043d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23227", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lggihe5tnq2x", "content": "", "creation_timestamp": "2025-01-23T18:16:09.025836Z"}, {"uuid": "5fb2ea66-8148-440b-8836-75e8f3c310e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2322", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkgfmspvy52h", "content": "", "creation_timestamp": "2025-03-15T15:06:17.442873Z"}, {"uuid": "219b08f0-fed7-48ae-92e8-94915bf965e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23225", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "cc74554b-09d8-41f2-9bb3-33678fe743e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23221", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2369", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23221\n\ud83d\udd39 Description: Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim\u2019s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4.\n\ud83d\udccf Published: 2025-01-20T16:49:31.738Z\n\ud83d\udccf Modified: 2025-01-20T16:49:31.738Z\n\ud83d\udd17 References:\n1. https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx\n2. https://github.com/dahlia/fedify/commit/8be3c2038eebf4ae12481683a1e809b314be3151\n3. https://github.com/dahlia/fedify/commit/c505eb82fcd6b5b17174c6659c29721bc801ab9a\n4. https://github.com/dahlia/fedify/commit/e921134dd5097586e4563ea80b9e8d1b5460a645", "creation_timestamp": "2025-01-20T16:59:19.000000Z"}, {"uuid": "948b4e18-f17d-418f-a30e-b8e83b84227b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23220", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2363", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23220\n\ud83d\udd39 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.\n\ud83d\udccf Published: 2025-01-20T15:48:36.049Z\n\ud83d\udccf Modified: 2025-01-20T15:48:36.049Z\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-425j-h4cf-g52j\n2. https://github.com/LabRedesCefetRJ/WeGIA/commit/1739e1589948a207b8a82b9bfe078cb826d420de", "creation_timestamp": "2025-01-20T16:01:42.000000Z"}, {"uuid": "8d9642a1-010b-4f56-b70b-52a7449bfad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23227", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2791", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23227\n\ud83d\udd39 Description: IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\n\ud83d\udccf Published: 2025-01-23T17:19:35.814Z\n\ud83d\udccf Modified: 2025-01-23T17:19:35.814Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7181334", "creation_timestamp": "2025-01-23T18:03:28.000000Z"}, {"uuid": "f21b69f3-5ef0-4c38-8c09-5d7afeefc159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23225", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5829", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23225\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.\n\ud83d\udccf Published: 2025-02-28T02:23:30.753Z\n\ud83d\udccf Modified: 2025-02-28T02:23:30.753Z\n\ud83d\udd17 References:\n1. https://www.ibm.com/support/pages/node/7183372", "creation_timestamp": "2025-02-28T03:26:32.000000Z"}, {"uuid": "df948955-4872-47be-83d7-c0cd36868cc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2322", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7682", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2322\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-15T13:31:07.674Z\n\ud83d\udccf Modified: 2025-03-15T13:31:07.674Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299751\n2. https://vuldb.com/?ctiid.299751\n3. https://vuldb.com/?submit.505694\n4. https://www.cnblogs.com/aibot/p/18732299", "creation_timestamp": "2025-03-15T13:44:37.000000Z"}, {"uuid": "6536157d-3091-4e7c-8a9f-010c1b5537cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23227", "type": "seen", "source": "https://t.me/cvedetector/16217", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23227 - IBM Tivoli Application Dependency Discovery Manager Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-23227 \nPublished : Jan. 23, 2025, 6:15 p.m. | 42\u00a0minutes ago \nDescription : IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T19:59:24.000000Z"}]}