{"vulnerability": "cve-2025-2319", "sightings": [{"uuid": "d6ac9d32-96c6-4928-a86b-0d772417277a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23192", "type": "published-proof-of-concept", "source": "Telegram/UVPTEGvNWegLT6R4iAM8IA5DDdZ7pzDRTagvDaZDKFK5Xkw", "content": "", "creation_timestamp": "2025-06-10T01:33:54.000000Z"}, {"uuid": "2a3b36b3-5879-4128-9b65-e6c527a631b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2319", "type": "seen", "source": "https://t.me/cvedetector/21075", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2319 - WordPress EZ SQL Reports Cross-Site Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2025-2319 \nPublished : March 25, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T11:08:00.000000Z"}, {"uuid": "59c513de-25c0-4944-9501-d6a3e52e5d51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23197", "type": "seen", "source": "https://t.me/cvedetector/16487", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23197 - Matrix Hookshot GitHub Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-23197 \nPublished : Jan. 27, 2025, 6:15 p.m. | 22\u00a0minutes ago \nDescription : matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can crash on restart due to a missing check. The impact is greater to you untrusted users can add their own GitHub organizations to Hookshot in order to connect their room to a repository. This vulnerability is fixed in 6.0.2 and 5.4.2. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T20:11:17.000000Z"}, {"uuid": "3782b0ca-a481-4fa8-8535-cd6dca40d76c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23199", "type": "seen", "source": "https://t.me/cvedetector/15666", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23199 - Librenms Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23199 \nPublished : Jan. 16, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T00:54:48.000000Z"}, {"uuid": "c169912f-cee0-40c3-b7e2-95c83dac004a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23198", "type": "seen", "source": "https://t.me/cvedetector/15665", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23198 - Librenms Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23198 \nPublished : Jan. 16, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T00:54:48.000000Z"}, {"uuid": "78e48621-c166-4e3b-8049-98bf748efdbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23195", "type": "seen", "source": "https://t.me/cvedetector/16031", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23195 - Ambari Oozie XXE Injection\", \n  \"Content\": \"CVE ID : CVE-2025-23195 \nPublished : Jan. 21, 2025, 10:15 p.m. | 18\u00a0minutes ago \nDescription : An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie   \nproject, allowing an attacker to inject malicious XML entities. This   \nvulnerability occurs due to insecure parsing of XML input using the   \n`DocumentBuilderFactory` class without disabling external entity   \nresolution. An attacker can exploit this vulnerability to read arbitrary  \n files on the server or perform server-side request forgery (SSRF)   \nattacks. The issue has been fixed in both Ambari 2.7.9 and the trunk   \nbranch. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T23:40:20.000000Z"}, {"uuid": "d24f5ae0-2c03-474f-ae96-c585504a038b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23196", "type": "seen", "source": "https://t.me/cvedetector/16035", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23196 - Ambari Shell Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23196 \nPublished : Jan. 21, 2025, 10:15 p.m. | 18\u00a0minutes ago \nDescription : A code injection vulnerability exists in the Ambari Alert Definition   \nfeature, allowing authenticated users to inject and execute arbitrary   \nshell commands. The vulnerability arises when defining alert scripts,   \nwhere the script filename field is executed using `sh -c`. An attacker   \nwith authenticated access can exploit this vulnerability to inject   \nmalicious commands, leading to remote code execution on the server. The   \nissue has been fixed in the latest versions of Ambari. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T23:40:26.000000Z"}, {"uuid": "9a469129-2590-41d6-bbd1-d7fcaddfe3a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23198", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfvfwpku4t2n", "content": "", "creation_timestamp": "2025-01-16T23:15:47.274994Z"}, {"uuid": "2dc88581-c90d-4128-825b-1c26ffb21ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23199", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfvfwrzzku2e", "content": "", "creation_timestamp": "2025-01-16T23:15:49.686893Z"}, {"uuid": "f697ba4e-dc2f-4392-beb8-a3b74283d145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23195", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbuwdqsuk2n", "content": "", "creation_timestamp": "2025-01-21T22:15:57.732155Z"}, {"uuid": "cd3aec98-8679-45a5-b72c-8aaf3b84ca59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23196", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbuwgdr5m2w", "content": "", "creation_timestamp": "2025-01-21T22:16:00.484758Z"}, {"uuid": "51ef7b90-63ae-489b-bd0c-08c64b9a60f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23196", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113872794447691423", "content": "", "creation_timestamp": "2025-01-22T15:49:11.789428Z"}, {"uuid": "6b7ad6d9-e431-4c61-a0db-b36fb3cf2acf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23196", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdpsqsjun2r", "content": "", "creation_timestamp": "2025-01-22T15:49:54.156525Z"}, {"uuid": "be493589-e818-4665-baa5-82d4c3a60b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2319", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll73wr6okg26", "content": "", "creation_timestamp": "2025-03-25T10:49:26.961478Z"}, {"uuid": "b42aa8dc-aa3d-4312-a7fd-c5e54a95feab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23192", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr7wc4iz7g2a", "content": "", "creation_timestamp": "2025-06-10T03:12:14.994173Z"}, {"uuid": "540723cf-cde2-4689-81c8-c8eefe316822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23190", "type": "seen", "source": "https://t.me/cvedetector/17631", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23190 - Oracle Database Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-23190 \nPublished : Feb. 11, 2025, 1:15 a.m. | 31\u00a0minutes ago \nDescription : Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T03:07:57.000000Z"}, {"uuid": "81883218-30c9-416f-b7d6-1258ce0d26fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23193", "type": "seen", "source": "https://t.me/cvedetector/17627", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23193 - SAP NetWeaver Server ABAP Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-23193 \nPublished : Feb. 11, 2025, 1:15 a.m. | 31\u00a0minutes ago \nDescription : SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server availability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T03:07:54.000000Z"}, {"uuid": "3bc5daef-c438-4d00-907d-a1bd97f07464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23191", "type": "seen", "source": "https://t.me/cvedetector/17626", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23191 - SAP Fiori for SAP ERP Host Header Injection\", \n  \"Content\": \"CVE ID : CVE-2025-23191 \nPublished : Feb. 11, 2025, 1:15 a.m. | 31\u00a0minutes ago \nDescription : Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T03:07:51.000000Z"}, {"uuid": "7068ef68-720f-4361-8977-6d9af64a854b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23199", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23199\n\ud83d\udd39 Description: librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-16T22:23:48.323Z\n\ud83d\udccf Modified: 2025-01-16T22:23:48.323Z\n\ud83d\udd17 References:\n1. https://github.com/librenms/librenms/security/advisories/GHSA-27vf-3g4f-6jp7", "creation_timestamp": "2025-01-16T22:56:26.000000Z"}, {"uuid": "4b691285-f6c9-43d6-accc-1f6619f7bc9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23198", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23198\n\ud83d\udd39 Description: librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-16T22:26:25.873Z\n\ud83d\udccf Modified: 2025-01-16T22:26:25.873Z\n\ud83d\udd17 References:\n1. https://github.com/librenms/librenms/security/advisories/GHSA-pm8j-3v64-92cq", "creation_timestamp": "2025-01-16T22:56:25.000000Z"}, {"uuid": "7c180dc4-1a18-474f-96ef-fcdff43ad28e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23195", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2502", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23195\n\ud83d\udd39 Description: An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie \nproject, allowing an attacker to inject malicious XML entities. This \nvulnerability occurs due to insecure parsing of XML input using the \n`DocumentBuilderFactory` class without disabling external entity \nresolution. An attacker can exploit this vulnerability to read arbitrary\n files on the server or perform server-side request forgery (SSRF) \nattacks. The issue has been fixed in both Ambari 2.7.9 and the trunk \nbranch.\n\ud83d\udccf Published: 2025-01-21T21:22:33.286Z\n\ud83d\udccf Modified: 2025-01-21T21:22:33.286Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/hsb6mvxd7g37dq1ygtd0pd88gs9tfcwq", "creation_timestamp": "2025-01-21T22:01:22.000000Z"}, {"uuid": "d9435970-7a52-4de1-89c8-3bf5f7b5038c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23196", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2501", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23196\n\ud83d\udd39 Description: A code injection vulnerability exists in the Ambari Alert Definition \nfeature, allowing authenticated users to inject and execute arbitrary \nshell commands. The vulnerability arises when defining alert scripts, \nwhere the script filename field is executed using `sh -c`. An attacker \nwith authenticated access can exploit this vulnerability to inject \nmalicious commands, leading to remote code execution on the server. The \nissue has been fixed in the latest versions of Ambari.\n\ud83d\udccf Published: 2025-01-21T21:23:41.389Z\n\ud83d\udccf Modified: 2025-01-21T21:23:41.389Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837", "creation_timestamp": "2025-01-21T22:01:21.000000Z"}, {"uuid": "68a60202-94bc-47e9-b048-fd1bf3406aed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23194", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23194\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application.\n\ud83d\udccf Published: 2025-03-11T00:32:11.498Z\n\ud83d\udccf Modified: 2025-03-11T02:13:53.935Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3561792\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T02:40:06.000000Z"}, {"uuid": "3023ba4b-9720-4fc6-a40c-ef316b80771c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23196", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgfzyb2qtc2p", "content": "", "creation_timestamp": "2025-01-23T13:57:10.731082Z"}, {"uuid": "a75d6e3c-ac7e-4cfe-828d-112b6dba61ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23195", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgfzyb2qtc2p", "content": "", "creation_timestamp": "2025-01-23T13:57:10.779752Z"}, {"uuid": "559d76c4-b529-426a-838f-fa8d2ef986a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23197", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqkd37gqx27", "content": "", "creation_timestamp": "2025-01-27T18:16:09.936336Z"}, {"uuid": "5603135c-5bb3-45b1-b6d3-e73e0f4d736f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23190", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113982588650069367", "content": "", "creation_timestamp": "2025-02-11T01:11:17.721430Z"}, {"uuid": "2837f195-b9cb-47cf-ae19-58bb0bd80e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23191", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113982588664176527", "content": "", "creation_timestamp": "2025-02-11T01:11:17.790238Z"}, {"uuid": "c95e1a98-e580-4e00-80bc-2ecd7154a3d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23193", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113982588678796874", "content": "", "creation_timestamp": "2025-02-11T01:11:18.010818Z"}, {"uuid": "2f25bf96-e280-41f2-9f75-857ac218a6d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23190", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuiclmfut2h", "content": "", "creation_timestamp": "2025-02-11T01:15:56.744645Z"}, {"uuid": "4e142d14-6591-422a-a6e1-f7c86d44e7b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23191", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuicnywal2c", "content": "", "creation_timestamp": "2025-02-11T01:15:59.144041Z"}, {"uuid": "b91b35ae-1ab9-44ce-9e21-6a34ed32a73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23193", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuicqh4332h", "content": "", "creation_timestamp": "2025-02-11T01:16:01.886010Z"}, {"uuid": "98392343-4e48-4984-aac1-f3ee97c30a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2319", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8631", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2319\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.\n\ud83d\udccf Published: 2025-03-25T08:22:16.524Z\n\ud83d\udccf Modified: 2025-03-25T08:22:16.524Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/eade6ab0-ff79-4107-83ce-e85b37d97442?source=cve\n2. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.25.08/index.php\n3. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/5.21.35/index.php\n4. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.42/index.php\n5. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.17.38/index.php\n6. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.16.38/index.php\n7. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4.11.37/index.php\n8. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.33/index.php\n9. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.15/index.php\n10. https://plugins.trac.wordpress.org/browser/elisqlreports/tags/4..11.13/index.php", "creation_timestamp": "2025-03-25T09:24:18.000000Z"}, {"uuid": "df2c74f0-569d-41e5-a96a-0e2ee03fe864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2319", "type": "published-proof-of-concept", "source": "Telegram/d874YtfjRzSeJrj5ty8uatKWcKwQKjZYN7PQfn6_9YdZXOI", "content": "", "creation_timestamp": "2025-03-25T10:01:07.000000Z"}, {"uuid": "6716e98e-3891-4e3c-9c4a-892b4e824da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23196", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgbro6z44u2n", "content": "", "creation_timestamp": "2025-01-21T21:17:43.307735Z"}, {"uuid": "9b9c24c6-3aab-4035-bd8a-0bea750e745c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23195", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgbro7rhew24", "content": "", "creation_timestamp": "2025-01-21T21:17:44.215697Z"}, {"uuid": "d4906f53-3ea4-4f7d-a8ec-7e0f542979fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23195", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lgd4fpsmro2j", "content": "", "creation_timestamp": "2025-01-22T10:02:30.403643Z"}, {"uuid": "683e7dca-0db6-4af5-8c30-b65547a8bb3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23197", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113901498998569976", "content": "", "creation_timestamp": "2025-01-27T17:29:07.536621Z"}, {"uuid": "21755703-793f-4236-a424-fd0fb6c4a70b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23191", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhusbvedwp2h", "content": "", "creation_timestamp": "2025-02-11T04:14:33.744718Z"}, {"uuid": "a51aeaf6-b7f5-493b-9437-29212962e8ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23190", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhusbvhrtt2n", "content": "", "creation_timestamp": "2025-02-11T04:14:34.608337Z"}, {"uuid": "9300a830-a7ce-47cf-9c34-677e63bff42a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23193", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhusbvrnvp2e", "content": "", "creation_timestamp": "2025-02-11T04:14:37.387914Z"}, {"uuid": "53e1a533-38ad-4749-86b0-3ccbfca813f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23194", "type": "seen", "source": "https://t.me/cvedetector/20022", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23194 - SAP NetWeaver Enterprise Portal OBN Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-23194 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:46.000000Z"}]}