{"vulnerability": "cve-2025-2342", "sightings": [{"uuid": "ea55d308-ce14-4bf1-92d9-b77ed87f0030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23420", "type": "seen", "source": "https://t.me/cvedetector/19449", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23420 - OpenHarmony OOB Write Arbitrary Code Execution\", \n  \"Content\": \"CVE ID : CVE-2025-23420 \nPublished : March 4, 2025, 4:15 a.m. | 22\u00a0minutes ago \nDescription : in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. \nSeverity: 3.8 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T05:47:58.000000Z"}, {"uuid": "a61c51c5-8830-4b7b-9103-0e8b1976d872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23422", "type": "seen", "source": "https://t.me/cvedetector/16276", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23422 - WordPress Store Locator Path Traversal\", \n  \"Content\": \"CVE ID : CVE-2025-23422 \nPublished : Jan. 24, 2025, 11:15 a.m. | 28\u00a0minutes ago \nDescription : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Store Locator allows PHP Local File Inclusion. This issue affects Store Locator: from n/a through 3.98.10. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T12:44:10.000000Z"}, {"uuid": "28ee8931-906c-4f4d-8451-eec343653fdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23425", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6287", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23425\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marekki Marekkis Watermark allows Reflected XSS. This issue affects Marekkis Watermark: from n/a through 0.9.4.\n\ud83d\udccf Published: 2025-03-03T13:30:01.076Z\n\ud83d\udccf Modified: 2025-03-03T20:11:00.129Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/marekkis-watermark/vulnerability/wordpress-marekkis-watermark-plugin-0-9-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:56.000000Z"}, {"uuid": "0f1204b7-2749-4692-b501-86a737cfebe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23420", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6319", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23420\n\ud83d\udd25 CVSS Score: 3.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.\n\ud83d\udccf Published: 2025-03-04T03:44:51.036Z\n\ud83d\udccf Modified: 2025-03-04T03:44:51.036Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md", "creation_timestamp": "2025-03-04T04:34:20.000000Z"}, {"uuid": "dee4dac6-9720-427e-9847-3b480636df9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2342", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7715", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2342\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-16T16:00:07.647Z\n\ud83d\udccf Modified: 2025-03-16T16:00:07.647Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299808\n2. https://vuldb.com/?ctiid.299808\n3. https://vuldb.com/?submit.512419\n4. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-2-hardcoded-credentials-in-apk-iroad--v525-to-ports-9091-and-9092", "creation_timestamp": "2025-03-16T16:46:44.000000Z"}, {"uuid": "f3407058-ab6c-407d-a755-e1cc954bbe20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23420", "type": "seen", "source": "Telegram/ncF1gdy4WUeFN2zrjxPbmrb6-nTxYsVpwlgNGTLINsV5vZc", "content": "", "creation_timestamp": "2025-03-04T19:32:30.000000Z"}, {"uuid": "f6bd6778-c57c-4222-ae9d-ef9ea7401275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23423", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839838568235272", "content": "", "creation_timestamp": "2025-01-16T20:08:04.155256Z"}, {"uuid": "594a0307-e53f-449a-93ad-87c5f073052e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23424", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839838583632784", "content": "", "creation_timestamp": "2025-01-16T20:08:04.515901Z"}, {"uuid": "69b82474-1418-4326-83bf-e501d643d0a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23426", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839838597543340", "content": "", "creation_timestamp": "2025-01-16T20:08:04.617509Z"}, {"uuid": "b0e784f0-449a-46a4-b299-82ff4652a736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23423", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3vmlrbf2j", "content": "", "creation_timestamp": "2025-01-16T20:16:13.049148Z"}, {"uuid": "9c7877a8-2ebc-48a5-8de7-5a573c36e1e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23424", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3vou6ua2n", "content": "", "creation_timestamp": "2025-01-16T20:16:15.429204Z"}, {"uuid": "7401c1c7-8e9c-4589-b9a0-6edabde0f463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23426", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3vrct3g2s", "content": "", "creation_timestamp": "2025-01-16T20:16:17.970051Z"}, {"uuid": "a4e06bcd-3e08-42c2-96ba-4ba51aad33bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23429", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3vtmbxq2h", "content": "", "creation_timestamp": "2025-01-16T20:16:20.421002Z"}, {"uuid": "e212ee5f-5681-4972-9b71-3472a4f907bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23427", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113882964864775295", "content": "", "creation_timestamp": "2025-01-24T10:55:39.356539Z"}, {"uuid": "befb7102-f619-4994-b8cf-e910d56e24c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23422", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113882964850101601", "content": "", "creation_timestamp": "2025-01-24T10:55:39.105805Z"}, {"uuid": "c3fc3bac-2001-41ba-9cdb-acbdac6995d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23428", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114002396522413460", "content": "", "creation_timestamp": "2025-02-14T13:08:41.770778Z"}, {"uuid": "606adc78-a295-497f-b7f2-e2a866d32004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23428", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5bxhap3n2d", "content": "", "creation_timestamp": "2025-02-14T13:16:19.594141Z"}, {"uuid": "7d85df7b-391f-443e-ae21-5f448fe01277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23421", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4362", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23421\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T22:15:12.073\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01\n2. https://www.qardio.com/about-us/#contact", "creation_timestamp": "2025-02-13T23:11:41.000000Z"}, {"uuid": "a2630841-86dc-40c6-8ff3-6ffce2d8e9f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23421", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4409", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23421\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: An attacker could obtain firmware files and reverse engineer their \nintended use leading to loss of confidentiality and integrity of the \nhardware devices enabled by the Qardio iOS and Android applications.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-23421\n2. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01\n3. https://www.qardio.com/about-us/#contact", "creation_timestamp": "2025-02-14T01:17:10.000000Z"}, {"uuid": "c4615779-3ab7-4ba8-b73e-f3a22520c7e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23427", "type": "seen", "source": "https://t.me/cvedetector/16269", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23427 - Dovy Paukstys Redux Converter Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-23427 \nPublished : Jan. 24, 2025, 11:15 a.m. | 28\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dovy Paukstys Redux Converter allows Reflected XSS. This issue affects Redux Converter: from n/a through 1.1.3.1. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T12:44:02.000000Z"}, {"uuid": "495871fa-096a-401b-b9fb-7b67226320db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2342", "type": "seen", "source": "https://t.me/cvedetector/20412", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2342 - \"IROAD X5 Mobile App Hard-Coded Credentials Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-2342 \nPublished : March 16, 2025, 4:15 p.m. | 50\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T18:53:03.000000Z"}, {"uuid": "6864c3d0-c227-400e-8810-6b286be58101", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23429", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839838632184869", "content": "", "creation_timestamp": "2025-01-16T20:08:05.114492Z"}, {"uuid": "026d0c14-09a6-4740-bd55-85cde9e56f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2342", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjeufh5742s", "content": "", "creation_timestamp": "2025-03-16T19:30:37.537027Z"}, {"uuid": "cac51aae-c852-4bce-8aae-bad5dc51c2e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23421", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113998796653284268", "content": "", "creation_timestamp": "2025-02-13T21:53:12.078267Z"}, {"uuid": "edca14cf-ae19-4264-9fec-6b21ca6bb4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23421", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3pnktrth2s", "content": "", "creation_timestamp": "2025-02-13T22:15:59.318895Z"}, {"uuid": "f6f00772-93e6-41d0-99e4-00d07a4a34a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23425", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-18T13:31:24.000000Z"}, {"uuid": "9defcce9-e120-4cd9-91a0-447d66ec9c35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23425", "type": "seen", "source": "MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3", "content": "", "creation_timestamp": "2025-08-19T02:47:47.000000Z"}, {"uuid": "c0a31703-d93a-43be-a67a-0147f80f4f1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23425", "type": "seen", "source": "https://bsky.app/profile/cyberdudebivash.bsky.social/post/3mcyi7azxjk24", "content": "", "creation_timestamp": "2026-01-22T05:45:01.583426Z"}]}