{"vulnerability": "cve-2025-2347", "sightings": [{"uuid": "b0ca9e66-a89c-4af6-ac63-792c25df7bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23470", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3x5yfki2n", "content": "", "creation_timestamp": "2025-01-16T20:17:05.138460Z"}, {"uuid": "c98b5241-00bd-47ff-840d-81d82bf2c9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23477", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867586349282549", "content": "", "creation_timestamp": "2025-01-21T17:44:52.942371Z"}, {"uuid": "955e8325-a35d-4454-a682-fb09de444f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23477", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbhjqenuz2h", "content": "", "creation_timestamp": "2025-01-21T18:16:16.229206Z"}, {"uuid": "602c18fc-ed91-41fa-979b-4ec6e0262d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23477", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113867839411058410", "content": "", "creation_timestamp": "2025-01-21T18:49:18.507943Z"}, {"uuid": "a728dda8-65bc-44c3-b9c3-45bfd58f4481", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23477", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgbptg7rkj2h", "content": "", "creation_timestamp": "2025-01-21T20:44:52.621002Z"}, {"uuid": "85e79c7a-72a8-42c0-bbe4-0163ff9d17a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23475", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo24axcz2x", "content": "", "creation_timestamp": "2025-01-22T15:18:07.440945Z"}, {"uuid": "e96af6f7-8ad4-417c-8e9b-b500d58fe827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2347", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjlu3pwha26", "content": "", "creation_timestamp": "2025-03-16T21:35:44.618041Z"}, {"uuid": "3c5771c2-bf31-4645-8799-d649c2ee1bbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23474", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114002396551761489", "content": "", "creation_timestamp": "2025-02-14T13:08:42.171236Z"}, {"uuid": "b0f475df-4c25-433c-a7f2-ed8ad32ff331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23474", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5bxmb2c42i", "content": "", "creation_timestamp": "2025-02-14T13:16:24.233686Z"}, {"uuid": "c3f8d37a-10d6-4161-90a1-30d801a54951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23477", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2455", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23477\n\ud83d\udd39 Description: Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45.\n\ud83d\udccf Published: 2025-01-21T17:21:50.023Z\n\ud83d\udccf Modified: 2025-01-21T18:43:25.453Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/realty-workstation/vulnerability/wordpress-realty-workstation-plugin-1-0-45-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-21T19:01:55.000000Z"}, {"uuid": "fcab2225-ad39-4846-91df-02d6c543ae86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23475", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2597", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23475\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2.\n\ud83d\udccf Published: 2025-01-22T14:31:57.162Z\n\ud83d\udccf Modified: 2025-01-22T17:36:46.925Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/history-timeline/vulnerability/wordpress-history-timeline-plugin-0-7-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T18:02:25.000000Z"}, {"uuid": "a1e9456a-080b-430a-80cc-2d1815e0bec6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23479", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6241", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23479\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound melascrivi allows Reflected XSS. This issue affects melascrivi: from n/a through 1.4.\n\ud83d\udccf Published: 2025-03-03T13:30:05.436Z\n\ud83d\udccf Modified: 2025-03-03T16:01:01.795Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/melascrivi/vulnerability/wordpress-melascrivi-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T16:30:49.000000Z"}, {"uuid": "b529d7a7-249a-47af-9dd8-eac7c8e2f301", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23478", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6240", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23478\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Photo Video Store allows Reflected XSS. This issue affects Photo Video Store: from n/a through 21.07.\n\ud83d\udccf Published: 2025-03-03T13:30:05.205Z\n\ud83d\udccf Modified: 2025-03-03T16:01:09.411Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/photo-video-store/vulnerability/wordpress-photo-video-store-plugin-21-07-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T16:30:48.000000Z"}, {"uuid": "c47a513c-a14f-411f-8cf1-3a6c788f3140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23473", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6239", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23473\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Killer Theme Options allows Reflected XSS. This issue affects Killer Theme Options: from n/a through 2.0.\n\ud83d\udccf Published: 2025-03-03T13:30:05.038Z\n\ud83d\udccf Modified: 2025-03-03T16:01:16.740Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/killer-theme-options/vulnerability/wordpress-killer-theme-options-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T16:30:47.000000Z"}, {"uuid": "71cb8fcd-f8b6-404d-a389-64e1f2bc30ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2347", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7720", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2347\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop leads to use of default password. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-16T20:31:04.413Z\n\ud83d\udccf Modified: 2025-03-16T20:31:04.413Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299813\n2. https://vuldb.com/?ctiid.299813\n3. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-7-bypass-of-device-pairingregistration-for-iroad-fx2", "creation_timestamp": "2025-03-16T20:49:08.000000Z"}, {"uuid": "18fb344b-358e-47a0-9a05-7894627846a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2347", "type": "seen", "source": "https://t.me/cvedetector/20420", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2347 - IROAD Dash Cam FX2 Default Password Use Local Network Vulnerability (Authentication Bypass)\", \n  \"Content\": \"CVE ID : CVE-2025-2347 \nPublished : March 16, 2025, 9:15 p.m. | 2\u00a0hours, 4\u00a0minutes ago \nDescription : A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop leads to use of default password. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T00:44:21.000000Z"}, {"uuid": "683c053d-304f-496a-9841-aa99c522ecca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23477", "type": "seen", "source": "https://t.me/cvedetector/15997", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23477 - Realty Workstation Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23477 \nPublished : Jan. 21, 2025, 6:15 p.m. | 37\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T20:19:22.000000Z"}, {"uuid": "08059e4f-8c13-4896-9688-da953e6d8c58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23472", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6237", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23472\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flexo Slider allows Reflected XSS. This issue affects Flexo Slider: from n/a through 1.0013.\n\ud83d\udccf Published: 2025-03-03T13:30:04.862Z\n\ud83d\udccf Modified: 2025-03-03T16:01:25.904Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/flexo-slider/vulnerability/wordpress-flexo-slider-plugin-1-0013-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T16:30:46.000000Z"}, {"uuid": "1077d60b-657a-4984-a694-61aa9a18cc42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23470", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840074821893229", "content": "", "creation_timestamp": "2025-01-16T21:08:09.223970Z"}, {"uuid": "7e666ed1-4ad0-4e90-a15f-d2a9aa6395cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23476", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840133836508859", "content": "", "creation_timestamp": "2025-01-16T21:23:09.501790Z"}, {"uuid": "3c90339f-fd7f-4d26-a61d-6b549ea6bedf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23471", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xb4qbv2j", "content": "", "creation_timestamp": "2025-01-16T20:17:08.186907Z"}, {"uuid": "cbf52f46-681e-4fbf-ad4a-3d10cbff3f56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23471", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840133822026394", "content": "", "creation_timestamp": "2025-01-16T21:23:09.303004Z"}, {"uuid": "770efd89-98ba-4c33-aae5-d6e08f8509db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23479", "type": "seen", "source": "MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7", "content": "", "creation_timestamp": "2025-08-18T18:31:00.000000Z"}, {"uuid": "6fc5f8ea-9d41-41f8-919b-26e83ca5952d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23476", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xdei6n2j", "content": "", "creation_timestamp": "2025-01-16T20:17:11.108217Z"}]}