{"vulnerability": "cve-2025-2348", "sightings": [{"uuid": "936fff02-e6d7-4d08-8576-d06c41f3032f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23489", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2456", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23489\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner of WebDevStudios WP-Announcements allows Reflected XSS. This issue affects WP-Announcements: from n/a through 1.8.\n\ud83d\udccf Published: 2025-01-21T17:21:50.160Z\n\ud83d\udccf Modified: 2025-01-21T18:43:19.844Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-announcements/vulnerability/wordpress-wp-announcements-plugin-1-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-21T19:01:56.000000Z"}, {"uuid": "e2c8af94-3eeb-4925-9ae6-339427cbfb88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23488", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6274", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23488\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound rng-refresh allows Reflected XSS. This issue affects rng-refresh: from n/a through 1.0.\n\ud83d\udccf Published: 2025-03-03T13:30:07.031Z\n\ud83d\udccf Modified: 2025-03-03T20:21:18.598Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/rng-refresh/vulnerability/wordpress-rng-refresh-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:36.000000Z"}, {"uuid": "ffa136f1-59c7-4045-9559-665eea35cdb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23487", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6275", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23487\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Gallery allows Reflected XSS. This issue affects Easy Gallery: from n/a through 1.4.\n\ud83d\udccf Published: 2025-03-03T13:30:06.784Z\n\ud83d\udccf Modified: 2025-03-03T20:20:38.864Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simple-gallery-odihost/vulnerability/wordpress-easy-gallery-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:39.000000Z"}, {"uuid": "22aa7237-bbf8-49b8-8f58-6b8b6f6a6174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23489", "type": "seen", "source": "https://t.me/cvedetector/16000", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23489 - \"WP-Announcements Reflected Cross-site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-23489 \nPublished : Jan. 21, 2025, 6:15 p.m. | 37\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner of WebDevStudios WP-Announcements allows Reflected XSS. This issue affects WP-Announcements: from n/a through 1.8. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T20:19:28.000000Z"}, {"uuid": "86304ed7-8980-4179-91f2-50ccbd0ae4c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23486", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2567", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23486\n\ud83d\udd39 Description: Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Database Sync: from n/a through 0.5.1.\n\ud83d\udccf Published: 2025-01-22T14:31:57.314Z\n\ud83d\udccf Modified: 2025-01-22T15:22:09.572Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/database-sync/vulnerability/wordpress-database-sync-plugin-0-5-1-sensitive-data-exposure-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T16:01:57.000000Z"}, {"uuid": "a8e34540-b40b-410b-b509-7befda845d86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2348", "type": "seen", "source": "https://t.me/cvedetector/20421", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2348 - IROAD Dash Cam FX2 HTTP/RTSP Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2348 \nPublished : March 16, 2025, 9:15 p.m. | 2\u00a0hours, 4\u00a0minutes ago \nDescription : A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T00:44:22.000000Z"}, {"uuid": "8bedd702-8709-4bc1-95df-df12d6239ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23483", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xfvh7i2n", "content": "", "creation_timestamp": "2025-01-16T20:17:13.224321Z"}, {"uuid": "9de5fb52-1b82-4be9-8ff0-4c6e4bb2640c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23483", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840133851671374", "content": "", "creation_timestamp": "2025-01-16T21:23:09.847629Z"}, {"uuid": "cee6fa61-bb3c-4d6e-a272-bb7578416deb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2348", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7723", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2348\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-16T21:00:07.043Z\n\ud83d\udccf Modified: 2025-03-16T21:00:07.043Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299814\n2. https://vuldb.com/?ctiid.299814\n3. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication", "creation_timestamp": "2025-03-16T21:46:15.000000Z"}, {"uuid": "7e99a6c0-6e2b-4ad2-b88e-31b49af6e1b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23489", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867645352084529", "content": "", "creation_timestamp": "2025-01-21T17:59:41.916998Z"}, {"uuid": "688e76b7-2d55-4821-9a33-dbffcce1c8fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23489", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbhjsorjv2c", "content": "", "creation_timestamp": "2025-01-21T18:16:18.929783Z"}, {"uuid": "c5a6e806-6055-4f5c-9acf-f72b50418777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23486", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo27xn6b2x", "content": "", "creation_timestamp": "2025-01-22T15:18:11.236318Z"}, {"uuid": "4ec354e7-e325-4ed5-bfd8-247c94b60c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2348", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjlu3tiny2h", "content": "", "creation_timestamp": "2025-03-16T21:35:45.099310Z"}]}