{"vulnerability": "cve-2025-2350", "sightings": [{"uuid": "ff0504ce-573f-437c-ac6e-56f9d6ee18ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23508", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xphxds2r", "content": "", "creation_timestamp": "2025-01-16T20:17:23.171881Z"}, {"uuid": "9cb4621d-cd1e-4bb1-90d1-29943d82775a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23501", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3xmznp72c", "content": "", "creation_timestamp": "2025-01-16T20:17:20.624559Z"}, {"uuid": "1ade8941-59bb-4e9b-b213-39594c71c00b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23501", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840192881761666", "content": "", "creation_timestamp": "2025-01-16T21:38:10.629912Z"}, {"uuid": "bab63a11-209f-4d3e-ab15-fb659eed6f3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23508", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113840192896014370", "content": "", "creation_timestamp": "2025-01-16T21:38:10.872598Z"}, {"uuid": "5ae20cdd-7ea4-4d0a-af5e-43762b90aff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23509", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2yjrie2r", "content": "", "creation_timestamp": "2025-01-22T15:18:37.000764Z"}, {"uuid": "789ced50-9604-4d36-a3d5-dd290b35daa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23500", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2kko2u2f", "content": "", "creation_timestamp": "2025-01-22T15:18:22.351725Z"}, {"uuid": "fc4d7c55-ae3f-4c66-b389-acf38d5fbe4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23503", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2o3vp32t", "content": "", "creation_timestamp": "2025-01-22T15:18:26.246721Z"}, {"uuid": "f0ebfeee-f4d8-4f57-8662-b1c6392600d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23506", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2rwdaw27", "content": "", "creation_timestamp": "2025-01-22T15:18:30.092330Z"}, {"uuid": "7c03a575-bb3a-4a61-a150-877a1860ec5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23507", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdo2vepog2f", "content": "", "creation_timestamp": "2025-01-22T15:18:33.646804Z"}, {"uuid": "897f21d2-154e-4d08-9e41-e7250ef877a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23504", "type": "seen", "source": "https://gist.github.com/Darkcrai86/bf40cbb87b6f01df737a742782b602b6", "content": "", "creation_timestamp": "2026-01-08T11:05:04.000000Z"}, {"uuid": "2168515f-6ff9-49ec-a4ed-5e390914f88e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23504", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzzvipo2u2u", "content": "", "creation_timestamp": "2026-01-10T03:09:06.374987Z"}, {"uuid": "0923a5d0-714c-4a10-94fc-65d4c25a728b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23504", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mbzzxfcqga2t", "content": "", "creation_timestamp": "2026-01-10T03:10:10.035929Z"}, {"uuid": "31c7b04c-7089-4765-9ae1-a3e80d18a05a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2350", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7725", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2350\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-16T22:00:19.587Z\n\ud83d\udccf Modified: 2025-03-16T22:00:19.587Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299816\n2. https://vuldb.com/?ctiid.299816\n3. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-10-unauthenticated-uploads\n4. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11-unrestricted-webshell", "creation_timestamp": "2025-03-16T22:45:49.000000Z"}, {"uuid": "5f8cdd8c-8ae5-4b2a-909c-169277b3bc35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23504", "type": "seen", "source": "Telegram/_8fRJHN3hF_BSebJqdKWxD-1j433_48WuwoDT4ZiT_fkSQU", "content": "", "creation_timestamp": "2026-01-08T18:13:39.000000Z"}, {"uuid": "f3cdb8a9-c848-436b-936e-a9c5c9e35716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23504", "type": "seen", "source": "Telegram/QyFpM2X3HRwxFyvKWHhAGriV3mvzlfutO8QeREOhFaNbkdw", "content": "", "creation_timestamp": "2026-01-08T18:14:03.000000Z"}, {"uuid": "7c9e4e74-169d-4a73-8bbc-165336a5e732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23509", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2627", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23509\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound HyperComments allows Reflected XSS. This issue affects HyperComments: from n/a through 0.9.6.\n\ud83d\udccf Published: 2025-01-22T14:29:13.982Z\n\ud83d\udccf Modified: 2025-01-22T19:53:56.041Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/comments-with-hypercommentscom/vulnerability/wordpress-hypercomments-plugin-0-9-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:01:50.000000Z"}, {"uuid": "8a814b76-5742-4a44-8915-53d022163553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23507", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2626", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23507\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed allows Reflected XSS. This issue affects Blrt WP Embed: from n/a through 1.6.9.\n\ud83d\udccf Published: 2025-01-22T14:29:13.852Z\n\ud83d\udccf Modified: 2025-01-22T19:54:11.090Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/blrt-wp-embed/vulnerability/wordpress-blrt-wp-embed-plugin-1-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:01:50.000000Z"}, {"uuid": "1dcb8766-6032-475a-92cd-379f133af023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23503", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2624", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23503\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Customizable Captcha and Contact Us allows Reflected XSS. This issue affects Customizable Captcha and Contact Us: from n/a through 1.0.2.\n\ud83d\udccf Published: 2025-01-22T14:29:13.661Z\n\ud83d\udccf Modified: 2025-01-22T19:54:25.979Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/customizable-captcha-and-contact-us-form/vulnerability/wordpress-customizable-captcha-and-contact-us-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:01:45.000000Z"}, {"uuid": "e7c22f80-ea12-4a6f-82a0-1e89f6cb0411", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23500", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2623", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23500\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Ahmed, Technial Architect,faaiqsj@gmail.com Simple Custom post type custom field allows Reflected XSS. This issue affects Simple Custom post type custom field: from n/a through 1.0.3.\n\ud83d\udccf Published: 2025-01-22T14:29:13.471Z\n\ud83d\udccf Modified: 2025-01-22T19:54:40.482Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/simple-content-construction-kit/vulnerability/wordpress-simple-custom-post-type-custom-field-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-22T20:01:44.000000Z"}, {"uuid": "c1d20c10-9dac-4b3d-a5dd-e72aed1f23a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2350", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjzblpxqb26", "content": "", "creation_timestamp": "2025-03-17T01:35:54.603386Z"}, {"uuid": "9dcf5dbf-54ed-4e79-a4b7-c465337b2cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23502", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6570", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23502\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in NotFound Curated Search allows Stored XSS. This issue affects Curated Search: from n/a through 1.2.\n\ud83d\udccf Published: 2025-03-03T13:30:08.116Z\n\ud83d\udccf Modified: 2025-03-05T17:16:47.764Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/curated-search/vulnerability/wordpress-curated-search-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:23.000000Z"}, {"uuid": "30117025-7c2b-4b2c-b5ca-08ee682ca169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23505", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6571", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23505\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pit Login Welcome allows Reflected XSS. This issue affects Pit Login Welcome: from n/a through 1.1.5.\n\ud83d\udccf Published: 2025-03-03T13:30:08.372Z\n\ud83d\udccf Modified: 2025-03-05T17:15:42.980Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/pit-login-welcome/vulnerability/wordpress-pit-login-welcome-plugin-1-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-05T18:30:23.000000Z"}, {"uuid": "c0669b83-1db6-46e5-8104-0bbbf47656b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2350", "type": "seen", "source": "https://t.me/cvedetector/20418", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2350 - IROAD Dash Cam FX2 Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2350 \nPublished : March 16, 2025, 10:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-17T00:44:19.000000Z"}]}