{"vulnerability": "CVE-2025-2237", "sightings": [{"uuid": "20b48f56-feb7-485a-87b5-e973230b9b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22376", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113766494448501172", "content": "", "creation_timestamp": "2025-01-03T21:15:41.667408Z"}, {"uuid": "dfa4ad02-7e88-4ca1-8898-ccc1b56583b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22376", "type": "seen", "source": "https://bsky.app/profile/rrwo.bsky.social/post/3lewfbwsj722w", "content": "", "creation_timestamp": "2025-01-04T15:11:40.833883Z"}, {"uuid": "32077f6f-77b5-4019-ba13-6b420b75b636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22370", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114144328855531757", "content": "", "creation_timestamp": "2025-03-11T14:43:57.459513Z"}, {"uuid": "fb08c3eb-1383-4bc0-be0c-fda9984a54c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22377", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114139671052287943", "content": "", "creation_timestamp": "2025-03-10T18:59:24.780717Z"}, {"uuid": "906b1620-5232-4331-820e-8274922f9dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2237", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llqvfgouaa2v", "content": "", "creation_timestamp": "2025-04-01T12:40:18.593628Z"}, {"uuid": "0969676f-c79d-49aa-8c1f-ec5dbfc42a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2237", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019306367782", "content": "", "creation_timestamp": "2025-04-01T13:48:33.497682Z"}, {"uuid": "e07843ba-8ce5-42c9-9469-4d620444c0e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2237", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019306367782", "content": "", "creation_timestamp": "2025-04-01T13:48:33.510929Z"}, {"uuid": "3577b468-5bf1-47dc-813e-e2c9dcccd622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22375", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsmjqfo24", "content": "", "creation_timestamp": "2025-04-10T11:32:38.253043Z"}, {"uuid": "efae85e4-1142-4da7-9d88-17055b4c4a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsmnh462i", "content": "", "creation_timestamp": "2025-04-10T11:32:38.854646Z"}, {"uuid": "d6f8e16e-3a51-4f6d-a3cf-4e526710a9ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22375", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114313996047515844", "content": "", "creation_timestamp": "2025-04-10T13:52:33.372083Z"}, {"uuid": "d5e9407b-0332-4a0b-b452-2246703bfea9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22374", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114313996047515844", "content": "", "creation_timestamp": "2025-04-10T13:52:33.462843Z"}, {"uuid": "00881505-016b-4162-815d-dc29bd71600a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22371", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lmrlgasyzc2u", "content": "", "creation_timestamp": "2025-04-14T12:39:42.006914Z"}, {"uuid": "5c2ee792-0aa9-438f-a61c-e29f3f0a87cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22371", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lmrlgchjok2u", "content": "", "creation_timestamp": "2025-04-14T12:39:42.540866Z"}, {"uuid": "c57115f5-b97d-4a72-8f88-0f47699107cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22371", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lmrlgchln22u", "content": "", "creation_timestamp": "2025-04-14T12:39:43.066706Z"}, {"uuid": "680d0027-a448-4775-8582-2aca6b73dfe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22371", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114337336240019826", "content": "", "creation_timestamp": "2025-04-14T16:48:16.404395Z"}, {"uuid": "b00ea100-8436-44f6-9db7-7d69849d87fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22372", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114337336240019826", "content": "", "creation_timestamp": "2025-04-14T16:48:16.484744Z"}, {"uuid": "c18c72c9-fdf8-4b69-bc77-1eba6c39aade", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22373", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114337336240019826", "content": "", "creation_timestamp": "2025-04-14T16:48:16.544061Z"}, {"uuid": "9db182e3-2217-42f0-8813-24fd346e8a54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22377", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq6aolxs7e22", "content": "", "creation_timestamp": "2025-05-27T17:47:43.334842Z"}, {"uuid": "2bc680bd-c738-4cf5-926e-63781fb1a49d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22377", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lq6ohoieq72y", "content": "", "creation_timestamp": "2025-05-27T21:54:20.478660Z"}, {"uuid": "ccdf4200-d6cd-41e2-8bad-52b15de36c5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2237", "type": "seen", "source": "Telegram/n1w7Ta-G54MRSrb1VMlA0xlYbSVuf31ZXu_QuieRtS0BjM0", "content": "", "creation_timestamp": "2026-04-08T23:30:06.000000Z"}, {"uuid": "1211c904-a1cd-4d03-a546-12e50d135bad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22376", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2432", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22376\n\ud83d\udd39 Description: In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.\n\ud83d\udccf Published: 2025-01-03T00:00:00\n\ud83d\udccf Modified: 2025-01-21T17:49:18.077Z\n\ud83d\udd17 References:\n1. https://metacpan.org/release/RRWO/Net-OAuth-0.29/changes\n2. https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260", "creation_timestamp": "2025-01-21T18:00:41.000000Z"}, {"uuid": "3a32a7eb-3b74-4cb8-b529-e4b8599584b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2237", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9872", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2237\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.\n\ud83d\udccf Published: 2025-04-01T11:12:28.902Z\n\ud83d\udccf Modified: 2025-04-01T11:12:28.902Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f7bff6-3bc3-4572-97fd-a039d54ac0ff?source=cve\n2. https://themeforest.net/item/homeo-real-estate-wordpress-theme/26372986#item-description__updates-history", "creation_timestamp": "2025-04-01T11:34:30.000000Z"}, {"uuid": "87ba3cda-5207-4aec-910c-bdd0922174f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22375", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11225", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22375\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:L/U:Green)\n\ud83d\udd39 Description: An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5\u00a0and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance.\n\ud83d\udccf Published: 2025-04-10T11:02:46.646Z\n\ud83d\udccf Modified: 2025-04-10T11:02:46.646Z\n\ud83d\udd17 References:\n1. https://csirt.divd.nl/CVE-2025-22375\n2. https://csirt.divd.nl/DIVD-2024-00043/", "creation_timestamp": "2025-04-10T11:49:16.000000Z"}, {"uuid": "f83561c5-63df-43b1-8e2d-7c1849e5acfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22374", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11224", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22374\n\ud83d\udd25 CVSS Score: 6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:A/V:D/RE:L/U:Green)\n\ud83d\udd39 Description: A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx\u2019s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure.\n\ud83d\udccf Published: 2025-04-10T11:02:47.109Z\n\ud83d\udccf Modified: 2025-04-10T11:02:47.109Z\n\ud83d\udd17 References:\n1. https://csirt.divd.nl/CVE-2025-22374\n2. https://csirt.divd.nl/DIVD-2024-00043/", "creation_timestamp": "2025-04-10T11:49:15.000000Z"}, {"uuid": "e2e4857a-2a2b-4a87-8b3f-b20d0eb2c10a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22372", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11640", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22372\n\ud83d\udd25 CVSS Score: 8.4 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C)\n\ud83d\udd39 Description: Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery.\nPasswords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily.\n\nThis issue affects BASEC: from 14 Dec 2021.\n\ud83d\udccf Published: 2025-04-14T15:32:49.367Z\n\ud83d\udccf Modified: 2025-04-14T15:32:49.367Z\n\ud83d\udd17 References:\n1. https://basec.sicomm.net/login/\n2. https://csirt.divd.nl/DIVD-2025-00001\n3. https://cisrt.divd.nl/CVE-2025-22372", "creation_timestamp": "2025-04-14T15:53:43.000000Z"}, {"uuid": "21df8295-f744-4bb6-9510-5577f273168a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22373", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11639", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22373\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles\nThis issue affects BASEC: from 14 Dec 2021.\n\ud83d\udccf Published: 2025-04-14T15:32:49.533Z\n\ud83d\udccf Modified: 2025-04-14T15:32:49.533Z\n\ud83d\udd17 References:\n1. https://basec.sicomm.net/login/\n2. https://csirt.divd.nl/DIVD-2025-00001\n3. https://cisrt.divd.nl/CVE-2025-22373", "creation_timestamp": "2025-04-14T15:53:39.000000Z"}, {"uuid": "6b6757c2-c76d-4267-8375-3f25b43b6a88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22371", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11638", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22371\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/AU:Y/V:C)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands. This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that.\n\nAs of the date of this CVE record, there has been no patch\n\ud83d\udccf Published: 2025-04-14T15:32:49.665Z\n\ud83d\udccf Modified: 2025-04-14T15:32:49.665Z\n\ud83d\udd17 References:\n1. https://basec.sicomm.net/login/\n2. https://csirt.divd.nl/DIVD-2025-00001\n3. https://cisrt.divd.nl/CVE-2025-22371", "creation_timestamp": "2025-04-14T15:53:38.000000Z"}, {"uuid": "f035a81a-9d9a-4012-9138-cb63dc087009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22377", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17688", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22377\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists in the GPRS protocol implementation because of a mismatch between the actual length of the payload and the length declared within the payload.\n\ud83d\udccf Published: 2025-05-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-27T17:04:37.458Z\n\ud83d\udd17 References:\n1. https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-22377/", "creation_timestamp": "2025-05-27T17:48:57.000000Z"}, {"uuid": "7e67ef49-fea3-4e02-a975-d693b9f613ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22373", "type": "seen", "source": "https://t.me/cvedetector/22865", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22373 - SicommNet BASEC Web Page Generation Vulnerability (Cross-site Scripting)\", \n  \"Content\": \"CVE ID : CVE-2025-22373 \nPublished : April 14, 2025, 4:15 p.m. | 19\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles  \nThis issue affects BASEC: from 14 Dec 2021. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T18:51:21.000000Z"}, {"uuid": "d59566a8-896b-48dd-9fe9-75f4e8b2ac14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22372", "type": "seen", "source": "https://t.me/cvedetector/22864", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22372 - SicommNet BASEC Unprotected Passwords Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22372 \nPublished : April 14, 2025, 4:15 p.m. | 19\u00a0minutes ago \nDescription : Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery.  \nPasswords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily.  \n  \nThis issue affects BASEC: from 14 Dec 2021. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T18:51:20.000000Z"}, {"uuid": "e3335158-b138-47df-8fd0-ae2c8c5e3e5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22371", "type": "seen", "source": "https://t.me/cvedetector/22863", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22371 - SicommNet BASEC SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-22371 \nPublished : April 14, 2025, 4:15 p.m. | 19\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands. This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that.  \n  \nAs of the date of this CVE record, there has been no patch \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T18:51:19.000000Z"}, {"uuid": "2c74705a-a814-4248-8d5a-cc958c6c22a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22374", "type": "seen", "source": "https://t.me/cvedetector/22653", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22374 - Videx CyberAudit-Web SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-22374 \nPublished : April 10, 2025, 11:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : A Server-Side Request Forgery (SSRF) vulnerability was discovered in the videx-legacy-ssl web service of Videx\u2019s CyberAudit-Web, affecting versions prior to 1.1.3. This vulnerability has been patched in versions after 1.1.3. Leaving this vulnerability unpatched could lead to unauthorized access to the underlying infrastructure. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T15:21:48.000000Z"}, {"uuid": "eb6157b3-cd86-4fad-8ccc-4b1b5373371d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22375", "type": "seen", "source": "https://t.me/cvedetector/22650", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22375 - Videx CyberAudit-Web Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22375 \nPublished : April 10, 2025, 11:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5\u00a0and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact support@videx.com for assistance. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T15:21:43.000000Z"}, {"uuid": "93415bbc-dd27-48db-9d31-cd05e8086a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2237", "type": "seen", "source": "https://t.me/cvedetector/21749", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2237 - Homeo Theme for WordPress Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-2237 \nPublished : April 1, 2025, 12:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T16:23:14.000000Z"}, {"uuid": "6ca5749b-420d-4762-a1ce-b2abaef33410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22376", "type": "seen", "source": "https://t.me/cvedetector/14245", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22376 - Apache Net::OAuth Client Nonce Generation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22376 \nPublished : Jan. 3, 2025, 10:15 p.m. | 19\u00a0minutes ago \nDescription : In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-03T23:42:36.000000Z"}]}