{"vulnerability": "CVE-2025-2296", "sightings": [{"uuid": "de73c7b4-326a-4977-946b-c92f0cda4c0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22968", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113839056111669540", "content": "", "creation_timestamp": "2025-01-16T16:49:07.421053Z"}, {"uuid": "a580015e-20c1-453e-ac1f-de89cc8ff157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22968", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfs652sxsa2e", "content": "", "creation_timestamp": "2025-01-15T16:18:11.343984Z"}, {"uuid": "ba0fd9c9-044d-45cf-9313-88185409ec66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22964", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113834777778924900", "content": "", "creation_timestamp": "2025-01-15T22:41:02.504878Z"}, {"uuid": "e20e214f-3a8d-4c12-a6cf-e9ab9c7a5c0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22964", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfsvi6vrux2s", "content": "", "creation_timestamp": "2025-01-15T23:16:00.572842Z"}, {"uuid": "9c2d7da7-4bca-447d-9721-9687e21f3bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22963", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113821816256658231", "content": "", "creation_timestamp": "2025-01-13T15:44:45.426636Z"}, {"uuid": "0f365110-e065-4bf5-bc4b-688fed644f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22963", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lfq3i7oblv2e", "content": "", "creation_timestamp": "2025-01-14T20:25:24.870517Z"}, {"uuid": "d6d80996-a3fe-4560-b157-6b0b45ba8612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22963", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfn53ajpyf2t", "content": "", "creation_timestamp": "2025-01-13T16:15:57.842477Z"}, {"uuid": "edb06346-65ae-469d-9ac2-9ba6700e5c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22968", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1965", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22968\n\ud83d\udd39 Description: An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions\n\ud83d\udccf Published: 2025-01-15T00:00:00\n\ud83d\udccf Modified: 2025-01-16T15:34:15.183Z\n\ud83d\udd17 References:\n1. https://www.dlink.com/en/security-bulletin/\n2. https://github.com/CRUNZEX/CVE-DLINK-LTE\n3. https://github.com/CRUNZEX/CVE-2025-22968", "creation_timestamp": "2025-01-16T15:56:07.000000Z"}, {"uuid": "785f2030-5b02-4782-ba87-66f9ae67757b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22960", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3sz7cjyx2x", "content": "", "creation_timestamp": "2025-02-13T23:16:11.029511Z"}, {"uuid": "48d83889-9b25-4f29-ad88-7f37f7b01ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22961", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3szbkmug2x", "content": "", "creation_timestamp": "2025-02-13T23:16:13.401178Z"}, {"uuid": "b6c91ea2-48a1-4e91-a1c7-84ffab34478d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22962", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3szebf362a", "content": "", "creation_timestamp": "2025-02-13T23:16:16.287425Z"}, {"uuid": "6d2d959d-d1bc-4943-a805-c2b95d18f4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22961", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgczwtg24", "content": "", "creation_timestamp": "2025-02-14T00:35:06.822953Z"}, {"uuid": "af4ba7a5-b5e7-4b4f-9985-bf7d74304cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22960", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgefapj2z", "content": "", "creation_timestamp": "2025-02-14T00:35:14.140374Z"}, {"uuid": "96dc3bba-9244-40ab-8d5e-0d575f4127ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22962", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgelzeo24", "content": "", "creation_timestamp": "2025-02-14T00:35:15.296608Z"}, {"uuid": "e96dbc16-93be-489b-9644-0d6c7374b649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2296", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m7lbegkjcs2k", "content": "", "creation_timestamp": "2025-12-09T19:22:24.028887Z"}, {"uuid": "f5239194-e93b-4cd4-891b-926d7a257a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22962", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4388", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22962\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID (sess_id) can send specially crafted POST requests to the /json endpoint, enabling arbitrary command execution on the underlying system. This vulnerability can lead to full system compromise, including unauthorized access, privilege escalation, and potentially full device takeover.\n\ud83d\udccf Published: 2025-02-14T00:30:45Z\n\ud83d\udccf Modified: 2025-02-14T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-22962\n2. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22962", "creation_timestamp": "2025-02-14T01:13:12.000000Z"}, {"uuid": "e6dd6e5f-ee79-4b64-8ec5-c2b65380deaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22964", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1884", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22964\n\ud83d\udd39 Description: SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS 10.1.1 allows an attacker to execute arbitrary code via the table parameter.\n\ud83d\udccf Published: 2025-01-15T00:00:00\n\ud83d\udccf Modified: 2025-01-15T22:39:14.248402\n\ud83d\udd17 References:\n1. https://github.com/padayali-JD/CVE-2025-22964", "creation_timestamp": "2025-01-15T22:55:14.000000Z"}, {"uuid": "684ca3cc-dbec-4271-a19f-25284c252979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22961", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4389", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22961\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/). Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise.\n\ud83d\udccf Published: 2025-02-14T00:30:45Z\n\ud83d\udccf Modified: 2025-02-14T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-22961\n2. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22961", "creation_timestamp": "2025-02-14T01:14:07.000000Z"}, {"uuid": "e01198fc-b0d1-4170-bdf7-5ea7ce2fbd9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22960", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4391", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22960\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session IDs (sess_id) and authentication success tokens (user_check_password OK). Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices.\n\ud83d\udccf Published: 2025-02-14T00:30:45Z\n\ud83d\udccf Modified: 2025-02-14T00:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2025-22960\n2. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22960", "creation_timestamp": "2025-02-14T01:15:08.000000Z"}, {"uuid": "241a9785-f4ad-4954-8ab2-0522f7d73b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22963", "type": "seen", "source": "https://t.me/cvedetector/15156", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22963 - Apache Teedy CSRF Auth Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-22963 \nPublished : Jan. 13, 2025, 4:15 p.m. | 29\u00a0minutes ago \nDescription : Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-13T17:54:47.000000Z"}, {"uuid": "588f4f11-cb1f-4071-bf11-3ec0cd2bb5da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22960", "type": "seen", "source": "https://t.me/cvedetector/18056", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22960 - GatesAir Maxiva UAXT/VAXT Session Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22960 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session IDs (sess_id) and authentication success tokens (user_check_password OK). Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:19.000000Z"}, {"uuid": "21a58297-8e64-43b8-af96-1db98d275643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22962", "type": "seen", "source": "https://t.me/cvedetector/18046", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22962 - GatesAir Maxiva UAXT/VAXT RCE\", \n  \"Content\": \"CVE ID : CVE-2025-22962 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID (sess_id) can send specially crafted POST requests to the /json endpoint, enabling arbitrary command execution on the underlying system. This vulnerability can lead to full system compromise, including unauthorized access, privilege escalation, and potentially full device takeover. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:06.000000Z"}, {"uuid": "feeb9391-223e-4ea5-8d6c-86dc5489d8f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22961", "type": "seen", "source": "https://t.me/cvedetector/18045", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22961 - GatesAir Maxiva UAXT/VAXT Incorrect Access Control Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-22961 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/). Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:05.000000Z"}, {"uuid": "a5397809-477a-47cb-836d-bae0ff5cce3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22964", "type": "seen", "source": "https://t.me/cvedetector/15547", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22964 - DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-22964 \nPublished : Jan. 15, 2025, 11:15 p.m. | 45\u00a0minutes ago \nDescription : SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS 10.1.1 allows an attacker to execute arbitrary code via the table parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-16T01:10:43.000000Z"}, {"uuid": "8e728cfc-5335-42c1-81f0-0f5592cbed06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22960", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4369", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22960\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:10.960\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22960", "creation_timestamp": "2025-02-14T01:09:52.000000Z"}, {"uuid": "fcfb6327-9a48-4c57-88cf-00bbf8e35b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22961", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4368", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22961\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:11.047\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22961", "creation_timestamp": "2025-02-14T01:09:50.000000Z"}, {"uuid": "11a85667-ed04-4817-91a8-e59782a2ceca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22962", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4367", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22962\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:11.140\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22962", "creation_timestamp": "2025-02-14T01:09:36.000000Z"}, {"uuid": "647b348e-30a1-4ff0-81bd-381b74cc4617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22961", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7365", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22961\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control (CWE-284). Unauthenticated attackers can directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg/snapshot/ and /logs/devcfg/user/). Exploiting this vulnerability allows retrieval of sensitive user data, including login credentials, potentially leading to full system compromise.\n\ud83d\udccf Published: 2025-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T18:56:37.678Z\n\ud83d\udd17 References:\n1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22961", "creation_timestamp": "2025-03-12T19:41:10.000000Z"}, {"uuid": "0a14fcea-e6c9-4a11-a9dc-2168a28be38f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22960", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7818", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22960\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session IDs (sess_id) and authentication success tokens (user_check_password OK). Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices.\n\ud83d\udccf Published: 2025-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-17T18:43:32.220Z\n\ud83d\udd17 References:\n1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22960", "creation_timestamp": "2025-03-17T19:34:11.000000Z"}, {"uuid": "57cf5659-2d7e-44f2-bcd3-78f27a77bea9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22968", "type": "seen", "source": "https://t.me/cvedetector/15471", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22968 - D-Link DWR-M972V Remote SSH Command Injection\", \n  \"Content\": \"CVE ID : CVE-2025-22968 \nPublished : Jan. 15, 2025, 4:15 p.m. | 18\u00a0minutes ago \nDescription : An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T17:38:06.000000Z"}]}