{"vulnerability": "CVE-2025-2495", "sightings": [{"uuid": "b5928d90-6f28-4a8d-b4b3-bde73f1b4126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24959", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113941997439072239", "content": "", "creation_timestamp": "2025-02-03T21:08:24.904555Z"}, {"uuid": "9d2a0d90-1361-4670-97e8-257d9a994f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24959", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhchn6jt5r2r", "content": "", "creation_timestamp": "2025-02-03T21:16:02.949771Z"}, {"uuid": "c007f84c-5ff8-45e4-af47-c0e6e6dd7447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24957", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113942216465394142", "content": "", "creation_timestamp": "2025-02-03T22:04:06.930890Z"}, {"uuid": "156f35ea-4451-4afa-9a01-d45879102c64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24958", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113942216479395985", "content": "", "creation_timestamp": "2025-02-03T22:04:07.212701Z"}, {"uuid": "117fb5b8-4141-41a9-b080-c236da554754", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24959", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhckks4ybt2h", "content": "", "creation_timestamp": "2025-02-03T22:08:28.408225Z"}, {"uuid": "0e753a0b-05a9-4a64-b35b-c4abbfa793d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24958", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhckz5gqx22w", "content": "", "creation_timestamp": "2025-02-03T22:16:25.844641Z"}, {"uuid": "bde94f36-1016-4cb0-9f9c-20ff650e0fd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24957", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhckz2bk262n", "content": "", "creation_timestamp": "2025-02-03T22:16:22.544623Z"}, {"uuid": "866e5604-f505-439f-a288-c124d2d97432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24957", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhcxyc4nhq2u", "content": "", "creation_timestamp": "2025-02-04T02:08:37.668741Z"}, {"uuid": "3a6c01b4-c8bb-43fe-8a4c-247289780ec5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24958", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhcxycle2x2g", "content": "", "creation_timestamp": "2025-02-04T02:08:40.021400Z"}, {"uuid": "6bc656b1-20cd-4da1-81b9-cc36d4ff5386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24956", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvjua5azr2o", "content": "", "creation_timestamp": "2025-02-11T11:16:22.137998Z"}, {"uuid": "66ee04c7-8249-48ec-bcfe-c387da7d20eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24956", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113985000134458249", "content": "", "creation_timestamp": "2025-02-11T11:24:34.027664Z"}, {"uuid": "d63282bc-169c-4f79-9132-453e2309b82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24956", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhvu4ptdko2n", "content": "", "creation_timestamp": "2025-02-11T14:20:08.445482Z"}, {"uuid": "031b530e-4179-4949-bb7e-450843772374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2495", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lko2rjse7a2w", "content": "", "creation_timestamp": "2025-03-18T16:13:22.323415Z"}, {"uuid": "44140d2a-280f-4f22-917c-836386df7398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24956", "type": "seen", "source": "https://t.me/cvedetector/17688", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24956 - OpenV2G X509 Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2025-24956 \nPublished : Feb. 11, 2025, 11:15 a.m. | 52\u00a0minutes ago \nDescription : A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. \nSeverity: 6.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T13:10:15.000000Z"}, {"uuid": "a90c68aa-c224-44c1-a4af-67ec829c79db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24956", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-08", "content": "", "creation_timestamp": "2025-02-13T11:00:00.000000Z"}, {"uuid": "0ccc2eb0-708a-476a-90a9-86c0452d9183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24959", "type": "seen", "source": "https://t.me/cvedetector/17138", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24959 - \"Zx Dotenv Environment Variable Injection Vulnerability (Command Execution)\"\", \n  \"Content\": \"CVE ID : CVE-2025-24959 \nPublished : Feb. 3, 2025, 9:15 p.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to `dotenv.stringify`. Specifically, avoid using `\"`, `'`, and backticks in values, or enforce strict validation of environment variables before usage. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T23:41:05.000000Z"}, {"uuid": "ff54a955-0336-4e99-b163-3b2ba8f04838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2495", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7900", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2495\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the \u2018/softdial/scheduler/save.php\u2019 resource. The injected code will execute when the uploaded file is loaded via the \u2018/softdial/scheduler/load.php\u2019 resource and can redirect the victim to malicious sites or steal their login information to spoof their identity.\n\ud83d\udccf Published: 2025-03-18T11:28:28.483Z\n\ud83d\udccf Modified: 2025-03-18T11:28:28.483Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-softdial-contact-center", "creation_timestamp": "2025-03-18T11:55:37.000000Z"}, {"uuid": "d6d86052-cd6c-4d54-a3d0-a71f29296a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2495", "type": "seen", "source": "https://t.me/cvedetector/20566", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2495 - Sytel Ltd. Softdial Contact Center Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-2495 \nPublished : March 18, 2025, 12:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the \u2018/softdial/scheduler/save.php\u2019 resource. The injected code will execute when the uploaded file is loaded via the \u2018/softdial/scheduler/load.php\u2019 resource and can redirect the victim to malicious sites or steal their login information to spoof their identity. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T16:03:51.000000Z"}, {"uuid": "543f95f2-2df9-4a6a-94f6-235420f99816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24958", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4294", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24958\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-03T22:15:29.210\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2mhx-5998-46hx", "creation_timestamp": "2025-02-13T19:09:42.000000Z"}, {"uuid": "c4e25cb1-11c3-44b8-a5ab-348705fa79b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24957", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4293", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24957\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-03T22:15:29.087\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9", "creation_timestamp": "2025-02-13T19:09:34.000000Z"}, {"uuid": "ad58557f-e712-4729-83e9-6b3e82756b68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24957", "type": "seen", "source": "https://t.me/cvedetector/17121", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24957 - WeGIA Web Manager Charitable Institutions SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-24957 \nPublished : Feb. 3, 2025, 10:15 p.m. | 23\u00a0minutes ago \nDescription : WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to  or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T23:40:44.000000Z"}, {"uuid": "65fa0a1f-b313-462a-b718-dfe8441d3cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24958", "type": "seen", "source": "https://t.me/cvedetector/17120", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24958 - WeGIA SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-24958 \nPublished : Feb. 3, 2025, 10:15 p.m. | 23\u00a0minutes ago \nDescription : WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to  or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-03T23:40:43.000000Z"}, {"uuid": "7441b9d5-e201-4209-9a26-c1c5aaf7a5e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24958", "type": "seen", "source": "Telegram/lgCM0Kvzl2ta_cmTNTlTHp748krLs6Th3KbX02dczl4v7fnx", "content": "", "creation_timestamp": "2025-02-06T02:40:20.000000Z"}, {"uuid": "9d8eb02d-b801-4a29-b2f3-4c538c3755b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24957", "type": "seen", "source": "Telegram/U6ClJC8QbxqKd52771w1cJeBg9aXG5_KpAgmr5PA7trFbigU", "content": "", "creation_timestamp": "2025-02-06T02:40:20.000000Z"}, {"uuid": "699a2188-1dbe-42b2-b089-7ff3dcf5efa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24958", "type": "seen", "source": "Telegram/Ch0gDlvH3sgrx2bzlq5gpy62Qj4PLxmfwtWdhlgpFvdubYrV", "content": "", "creation_timestamp": "2025-02-14T10:09:22.000000Z"}, {"uuid": "77a4939c-5be8-4c18-99a7-6ddeaa808582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-24957", "type": "seen", "source": "Telegram/6-sSiFDwTi34I-cW9m-11sD_6PL-4KBy6iQJHmAYbm9vaNeu", "content": "", "creation_timestamp": "2025-02-14T10:09:22.000000Z"}]}