{"vulnerability": "CVE-2025-2894", "sightings": [{"uuid": "3a73adbf-87b0-42f1-a739-b494c95f3812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28942", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llc4ntboha2v", "content": "", "creation_timestamp": "2025-03-26T15:40:21.598473Z"}, {"uuid": "bd55783f-c084-4735-8864-a7e9413970df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2894", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:58.000000Z"}, {"uuid": "90d2420d-31c9-4350-bea6-af16edf7e046", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2894", "type": "seen", "source": "https://bsky.app/profile/ravikumar-dev.me/post/3lyozco5e3p2g", "content": "", "creation_timestamp": "2025-09-13T05:12:32.970518Z"}, {"uuid": "8bc0a341-1e1e-4033-b481-d09edb7dd15d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2894", "type": "seen", "source": "http://takeonme.org/cves/cve-2025-2894/", "content": "", "creation_timestamp": "2025-03-28T00:57:13.000000Z"}, {"uuid": "86559c00-eb7b-41f8-a77a-aa320806e9b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2894", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"}, {"uuid": "1c855465-8159-4d92-8a2f-81fd6d56f8bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28940", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "9603e27a-a67f-412e-af8d-7359a7963923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28942", "type": "seen", "source": "https://t.me/cvedetector/21190", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28942 - Trust Payments Gateway for WooCommerce SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-28942 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce allows SQL Injection. This issue affects Trust Payments Gateway for WooCommerce: from n/a through 1.1.4. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:14.000000Z"}, {"uuid": "46e31b5e-32a0-450a-9c85-88baf5418fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2894", "type": "seen", "source": "http://takeonme.org/cve/", "content": "", "creation_timestamp": "2000-12-31T23:00:00.000000Z"}, {"uuid": "be53cfd5-05da-4668-82c0-6f7483ce0d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28949", "type": "seen", "source": "https://gist.github.com/Darkcrai86/6debc8fae9ec4b34297abbe64fa9813b", "content": "", "creation_timestamp": "2026-01-02T08:04:25.000000Z"}, {"uuid": "f3249b60-614b-4b73-a815-db26e9452cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2894", "type": "seen", "source": "https://t.me/cvedetector/21362", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2894 - Go1 Unauthenticated Remote Command Execution Backdoor\", \n  \"Content\": \"CVE ID : CVE-2025-2894 \nPublished : March 28, 2025, 3:15 a.m. | 51\u00a0minutes ago \nDescription : The Go1\u00a0also known as \"The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level,\" contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. \nSeverity: 6.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T05:12:12.000000Z"}, {"uuid": "7cc33d20-6c5c-4d23-a396-894977030d52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28949", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mbcq2fxgqe2c", "content": "", "creation_timestamp": "2025-12-31T20:41:39.496197Z"}, {"uuid": "76e63381-0149-435d-9516-461c5c216f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28949", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mbcr4ftxxw2u", "content": "", "creation_timestamp": "2025-12-31T21:00:40.856514Z"}, {"uuid": "be331869-f2ff-4a74-8e68-7bdf6b7e3ecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28941", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7308", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28941\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4.\n\ud83d\udccf Published: 2025-03-11T21:01:18.173Z\n\ud83d\udccf Modified: 2025-03-12T14:24:28.532Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/spam-byebye/vulnerability/wordpress-spam-bybye-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-12T14:40:45.000000Z"}, {"uuid": "aea9cb2b-bf6e-44a4-ae69-cca0ba7f61a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28943", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7314", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28943\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager allows Stored XSS. This issue affects DP ALTerminator - Missing ALT manager: from n/a through 1.0.2.\n\ud83d\udccf Published: 2025-03-11T21:01:18.833Z\n\ud83d\udccf Modified: 2025-03-12T14:17:57.505Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/dp-alterminator-missing-alt-manager/vulnerability/wordpress-dp-alterminator-missing-alt-manager-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-12T14:40:53.000000Z"}, {"uuid": "91b0fcea-511d-4e6c-897d-81586dcdf26c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2894", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9262", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2894\n\ud83d\udd25 CVSS Score: 6.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Go1\u00a0also known as \"The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level,\" contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.\n\ud83d\udccf Published: 2025-03-28T02:51:19.768Z\n\ud83d\udccf Modified: 2025-03-28T02:51:19.768Z\n\ud83d\udd17 References:\n1. https://github.com/MAVProxyUser/YushuTechUnitreeGo1/blob/main/Unitree_report.pdf\n2. https://x.com/d0tslash/status/1730989109332607208\n3. https://github.com/unitreerobotics/unitree_ros/issues/120\n4. https://takeonme.org/cves/cve-2025-2894/", "creation_timestamp": "2025-03-28T03:27:38.000000Z"}]}