{"vulnerability": "CVE-2025-2993", "sightings": [{"uuid": "920fd53c-7027-4300-b282-6d1bad03ef7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29931", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmze2iaqzc2b", "content": "", "creation_timestamp": "2025-04-17T14:49:06.975856Z"}, {"uuid": "5b61a82b-c1fd-4504-94b0-2d60c2bcb0f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29930", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:27.000000Z"}, {"uuid": "9d9c47b8-5768-4e0e-a64a-51edaccb8543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29931", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-112-02", "content": "", "creation_timestamp": "2025-04-22T10:00:00.000000Z"}, {"uuid": "ddee32af-f6c6-40fa-8d4e-e1c93c775d8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29933", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m6ftemkp252w", "content": "", "creation_timestamp": "2025-11-24T22:03:27.298406Z"}, {"uuid": "3277816d-ff4a-4455-b5c8-656be6a17ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-29934", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d0a39bcc-7ed2-4aa4-a8ae-2e4cbd15adfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29930", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:26.000000Z"}, {"uuid": "25dcef84-8978-4629-b0a3-783f78921f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29934", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m65znsznxt2s", "content": "", "creation_timestamp": "2025-11-21T19:34:41.871524Z"}, {"uuid": "3765ca56-8624-4af0-8ec9-60548b07238b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2993", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9639", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2993\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-31T11:31:07.084Z\n\ud83d\udccf Modified: 2025-03-31T12:03:20.520Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302042\n2. https://vuldb.com/?ctiid.302042\n3. https://vuldb.com/?submit.523416\n4. https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-default-cfg-1bc53a41781f806d8016cd4e73ca4d6f?pvs=4\n5. https://www.tenda.com.cn/", "creation_timestamp": "2025-03-31T12:31:51.000000Z"}, {"uuid": "89ee6ee2-adc4-42b2-a6ad-31c63480e430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29932", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8649", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29932\n\ud83d\udd25 CVSS Score: 4.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: In JetBrains GoLand before 2025.1 an XXE during debugging was possible\n\ud83d\udccf Published: 2025-03-25T12:44:20.869Z\n\ud83d\udccf Modified: 2025-03-25T13:08:40.718Z\n\ud83d\udd17 References:\n1. https://www.jetbrains.com/privacy-security/issues-fixed/", "creation_timestamp": "2025-03-25T13:23:57.000000Z"}, {"uuid": "348d48b3-b434-40cf-8788-df223e4bad58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29931", "type": "seen", "source": "https://t.me/cvedetector/23224", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29931 - \"TeleControl Server Basic Remote DoS Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-29931 \nPublished : April 17, 2025, 11:15 a.m. | 57\u00a0minutes ago \nDescription : A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition.  \nSuccessful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted. \nSeverity: 3.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T14:39:03.000000Z"}, {"uuid": "8c271ffa-71df-4e7f-8b4f-5dd8ae280a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29932", "type": "seen", "source": "https://t.me/cvedetector/21092", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29932 - JetBrains GoLand XXE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29932 \nPublished : March 25, 2025, 1:15 p.m. | 42\u00a0minutes ago \nDescription : In JetBrains GoLand before 2025.1 an XXE during debugging was possible \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T15:18:48.000000Z"}, {"uuid": "9266c1f5-e70d-47d5-89e3-2af8500d6c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2993", "type": "seen", "source": "https://t.me/cvedetector/21582", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2993 - Tenda FH1202 Remote File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2993 \nPublished : March 31, 2025, 12:15 p.m. | 33\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T15:00:49.000000Z"}, {"uuid": "923e3240-6082-4558-a18a-2a7d55a3f14b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29930", "type": "seen", "source": "https://t.me/cvedetector/20601", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-29930 - ImpressCMS Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-29930 \nPublished : March 18, 2025, 7:15 p.m. | 1\u00a0hour, 22\u00a0minutes ago \nDescription : imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $_GET['seoOp'] parameter is manipulated to include malicious input (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php), the application could allow an attacker to read sensitive files on the server (Local File Inclusion, LFI). The $_GET['seoOp'] and $_GET['seoArg'] parameters are directly used without sanitization or validation. This is partly mitigated by the fact that the ImpressCMS sensitive files are stored outside the web root, in a folder with a randomized name. The issue has been resolved in imFaq 1.0.1. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T21:55:34.000000Z"}]}