{"vulnerability": "cve-2025-2011", "sightings": [{"uuid": "7e2e8889-2e0c-4afb-9fc6-5124aafdc3c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20119", "type": "seen", "source": "https://threatintel.cc/2025/02/26/cve-cisco-application-policy-infrastructure.html", "content": "", "creation_timestamp": "2025-02-26T19:24:28.000000Z"}, {"uuid": "fb617e73-8a5f-4436-8cf3-a36aff69cfb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/empist.bsky.social/post/3lkeetx5bws23", "content": "", "creation_timestamp": "2025-03-14T19:47:07.890791Z"}, {"uuid": "7cd8932a-5bbd-409f-b43b-4adc48a8e139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lj4x4urfa226", "content": "", "creation_timestamp": "2025-02-27T03:27:43.267389Z"}, {"uuid": "7aa53775-890f-449c-a6e2-32454b9233d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ljfjxzcie22f", "content": "", "creation_timestamp": "2025-03-02T13:26:18.477080Z"}, {"uuid": "cc652765-2d88-40f9-8d2e-4e0adde58841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ljis5whj4n2c", "content": "", "creation_timestamp": "2025-03-03T20:30:44.602228Z"}, {"uuid": "c72c917b-5224-40b1-8768-347eb3990454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ljfl2krnac2f", "content": "", "creation_timestamp": "2025-03-02T13:45:38.702493Z"}, {"uuid": "99e8f508-993d-4381-af09-48b2d89f51f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114150716852953937", "content": "", "creation_timestamp": "2025-03-12T17:48:30.644201Z"}, {"uuid": "87ea8d74-1e6a-4daf-94d6-f6f26974a394", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114151010071305070", "content": "", "creation_timestamp": "2025-03-12T19:03:04.340776Z"}, {"uuid": "8081d3ee-9207-4051-89c0-5b62d723cfa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/calebpr.bsky.social/post/3lkk4y5x3yy2p", "content": "", "creation_timestamp": "2025-03-17T02:42:13.297792Z"}, {"uuid": "df2354c5-8350-4770-ba94-4560a56cd4de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lj5htzipws2g", "content": "", "creation_timestamp": "2025-02-27T08:26:57.685787Z"}, {"uuid": "94f85614-21c3-4f8c-822e-fa961ddef002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-20111", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lj5itbygss2w", "content": "", "creation_timestamp": "2025-02-27T08:44:26.746481Z"}, {"uuid": "b80d586b-35be-4da9-a836-ff1797f3cdeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-20115", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3lkd2pl2q5k27", "content": "", "creation_timestamp": "2025-03-14T07:13:06.880413Z"}, {"uuid": "19ff23e6-fd6a-45a6-8fab-472d786d87fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-20115", "type": "seen", "source": "https://infosec.exchange/users/patrickcmiller/statuses/114181126360727469", "content": "", "creation_timestamp": "2025-03-18T02:42:03.149521Z"}, {"uuid": "af746436-0426-4e24-a491-cddb1a5e52ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3ljiorpmisk2b", "content": "", "creation_timestamp": "2025-03-03T19:30:13.489339Z"}, {"uuid": "b1a3beb3-9c67-4bb1-b631-8d05a8dd0bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3lkfzcxtto42d", "content": "", "creation_timestamp": "2025-03-15T11:26:03.011236Z"}, {"uuid": "c91cd412-4192-4303-9bde-0836db5461b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lj6lumk56s2m", "content": "", "creation_timestamp": "2025-02-27T19:11:34.374543Z"}, {"uuid": "831ee53f-7f71-4c68-ab61-c74c99e8a088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-948b45c4-e87c79c994e39b2d", "content": "", "creation_timestamp": "2025-03-14T14:54:13.811503Z"}, {"uuid": "a358670a-51ae-45dd-a434-8cda8116ea85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lkgdzbmzpf2d", "content": "", "creation_timestamp": "2025-03-15T14:37:27.977652Z"}, {"uuid": "d96e7117-b814-46c3-8710-ee1a40db66ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/royans.bsky.social/post/3lkid4sttci26", "content": "", "creation_timestamp": "2025-03-16T09:26:53.082047Z"}, {"uuid": "7e58da30-c56a-4949-98f1-1b8f292b75ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3lke43pe6uj2s", "content": "", "creation_timestamp": "2025-03-14T17:10:20.708025Z"}, {"uuid": "4ec8ebf4-989e-4257-a984-6c9cce3308c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20113", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3lq4mer3wmc23", "content": "", "creation_timestamp": "2025-05-27T02:11:40.612528Z"}, {"uuid": "acdc8b8e-5bee-4dbe-8d8e-243cd34d476f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/defendopsdiaries.bsky.social/post/3lke3aypk432l", "content": "", "creation_timestamp": "2025-03-14T16:55:24.709860Z"}, {"uuid": "3bbeb31d-5f8a-487d-97f7-6a688bdeaedc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lojwog7a2s2w", "content": "", "creation_timestamp": "2025-05-06T22:30:10.935632Z"}, {"uuid": "a1f18fcd-a407-4bea-b828-c2582844c6dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "https://sploitus.com/exploit?id=9F913FCE-9B66-504D-B1B9-613F70FC090B", "content": "", "creation_timestamp": "2025-11-02T17:09:15.000000Z"}, {"uuid": "50f1c982-a321-4d6c-9970-8ed2ed2c7dd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lottmvmcbq2i", "content": "", "creation_timestamp": "2025-05-10T21:02:16.548978Z"}, {"uuid": "44ab9c84-7f29-4704-969c-b3d4f3ab3c3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lp3ezqxfxi2s", "content": "", "creation_timestamp": "2025-05-13T21:02:21.802453Z"}, {"uuid": "7e2bb834-c656-4a5c-aeda-4b42d98387c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lp5vioipk22w", "content": "", "creation_timestamp": "2025-05-14T21:02:25.738096Z"}, {"uuid": "84c10307-49ed-41af-b5bb-b792ff2795ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:04.000000Z"}, {"uuid": "ff6533b6-7432-4418-866f-5c686115e91f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lord65uahr27", "content": "", "creation_timestamp": "2025-05-09T21:02:23.512382Z"}, {"uuid": "13b2ee4d-83bc-41f5-b989-f7aaf9dd6d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-2011.yaml", "content": "", "creation_timestamp": "2025-05-13T12:09:46.000000Z"}, {"uuid": "a7535ac6-e82e-4e10-9c89-f191b179a9c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "d2f4f8a5-49fc-4e6f-a2cf-f8aefc7a5d13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "Telegram/v5Cxmj2zBEMQglzGnynNoBkEXp7IiXoKKI6QQneS43eSmRo", "content": "", "creation_timestamp": "2026-01-05T03:00:10.000000Z"}, {"uuid": "5a6046c0-d1e3-40f0-b059-f10185444716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb", "content": "", "creation_timestamp": "2025-05-28T16:49:12.000000Z"}, {"uuid": "b2631bd1-4d75-4762-a70c-a5b095751eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35815", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC for CVE-2025-2011 - SQLi in Depicter plugin <= 3.6.1\nURL\uff1ahttps://github.com/datagoboom/CVE-2025-2011\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-06T20:23:01.000000Z"}, {"uuid": "8f758913-0ff6-4691-90b3-ca27ded55da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "Telegram/LavM1ny4lAq6KX4GIaGKRXMHLTsBbdXq6-Qb46iUfrPj0ug", "content": "", "creation_timestamp": "2025-11-29T03:00:05.000000Z"}, {"uuid": "28db0e2c-e48d-4f40-9a85-5d0a75b18b8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "seen", "source": "https://t.me/cvedetector/20162", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20115 - Cisco IOS XR BGP Confederation Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20115 \nPublished : March 12, 2025, 4:15 p.m. | 2\u00a0hours, 58\u00a0minutes ago \nDescription : A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)\u00a0in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.  \n  \nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-12T20:23:16.000000Z"}, {"uuid": "f333f884-c8fb-4f69-bff9-5d987ed85bce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20118", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5543", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20118\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\n\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.\n\ud83d\udccf Published: 2025-02-26T16:23:28.132Z\n\ud83d\udccf Modified: 2025-02-26T17:13:05.215Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5", "creation_timestamp": "2025-02-26T17:24:13.000000Z"}, {"uuid": "c9a33d61-b2a3-4057-b2b8-8058ade4eb98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/61066", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-2011\nURL\uff1ahttps://github.com/Ashwesker/Blackash-CVE-2025-2011\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-11-28T21:24:28.000000Z"}, {"uuid": "0765f05f-187d-46c3-8667-07172a849e65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20118", "type": "seen", "source": "https://t.me/cvedetector/18945", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20118 - Cisco APIC Sensitive Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20118 \nPublished : Feb. 26, 2025, 5:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.  \n  \nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-26T20:08:20.000000Z"}, {"uuid": "ac785637-77c2-4f18-8bd0-7c6a91c2984d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20117", "type": "seen", "source": "https://t.me/cvedetector/18944", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20117 - Cisco APIC CLI Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20117 \nPublished : Feb. 26, 2025, 5:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root\u00a0on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.  \n  \nThis vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. \nSeverity: 5.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-26T20:08:20.000000Z"}, {"uuid": "40c8008f-2c95-4f52-9649-0a3e2811a0ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20116", "type": "seen", "source": "https://t.me/cvedetector/18943", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20116 - Cisco APIC Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-20116 \nPublished : Feb. 26, 2025, 5:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.  \n  \nThis vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-26T20:08:16.000000Z"}, {"uuid": "961559e9-0156-4df3-9cce-b9db0b52680b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "seen", "source": "https://t.me/cvedetector/18942", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20111 - Cisco Nexus Switches Ethernet Frame Handling Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2025-20111 \nPublished : Feb. 26, 2025, 5:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.  \n  \nThis vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-26T20:08:15.000000Z"}, {"uuid": "e56b5fc4-71b2-486c-8c7a-609fa1ca2ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5524", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20111\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.\n\ud83d\udccf Published: 2025-02-26T16:11:07.388Z\n\ud83d\udccf Modified: 2025-02-26T16:11:07.388Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g", "creation_timestamp": "2025-02-26T16:24:18.000000Z"}, {"uuid": "10439a60-0d63-4b12-b992-8edf00d77a2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20116", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5523", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20116\n\ud83d\udd25 CVSS Score: 4.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\n\nThis vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.\n\ud83d\udccf Published: 2025-02-26T16:11:17.385Z\n\ud83d\udccf Modified: 2025-02-26T16:11:17.385Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5", "creation_timestamp": "2025-02-26T16:24:14.000000Z"}, {"uuid": "25259191-a5e6-49ee-8e73-96c6cfa9ac56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20119", "type": "seen", "source": "https://t.me/cvedetector/18940", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-20119 - Cisco APIC Local File Overwrite Vulnerability (DoS)\", \n  \"Content\": \"CVE ID : CVE-2025-20119 \nPublished : Feb. 26, 2025, 5:15 p.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.  \n  \nThis vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition. \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-26T20:08:13.000000Z"}, {"uuid": "b77acd40-883f-403b-8674-29904dcb8459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "Telegram/eD_9rns0VoJmXce38-3wK1Yk5oGGiBEVAEL5NPmxb1JSSwc", "content": "", "creation_timestamp": "2025-11-02T19:00:07.000000Z"}, {"uuid": "1a163d36-da71-4219-9686-4e9d7c5bc5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/58008", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aExploit for CVE-2025-2011\nURL\uff1ahttps://github.com/X3RX3SSec/CVE-2025-2011\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-11-02T18:15:26.000000Z"}, {"uuid": "1c280c4f-fd0e-4694-b97a-36328d57c936", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "Telegram/Cc3RAhYJWNXqdPWhmRP1dh2hUmKqdVrmSjRxwS70kfXOl1k", "content": "", "creation_timestamp": "2025-11-02T21:00:04.000000Z"}, {"uuid": "b7d4830c-2dbf-4703-9ac3-82d343ce305f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20117", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5522", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20117\n\ud83d\udd25 CVSS Score: 5.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N)\n\ud83d\udd39 Description: A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\n\nThis vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.\n\ud83d\udccf Published: 2025-02-26T16:11:26.187Z\n\ud83d\udccf Modified: 2025-02-26T16:11:26.187Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5", "creation_timestamp": "2025-02-26T16:24:13.000000Z"}, {"uuid": "86b83980-3cf9-4a3e-920f-19ea5e545c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20119", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5542", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20119\n\ud83d\udd25 CVSS Score: 6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.\n\nThis vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.\n\ud83d\udccf Published: 2025-02-26T16:23:37.170Z\n\ud83d\udccf Modified: 2025-02-26T17:13:44.068Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5", "creation_timestamp": "2025-02-26T17:24:12.000000Z"}, {"uuid": "8e9a139e-7800-41b1-92bd-12fdf203e47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "https://t.me/cybersecplayground/135", "content": "\ud83d\udea8 Security Alert: CVE-2025-20115 \ud83d\udea8\n\n\ud83d\udd25 Cisco IOS XR BGP Confederation DoS Vulnerability \u2013 Denial of Service (DoS) Risk\n\n\ud83d\udccc What\u2019s the risk?\nA newly disclosed Denial of Service (DoS) vulnerability in Cisco IOS XR Software affects Border Gateway Protocol (BGP) Confederations, potentially allowing attackers to disrupt network traffic on affected devices.\n\n\ud83d\udd0d Key Details:\n\n\ud83d\udccc Affected Product: Cisco IOS XR Software\n\u26a0\ufe0f Impact: Attackers can exploit this flaw to trigger a DoS condition, taking down network routers\n\ud83d\udcca 1,300+ exposed instances detected on Hunter\n\ud83d\udea8 Actively scanned and exploited in the wild\n\ud83d\udd0e How to find vulnerable instances?\n\ud83d\udcbb HUNTER Query: product.name=\"Cisco IOS-XR\"\n\ud83d\udd17 Hunter Link: https://hunter.how/list...\n\ud83d\udcca Alternative Searches:\n\nFOFA Query: product=\"CISCO-IOS-XR\"\nSHODAN Query: os:\"Cisco IOS XR\"\n\n\ud83d\udcdc Official Cisco Advisory:\n\ud83d\udd17 Cisco Security Advisory\n\ud83d\udcf0 More Details: Security Online Info\n\n\ud83d\udd14 Mitigation Steps:\n\u2705 Apply the latest patches from Cisco ASAP\n\u2705 Restrict access to BGP configurations\n\u2705 Monitor logs for abnormal BGP traffic and DoS attempts\n\n\ud83d\udd34 Stay updated on cybersecurity threats!\n\ud83d\udd17 @cybersecplayground for real-time security alerts.\n\n#Cisco #hunterhow #infosec #infosecurity #OSINT #Vulnerability \ud83d\udea8", "creation_timestamp": "2025-03-15T10:14:51.000000Z"}, {"uuid": "ed94f49e-5847-489b-9437-006957ad9b9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15084", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2011\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the \u2018s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-05-06T09:21:49.177Z\n\ud83d\udccf Modified: 2025-05-06T09:21:49.177Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/49b36cde-39d8-4a69-8d7c-7b850b76a7cd?source=cve\n2. https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Database/Repository/LeadRepository.php?rev=3156664#L224\n3. https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Services/LeadService.php?rev=3156664#L82\n4. https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/LeadsAjaxController.php?rev=3156664#L23\n5. https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/LeadsAjaxController.php?rev=3156664#L49\n6. https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/LeadsAjaxController.php?rev=3156664#L179\n7. https://wordpress.org/plugins/depicter/#description\n8. https://plugins.trac.wordpress.org/changeset/3287525/", "creation_timestamp": "2025-05-06T10:21:06.000000Z"}, {"uuid": "a0b6735b-e750-4e5a-97ec-3b3f05817cbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20112", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17152", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20112\n\ud83d\udd25 CVSS Score: 5.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N)\n\ud83d\udd39 Description: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.\n\nThis vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.\n\ud83d\udccf Published: 2025-05-21T16:19:24.562Z\n\ud83d\udccf Modified: 2025-05-21T16:19:24.562Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5", "creation_timestamp": "2025-05-21T16:41:55.000000Z"}, {"uuid": "5837251b-ec26-464a-aace-bdb569ace867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20114", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17150", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20114\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.\n\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.\n\ud83d\udccf Published: 2025-05-21T16:19:33.618Z\n\ud83d\udccf Modified: 2025-05-21T16:19:33.618Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4", "creation_timestamp": "2025-05-21T16:41:53.000000Z"}, {"uuid": "3f77f884-ee77-4559-8c7a-dc778020991f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20113", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17149", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20113\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\n\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\n\ud83d\udccf Published: 2025-05-21T16:19:41.378Z\n\ud83d\udccf Modified: 2025-05-21T16:19:41.378Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4", "creation_timestamp": "2025-05-21T16:41:47.000000Z"}, {"uuid": "da49f6c7-7842-4500-ac48-8f4ac5dbb6ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/35814", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC for CVE-2025-2011 - SQLi in Depicter plugin <= 3.6.1\nURL\uff1ahttps://github.com/datagoboom/CVE-2025-3782\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-05-06T20:18:23.000000Z"}, {"uuid": "58123e47-0a90-4b86-948e-e2ebfd475c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20111", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/1035", "content": "\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0639\u0645\u0644\u06a9\u0631\u062f \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0633\u0644\u0627\u0645\u062a \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 Cisco NX-OS \u0633\u0648\u0626\u06cc\u0686 \u0647\u0627\u06cc Cisco Nexus 3000 \u0648 Nexus 9000 \u0628\u0647 \u0646\u0642\u0635 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u0631\u0628\u0648\u0637 \u0645\u06cc \u0634\u0648\u062f. \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u0641\u0631\u06cc\u0645\u200c\u0647\u0627\u06cc \u0627\u062a\u0631\u0646\u062a \u0633\u0627\u062e\u062a\u0647\u200c\u0634\u062f\u0647 \u062e\u0627\u0635\u060c \u0628\u0627\u0639\u062b \u0627\u0646\u06a9\u0627\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0634\u0648\u062f.\n\nBDU: 2025-02111\nCVE-2025-20111\n\n\u0646\u0635\u0628 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f, \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0628\u0631\u0627\u06cc \u0633\u0631\u06a9\u0648\u0628 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u062c\u062f\u062f \u062f\u0631 \u0635\u0648\u0631\u062a \u0634\u06a9\u0633\u062a \u062a\u0633\u062a \u062a\u0634\u062e\u06cc\u0635\u06cc (\u0628\u0631\u0627\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 Cisco NX-OS \u06a9\u0647 \u0634\u0627\u0645\u0644 Field Notice FN72433 \u0646\u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u062a\u0648\u0635\u06cc\u0647 \u0646\u0645\u06cc\u200c\u0634\u0648\u062f):\nnxos# \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc\nnxos(config)# \u0627\u067e\u0644\u062a \u0645\u062f\u06cc\u0631 \u0631\u0648\u06cc\u062f\u0627\u062f l2acl_override \u0644\u063a\u0648 __L2ACLRedirect\nnxos(config-applet)# action 1 syslog priority emergencies msg l2aclFailed;\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645 \u0647\u0627\u06cc SIEM \u0628\u0631\u0627\u06cc \u0631\u062f\u06cc\u0627\u0628\u06cc \u0631\u0648\u06cc\u062f\u0627\u062f\u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u062c\u062f\u062f \u062f\u0633\u062a\u06af\u0627\u0647.\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0647\u0627 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u0627\u062d\u062a\u0645\u0627\u0644 \u062a\u0644\u0627\u0634 \u0628\u0631\u0627\u06cc \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc.\n\n\u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0633\u0627\u0632\u0646\u062f\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g\n\ud83c\udfed \u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2025-03-15T21:42:33.000000Z"}, {"uuid": "dfa71a76-72f0-4ff0-817d-3579a51f0c49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8450", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-20115\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\n\nThis vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more.\n\ud83d\udccf Published: 2025-03-12T16:11:58.731Z\n\ud83d\udccf Modified: 2025-03-21T20:35:55.101Z\n\ud83d\udd17 References:\n1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bgp-dos-O7stePhX\n2. https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/", "creation_timestamp": "2025-03-21T21:22:12.000000Z"}, {"uuid": "eb62b3a5-45e8-457b-9490-e6e4e58ddc30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20113", "type": "seen", "source": "https://t.me/S_E_Reborn/5642", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u0430\u043c\u0438. \u0412 \u043d\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0435:\n\n1. Pentestpartners \u043d\u0430\u0448\u043b\u0438 \u0441\u043f\u043e\u0441\u043e\u0431 \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u00a0\u0438 \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Microsoft SharePoint, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0431\u043c\u0430\u043d \u0430\u0433\u0435\u043d\u0442\u0430 \u0418\u0418.\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Project Discovery \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u043e\u0440\u043a\u0435\u0441\u0442\u0440\u043e\u0432\u043a\u0438 \u0441\u0435\u0442\u0438 Versa Concerto, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Concerto.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 - \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CVE-2025-34027) \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 10/10. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0438 Versa Networks \u043e \u0442\u0440\u0435\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435, \u043d\u043e \u043d\u0435\u044f\u0441\u043d\u043e, \u0431\u044b\u043b\u0438 \u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n3. \u041e\u043c\u0435\u0440 \u041c\u0430\u0439\u0440\u0430\u0437 \u0438\u0437 Legit Security \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0438 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043c\u043e\u0449\u043d\u0438\u043a\u0430 GitLab Duo AI, \u0447\u0442\u043e\u0431\u044b \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 CVE-2025-32756, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FortiVoice.\n\n5. Profero \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0434\u0432\u0443\u0445 0-day Ivanti, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 (CVE-2025-4427 \u0438 CVE-2025-4428) \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u041a\u041d\u0420 UNC5221, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0442\u0430\u043a\u0436\u0435 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Palo Alto Networks \u0438 SAP \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043c\u0430\u044f\u043a\u043e\u0432 KrustyLoader \u0438 Sliver.\n\n6. Rhino Security \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0434\u043b\u044f CVE-2025-26147, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Denode Scheduler.\n\n7. 8Com \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 CVE-2025-26817, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Netwrix Password Secure, \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u0440\u043e\u043b\u0435\u0439.\n\n8. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Samlify Node.js \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043f\u0430\u043a\u043e\u0432\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML SSO (CVE-2025-47949).\n\n9. CISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Commvault (CVE-2025-3928 \u0441 CVSS 8,7) \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0440\u0435\u0434 Azure.\n\nCommvault \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u043d\u043e \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0434\u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0443 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b Commvault \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0432\u043e\u0438\u0445 \u0441\u0440\u0435\u0434 M365.\n\n10. \u0411\u043e\u043b\u0435\u0435 100 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 AutomationDirect MB-Gateway \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0438\u0437-\u0437\u0430 CVE-2025-36535 (CVSS 10). \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0448\u043b\u044e\u0437 Modbus \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n11. Atlassian\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0432\u043e\u0441\u0435\u043c\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0448\u0435\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Bamboo, Confluence, Fisheye/Crucible \u0438 Jira. \u0412\u0441\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0431\u044b\u043b\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438\u043b\u0438 EoP \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n12. GitLab\u00a0\u043e\u0431\u044a\u044f\u0432\u0438\u043b\u00a0\u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 10 \u043e\u0448\u0438\u0431\u043e\u043a, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 GitLab Community Edition (CE) \u0438 Enterprise Edition (EE). \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u0430\u044f CVE-2025-0993 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f DoS.\n\n13. Cisco \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0434\u0435\u0441\u044f\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Identity Services Engine (ISE) \u0438 Unified Intelligence Center - CVE-2025-20152 \u0438 CVE-2025-20113.", "creation_timestamp": "2025-05-24T10:35:39.000000Z"}, {"uuid": "44038e7e-7888-4e0a-bb04-f0ebec5cb815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/Ro0F6VMj5kR3HHjRTVzXmiHdU3QpurlhOabUjeiHP7ZZPiI", "content": "", "creation_timestamp": "2025-03-15T11:38:50.000000Z"}, {"uuid": "78a57b9a-2b3d-4244-913d-aff7525e9230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20113", "type": "seen", "source": "https://t.me/true_secator/7066", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0442\u0440\u0435\u043d\u0434\u043e\u0432\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u0443\u0433\u0440\u043e\u0437\u0430\u043c\u0438. \u0412 \u043d\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0435:\n\n1. Pentestpartners \u043d\u0430\u0448\u043b\u0438 \u0441\u043f\u043e\u0441\u043e\u0431 \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u00a0\u0438 \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Microsoft SharePoint, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0431\u043c\u0430\u043d \u0430\u0433\u0435\u043d\u0442\u0430 \u0418\u0418.\n\n2. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Project Discovery \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0442\u0440\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u043e\u0440\u043a\u0435\u0441\u0442\u0440\u043e\u0432\u043a\u0438 \u0441\u0435\u0442\u0438 Versa Concerto, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u0438 \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Concerto.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043d\u0438\u0445 - \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (CVE-2025-34027) \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 10/10. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b\u0438 Versa Networks \u043e \u0442\u0440\u0435\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435, \u043d\u043e \u043d\u0435\u044f\u0441\u043d\u043e, \u0431\u044b\u043b\u0438 \u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n3. \u041e\u043c\u0435\u0440 \u041c\u0430\u0439\u0440\u0430\u0437 \u0438\u0437 Legit Security \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0439, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0438 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043c\u043e\u0449\u043d\u0438\u043a\u0430 GitLab Duo AI, \u0447\u0442\u043e\u0431\u044b \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n4. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Horizon3 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 CVE-2025-32756, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FortiVoice.\n\n5. Profero \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0434\u0432\u0443\u0445 0-day Ivanti, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 (CVE-2025-4427 \u0438 CVE-2025-4428) \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u043e\u0439 \u0441 \u041a\u041d\u0420 UNC5221, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0442\u0430\u043a\u0436\u0435 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Palo Alto Networks \u0438 SAP \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043c\u0430\u044f\u043a\u043e\u0432 KrustyLoader \u0438 Sliver.\n\n6. Rhino Security \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u00a0\u0434\u043b\u044f CVE-2025-26147, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Denode Scheduler.\n\n7. 8Com \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 CVE-2025-26817, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 Netwrix Password Secure, \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u0440\u043e\u043b\u0435\u0439.\n\n8. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 Samlify Node.js \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043f\u0430\u043a\u043e\u0432\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML SSO (CVE-2025-47949).\n\n9. CISA \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e \u0448\u0438\u0440\u043e\u043a\u043e\u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Commvault (CVE-2025-3928 \u0441 CVSS 8,7) \u0441 \u0446\u0435\u043b\u044c\u044e \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0440\u0435\u0434 Azure.\n\nCommvault \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u043d\u043e \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0434\u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0443 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b Commvault \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0432\u043e\u0438\u0445 \u0441\u0440\u0435\u0434 M365.\n\n10. \u0411\u043e\u043b\u0435\u0435 100 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 AutomationDirect MB-Gateway \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0438\u0437-\u0437\u0430 CVE-2025-36535 (CVSS 10). \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u0448\u043b\u044e\u0437 Modbus \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n11. Atlassian\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0432\u043e\u0441\u0435\u043c\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0448\u0435\u0441\u0442\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Bamboo, Confluence, Fisheye/Crucible \u0438 Jira. \u0412\u0441\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0431\u044b\u043b\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044f\u0445, \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438\u043b\u0438 EoP \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n12. GitLab\u00a0\u043e\u0431\u044a\u044f\u0432\u0438\u043b\u00a0\u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 10 \u043e\u0448\u0438\u0431\u043e\u043a, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 GitLab Community Edition (CE) \u0438 Enterprise Edition (EE). \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u0430\u044f CVE-2025-0993 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f DoS.\n\n13. Cisco \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0434\u0435\u0441\u044f\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Identity Services Engine (ISE) \u0438 Unified Intelligence Center - CVE-2025-20152 \u0438 CVE-2025-20113.", "creation_timestamp": "2025-05-23T20:00:09.000000Z"}, {"uuid": "8c71d78e-fcf0-4946-ac80-a457222a9bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/abCwwu11Msn-Gx-FGZjfWAh86KctV0VJ2Y6NE-mMeLtX8Qk", "content": "", "creation_timestamp": "2025-03-15T22:15:19.000000Z"}, {"uuid": "0a71ee31-d0a1-41a6-93ee-01ad7e269e87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "published-proof-of-concept", "source": "Telegram/r84uk1c1f1koqzztiTdxByQ9BLtYAaDiWUWNZ6l_8-95JYw", "content": "", "creation_timestamp": "2025-05-07T17:00:13.000000Z"}, {"uuid": "8ba80897-bfd2-4792-99d2-573a001cd4de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/Id0_l-YMbIe5lPiRsaIR99iGIBaxH0HP56tryeUJxy1-2Xs", "content": "", "creation_timestamp": "2025-03-15T16:59:42.000000Z"}, {"uuid": "174aeecc-4683-4746-8414-56a1861a45a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-20115", "type": "exploited", "source": "Telegram/zda-y5Cii3BeFgcb3DAfU2WKQLQ1BfmsaQPr-1--UwXwpSI", "content": "", "creation_timestamp": "2025-03-15T11:39:52.000000Z"}, {"uuid": "81c7494b-ea69-499f-9b61-16b374cc8e6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2011", "type": "seen", "source": "https://t.me/cvedetector/24599", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2011 - WordPress Slider & Popup Builder by Depicter SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2011 \nPublished : May 6, 2025, 10:15 a.m. | 1\u00a0hour, 45\u00a0minutes ago \nDescription : The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the \u2018s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-06T14:29:07.000000Z"}]}