{"vulnerability": "cve-2025-2108", "sightings": [{"uuid": "42de21cb-3f0d-419c-a67a-06ded2f53645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21083", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfsbfleahj2r", "content": "", "creation_timestamp": "2025-01-15T17:16:38.231465Z"}, {"uuid": "442d0dd8-5286-4337-8abf-e868f3683693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21088", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfs5z65uaq2r", "content": "", "creation_timestamp": "2025-01-15T16:16:01.148344Z"}, {"uuid": "9d1f6f79-390f-4249-9505-18a5903d92e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21087", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113952551494207876", "content": "", "creation_timestamp": "2025-02-05T17:52:26.898209Z"}, {"uuid": "ff793f8d-8d0f-4ceb-8cfa-3607bb727384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21087", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhh6k7nwtq2r", "content": "", "creation_timestamp": "2025-02-05T18:16:38.607149Z"}, {"uuid": "c3a5858c-091b-4b49-ad5c-b034adc98fc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2108", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lksdomoure2h", "content": "", "creation_timestamp": "2025-03-20T09:03:31.707704Z"}, {"uuid": "46a4043e-8ea3-4235-9839-25dfff8f5237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21089", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljjomgz64c2n", "content": "", "creation_timestamp": "2025-03-04T04:59:58.784842Z"}, {"uuid": "3afe2aa3-6a32-48e3-b38f-8cff5368d9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21082", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr45s7clwk2k", "content": "", "creation_timestamp": "2025-06-08T15:15:52.233128Z"}, {"uuid": "1b10c65c-22d4-459e-badc-b12dc4f3b8c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21084", "type": "seen", "source": "MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72", "content": "", "creation_timestamp": "2025-08-19T13:26:46.000000Z"}, {"uuid": "89121310-90d3-4f74-bc7e-e7689c8f56fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21089", "type": "seen", "source": "https://t.me/cvedetector/19462", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21089 - OpenHarmony Out-of-Bounds Read Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21089 \nPublished : March 4, 2025, 4:15 a.m. | 22\u00a0minutes ago \nDescription : in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through  out-of-bounds read. \nSeverity: 3.3 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T05:48:13.000000Z"}, {"uuid": "b8cf4602-ca21-4a74-a7d7-e673621639e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21084", "type": "seen", "source": "https://t.me/cvedetector/19461", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21084 - OpenHarmony NULL Pointer Dereference Arbitrary Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21084 \nPublished : March 4, 2025, 4:15 a.m. | 22\u00a0minutes ago \nDescription : in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios. \nSeverity: 3.8 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T05:48:12.000000Z"}, {"uuid": "dc11a8a6-c941-4cda-90b3-6c727624e527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21087", "type": "seen", "source": "https://t.me/cvedetector/17332", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21087 - F5 Networks SSL/TLS Resource Exhaustion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21087 \nPublished : Feb. 5, 2025, 6:15 p.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization.  \n  \n   \n  \n  \nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T21:40:07.000000Z"}, {"uuid": "040becfd-95c4-4179-9ba1-a960d680dc16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21089", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6333", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21089\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through  out-of-bounds read.\n\ud83d\udccf Published: 2025-03-04T03:44:35.302Z\n\ud83d\udccf Modified: 2025-03-04T03:44:35.302Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md", "creation_timestamp": "2025-03-04T04:34:40.000000Z"}, {"uuid": "cb178321-bc13-4df3-8575-1d25eef66330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21084", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6334", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21084\n\ud83d\udd25 CVSS Score: 3.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.\n\ud83d\udccf Published: 2025-03-04T03:44:34.096Z\n\ud83d\udccf Modified: 2025-03-04T03:44:34.096Z\n\ud83d\udd17 References:\n1. https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md", "creation_timestamp": "2025-03-04T04:34:41.000000Z"}, {"uuid": "74f14e89-20a7-4c68-abc4-2b0cb353b370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2108", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8178", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2108\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Site Title\u2019 widget's 'title_tag' and 'html_tag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-20T06:54:57.470Z\n\ud83d\udccf Modified: 2025-03-20T06:54:57.470Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/009b9b0d-6cbd-402e-bc81-24661ff16b9d?source=cve\n2. https://plugins.trac.wordpress.org/browser/xpro-elementor-addons/trunk/widgets/site-title/layout/frontend.php#L29\n3. https://plugins.trac.wordpress.org/changeset/3255986/", "creation_timestamp": "2025-03-20T07:20:56.000000Z"}, {"uuid": "9c079664-0f38-4063-b8c8-165157665393", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21081", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16411", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21081\n\ud83d\udd25 CVSS Score: 2 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access.\n\ud83d\udccf Published: 2025-05-13T21:02:30.561Z\n\ud83d\udccf Modified: 2025-05-14T19:39:16.177Z\n\ud83d\udd17 References:\n1. https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html", "creation_timestamp": "2025-05-14T20:32:41.000000Z"}, {"uuid": "6517e99d-8a12-48e2-857d-1b96577be09d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21085", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18382", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21085\n\ud83d\udd25 CVSS Score: 2.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:P/AU:Y/R:A/RE:L/U:Amber)\n\ud83d\udd39 Description: PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.\n\ud83d\udccf Published: 2025-06-15T14:25:39.067Z\n\ud83d\udccf Modified: 2025-06-15T14:25:39.067Z\n\ud83d\udd17 References:\n1. https://support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL\n2. https://www.pingidentity.com/en/resources/downloads/pingfederate.html", "creation_timestamp": "2025-06-15T15:39:38.000000Z"}, {"uuid": "44d93d9e-d3fd-4b6d-af2f-047a51f0e832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2108", "type": "seen", "source": "https://t.me/cvedetector/20691", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2108 - Elementor Xpro Addons Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2108 \nPublished : March 20, 2025, 7:15 a.m. | 31\u00a0minutes ago \nDescription : The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Site Title\u2019 widget's 'title_tag' and 'html_tag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T09:02:10.000000Z"}, {"uuid": "22a5969e-6ea7-42ae-838b-0e80a4ba9102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21083", "type": "seen", "source": "https://t.me/cvedetector/15489", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21083 - Mattermost Mobile Apps Crash Vulnerability ( Authentication Bypass )\", \n  \"Content\": \"CVE ID : CVE-2025-21083 \nPublished : Jan. 15, 2025, 5:15 p.m. | 39\u00a0minutes ago \nDescription : Mattermost Mobile Apps versions <=2.22.0\nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T19:18:41.000000Z"}, {"uuid": "d216c63f-bf7a-4d4a-8c00-5c998c8bf119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21084", "type": "seen", "source": "Telegram/ur-jLM9TWuzZx6u6HVwGm1GC14lxVbO5sdyEUIKbqUh94J0", "content": "", "creation_timestamp": "2025-03-04T19:32:32.000000Z"}]}