{"vulnerability": "cve-2025-2160", "sightings": [{"uuid": "79a6170e-569e-4b9d-82e4-4bafd0123c34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21600", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113799443721205801", "content": "", "creation_timestamp": "2025-01-09T16:55:09.885280Z"}, {"uuid": "43b50236-8a83-4dcd-ab8c-39497a4d969c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21602", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113799443736274653", "content": "", "creation_timestamp": "2025-01-09T16:55:10.645011Z"}, {"uuid": "d0cb7684-79dd-4422-a85b-4f35ff5a70a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21600", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfd6kdq5go22", "content": "", "creation_timestamp": "2025-01-09T17:15:40.618776Z"}, {"uuid": "0ff85ba3-a717-46a5-88ec-12afa9b0104a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21602", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfd6kg63gw2f", "content": "", "creation_timestamp": "2025-01-09T17:15:43.551311Z"}, {"uuid": "89065117-0a67-4f94-83ed-e8f66b0ac776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21600", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfd7tgxzdx2q", "content": "", "creation_timestamp": "2025-01-09T17:38:41.652139Z"}, {"uuid": "f3ff45ec-833a-4c53-9050-c8ab86e8c5b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21602", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfd7th4yfc2r", "content": "", "creation_timestamp": "2025-01-09T17:38:42.186765Z"}, {"uuid": "9ab26575-318b-417e-ace7-e90ddb59d30d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21609", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113765374408644532", "content": "", "creation_timestamp": "2025-01-03T16:30:51.225446Z"}, {"uuid": "b7e89649-0457-4e74-88b3-67d15b1e8891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21604", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113782156930939692", "content": "", "creation_timestamp": "2025-01-06T15:38:52.226228Z"}, {"uuid": "c56ddb37-0582-40cf-8b25-d9d892702c90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21604", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3jt2kpsc2m", "content": "", "creation_timestamp": "2025-01-06T16:16:06.188527Z"}, {"uuid": "7fbc8e1a-b68a-4ca8-a0f9-b5bc4d6ca3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21604", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf3l2wdwyk2b", "content": "", "creation_timestamp": "2025-01-06T16:38:25.097295Z"}, {"uuid": "5a95a0c4-1988-4229-b186-c240411732d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21604", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113782537574596693", "content": "", "creation_timestamp": "2025-01-06T17:15:40.530627Z"}, {"uuid": "e8c166ad-5a2a-4b68-a618-207c89dd4228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21603", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lfgguvpga222", "content": "", "creation_timestamp": "2025-01-11T00:22:49.984625Z"}, {"uuid": "49f0118e-5afe-4f0a-83c9-94862588f645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21607", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpuovzwj62t", "content": "", "creation_timestamp": "2025-01-14T18:23:53.153603Z"}, {"uuid": "ab93ec61-51b4-4945-afbe-18c82b7b6256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21603", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113790686183065901", "content": "", "creation_timestamp": "2025-01-08T03:47:58.242078Z"}, {"uuid": "bd915c96-f256-4200-a895-b3604a753281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21603", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7cjumvyu2i", "content": "", "creation_timestamp": "2025-01-08T04:16:20.855978Z"}, {"uuid": "6b60f68d-07f7-4d5c-b715-d51ad987e66c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21603", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7h4ofmfu2i", "content": "", "creation_timestamp": "2025-01-08T05:38:30.387260Z"}, {"uuid": "c777b96d-158f-4c46-973c-a27d6a999da6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21606", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113845537604687570", "content": "", "creation_timestamp": "2025-01-17T20:17:24.652083Z"}, {"uuid": "2b09802a-b4a3-40c4-90bf-5a9b6be5a6ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21606", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113845552224560073", "content": "", "creation_timestamp": "2025-01-17T20:21:07.611511Z"}, {"uuid": "f27cb02a-e8dd-4494-ac45-c7078b275e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21606", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxpouubb52s", "content": "", "creation_timestamp": "2025-01-17T21:15:41.286688Z"}, {"uuid": "16ad6aa4-d6a6-4331-b838-b0305726814f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2160", "type": "seen", "source": "https://bsky.app/profile/cecallihelper.bsky.social/post/3lmuduoifk22u", "content": "", "creation_timestamp": "2025-04-15T15:02:34.877426Z"}, {"uuid": "e1acad86-d0c5-4bf3-b6f0-9f36c7b68c20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2160", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmryimw3ja2h", "content": "", "creation_timestamp": "2025-04-14T16:33:41.121620Z"}, {"uuid": "e3104eb0-7794-4ef2-8e73-926c3441d9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2160", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114337336653608487", "content": "", "creation_timestamp": "2025-04-14T16:48:22.693074Z"}, {"uuid": "9f4aeb8f-9312-443c-8e60-cae0094fa0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21608", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwpzmgw2y", "content": "", "creation_timestamp": "2025-02-18T19:16:13.498511Z"}, {"uuid": "8b6548f2-c515-4216-b30b-2f43d7dd44aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21605", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lqdpiwpcml2m", "content": "", "creation_timestamp": "2025-05-29T21:56:15.228324Z"}, {"uuid": "86ff0096-05df-4e0a-aee6-4afd8dcfbec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21605", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114388277180826920", "content": "", "creation_timestamp": "2025-04-23T16:43:13.416831Z"}, {"uuid": "ae569150-9814-4bc4-bfcb-7fc58977c93b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21605", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnipaq7nh22y", "content": "", "creation_timestamp": "2025-04-23T17:19:24.961036Z"}, {"uuid": "336c9d88-948b-46b8-b950-f7c6012cc324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21605", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3lqdpj3jgkh52", "content": "", "creation_timestamp": "2025-05-29T21:56:43.776484Z"}, {"uuid": "238772f9-c437-4025-b9fa-6773b4595cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21608", "type": "seen", "source": "https://t.me/cvedetector/18343", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21608 - Meshtastic MQTT PKC Decoding Vulnerability (Authentication Bypass)\", \n  \"Content\": \"CVE ID : CVE-2025-21608 \nPublished : Feb. 18, 2025, 7:15 p.m. | 39\u00a0minutes ago \nDescription : Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T20:59:40.000000Z"}, {"uuid": "893008de-dfab-4ff2-9af7-067cdd08c5f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21605", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lrnxa7giis2q", "content": "", "creation_timestamp": "2025-06-15T17:06:23.926722Z"}, {"uuid": "0af7143b-b62d-474d-b584-47aaee89aa4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21608", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"}, {"uuid": "990ebc76-3699-4af2-b5b7-33b25521c88c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21603", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/614", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21603\n\ud83d\udd39 Description: Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL.\n\ud83d\udccf Published: 2025-01-08T03:30:50.390Z\n\ud83d\udccf Modified: 2025-01-08T03:30:50.390Z\n\ud83d\udd17 References:\n1. https://www.planex.co.jp/support/download/mzk-dp300n/\n2. https://jvn.jp/en/jp/JVN57428125/", "creation_timestamp": "2025-01-08T03:37:57.000000Z"}, {"uuid": "ecb2f06b-49cc-491b-9bdc-068be7d81f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21602", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/993", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21602\n\ud83d\udd39 Description: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). \n\nContinuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  from 21.4 before 21.4R3-S9,\u00a0\n  *  from 22.2 before 22.2R3-S5,\u00a0\n  *  from 22.3 before 22.3R3-S4,\n  *  from 22.4 before 22.4R3-S5,\u00a0\n  *  from 23.2 before 23.2R2-S3,\u00a0\n  *  from 23.4 before 23.4R2-S3,\u00a0\n  *  from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\nThis issue does not affect versions prior to\u00a021.1R1.\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  from 21.4 before 21.4R3-S9-EVO,\u00a0\n  *  from 22.2 before 22.2R3-S5-EVO,\u00a0\n  *  from 22.3 before 22.3R3-S4-EVO,\n  *  from 22.4 before 22.4R3-S5-EVO,\u00a0\n  *  from 23.2 before 23.2R2-S3-EVO,\u00a0\n  *  from 23.4 before 23.4R2-S3-EVO,\u00a0\n  *  from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\nThis issue does not affect versions prior to 21.1R1-EVO\n\ud83d\udccf Published: 2025-01-09T16:49:25.387Z\n\ud83d\udccf Modified: 2025-01-09T16:49:25.387Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA92872", "creation_timestamp": "2025-01-09T17:20:13.000000Z"}, {"uuid": "7e88542c-44a7-4f83-ad10-293fd21c63d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21600", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21600\n\ud83d\udd39 Description: An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n      either of two ways:\n\n    \n    \n        *  systems with BGP traceoptions enabled\n\n        *  systems with BGP family traffic-engineering (BGP-LS)\n          configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 21.4R3-S9,\u00a0\n  *  from 22.2 before 22.2R3-S5,\u00a0\n  *  from 22.3 before 22.3R3-S4,\u00a0\n  *  from 22.4 before 22.4R3-S5,\u00a0\n  *  from 23.2 before 23.2R2-S3,\u00a0\n  *  from 23.4 before 23.4R2-S3,\u00a0\n  *  from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 21.4R3-S9-EVO,\u00a0\n  *  from 22.2 before 22.2R3-S5-EVO,\u00a0\n  *  from 22.3 before 22.3R3-S4-EVO,\u00a0\n  *  from 22.4 before 22.4R3-S5-EVO,\u00a0\n  *  from 23.2 before 23.2R2-S3-EVO,\u00a0\n  *  from 23.4 before 23.4R2-S2-EVO,\u00a0\n  *  from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516.\n\ud83d\udccf Published: 2025-01-09T16:49:42.367Z\n\ud83d\udccf Modified: 2025-01-09T16:49:42.367Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA92870", "creation_timestamp": "2025-01-09T17:19:54.000000Z"}, {"uuid": "edaa35b8-e5af-4d18-9126-3e9196d862cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21607", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1557", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21607\n\ud83d\udd39 Description: Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM's rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. There are no actions for users to take.\n\ud83d\udccf Published: 2025-01-14T17:32:58.169Z\n\ud83d\udccf Modified: 2025-01-14T17:32:58.169Z\n\ud83d\udd17 References:\n1. https://github.com/vyperlang/vyper/security/advisories/GHSA-vgf2-gvx8-xwc3", "creation_timestamp": "2025-01-14T18:10:03.000000Z"}, {"uuid": "61ccda41-f47a-4a32-94c2-14c2accd2b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21601", "type": "seen", "source": "https://t.me/cvedetector/22605", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21601 - Juniper Networks Junos OS SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2025-21601 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of\u00a0Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an\u00a0unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive.   \n  \nContinuous receipt of these packets will create a sustained Denial of Service (DoS) condition.  \n  \n  \n  \n  \nThis issue affects Junos OS:\u00a0  \n  \n  \n  \n  *  All versions before 21.4R3-S9,  \n  *  from 22.2 before 22.2R3-S5,  \n  *  from 22.4 before 22.4R3-S4,  \n  *  from 23.2 before 23.2R2-S3,  \n  *  from 23.4 before 23.4R2-S3,  \n  *  from 24.2 before 24.2R1-S1, 24.2R2.  \n  \n  \nAn indicator of compromise is to review the CPU % of the httpd process in the CLI:  \ne.g.  \n\u00a0\u00a0show system processes extensive | match httpd\u00a0 PID nobody \u00a0 \u00a0 \u00a0 52  \u00a0 0  \u00a0 20M\u00a0 \u00a0 191M select \u00a0 2 \u00a0 0:01 \u00a0 80.00% httpd{httpd} <<\nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:22.000000Z"}, {"uuid": "f83a447f-ae24-470c-a73c-0caa0de02119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21606", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2213", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21606\n\ud83d\udd39 Description: stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user\u2019s device and execute arbitrary code with root privileges. This issue has been addressed in version 2.11.21 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-17T20:10:05.277Z\n\ud83d\udccf Modified: 2025-01-17T20:10:05.277Z\n\ud83d\udd17 References:\n1. https://github.com/exelban/stats/security/advisories/GHSA-qwhf-px96-7f6v\n2. https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc", "creation_timestamp": "2025-01-17T20:58:02.000000Z"}, {"uuid": "e0e6f857-2bb1-4692-be59-e48f9307171e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2160", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11631", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2160\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup\n\ud83d\udccf Published: 2025-04-14T14:16:34.517Z\n\ud83d\udccf Modified: 2025-04-14T14:32:12.589Z\n\ud83d\udd17 References:\n1. https://support.pega.com/support-doc/pega-security-advisory-d25-vulnerability-remediation-note", "creation_timestamp": "2025-04-14T14:54:04.000000Z"}, {"uuid": "5c29baa2-16bb-4087-8d11-5b5ecc1acf80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2160", "type": "seen", "source": "https://t.me/cvedetector/22875", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2160 - Pega Platform Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2160 \nPublished : April 14, 2025, 3:15 p.m. | 1\u00a0hour, 19\u00a0minutes ago \nDescription : Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-14T18:51:34.000000Z"}, {"uuid": "4e584f6e-4aee-44d3-868a-c3eb50c95b0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21604", "type": "seen", "source": "https://t.me/cvedetector/14365", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21604 - LangChain4j-AIDeepin MD5 Hashing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21604 \nPublished : Jan. 6, 2025, 4:15 p.m. | 23\u00a0minutes ago \nDescription : LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T17:46:01.000000Z"}, {"uuid": "3b532954-5467-46d2-8bc6-6d836dcbbb6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21607", "type": "seen", "source": "https://t.me/cvedetector/15314", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21607 - Vyper EcRecover and Identity Precompile Gas Handling Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21607 \nPublished : Jan. 14, 2025, 6:16 p.m. | 26\u00a0minutes ago \nDescription : Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM's rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. There are no actions for users to take. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T19:51:31.000000Z"}, {"uuid": "42f7cc0e-ef40-4307-b634-68c27e83a8ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21609", "type": "seen", "source": "https://t.me/cvedetector/14229", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21609 - SiYuan Note File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21609 \nPublished : Jan. 3, 2025, 5:15 p.m. | 16\u00a0minutes ago \nDescription : SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-03T18:41:40.000000Z"}, {"uuid": "7c1bfb8d-93b2-4b47-acfc-035d12b7b8e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21606", "type": "seen", "source": "https://t.me/cvedetector/15740", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21606 - Stats XPC Mach Service Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21606 \nPublished : Jan. 17, 2025, 9:15 p.m. | 15\u00a0minutes ago \nDescription : stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user\u2019s device and execute arbitrary code with root privileges. This issue has been addressed in version 2.11.21 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T22:39:08.000000Z"}, {"uuid": "61671cd2-6c4f-434d-b220-eb3d78080ff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21600", "type": "seen", "source": "https://t.me/cvedetector/14874", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21600 - \"Juniper Networks Junos OS and Junos OS Evolved BGP Daemon OOB Read DoS\"\", \n  \"Content\": \"CVE ID : CVE-2025-21600 \nPublished : Jan. 9, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : An Out-of-Bounds Read vulnerability in  \n  \nthe routing protocol daemon (rpd) of   \n  \n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.  \n  \n  \n  \nThis issue only affects systems configured in  \n      either of two ways:  \n  \n      \n      \n        *  systems with BGP traceoptions enabled  \n  \n        *  systems with BGP family traffic-engineering (BGP-LS)  \n          configured  \n  \n  \n and can be exploited from a directly connected and configured BGP peer.\u00a0  \n  \nThis issue affects iBGP and eBGP   \n  \nwith   \n  \nany address family  \n  \n configured, and both IPv4 and IPv6 are affected by this vulnerability.  \n  \nThis issue affects:  \n  \nJunos OS:\u00a0  \n  \n  \n  \n  *  All versions before 21.4R3-S9,\u00a0  \n  *  from 22.2 before 22.2R3-S5,\u00a0  \n  *  from 22.3 before 22.3R3-S4,\u00a0  \n  *  from 22.4 before 22.4R3-S5,\u00a0  \n  *  from 23.2 before 23.2R2-S3,\u00a0  \n  *  from 23.4 before 23.4R2-S3,\u00a0  \n  *  from 24.2 before 24.2R1-S2, 24.2R2;\u00a0  \n  \n  \n  \n  \nJunos OS Evolved:\u00a0  \n  \n  \n  \n  *  All versions before 21.4R3-S9-EVO,\u00a0  \n  *  from 22.2 before 22.2R3-S5-EVO,\u00a0  \n  *  from 22.3 before 22.3R3-S4-EVO,\u00a0  \n  *  from 22.4 before 22.4R3-S5-EVO,\u00a0  \n  *  from 23.2 before 23.2R2-S3-EVO,\u00a0  \n  *  from 23.4 before 23.4R2-S2-EVO,\u00a0  \n  *  from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.  \n  \n  \n  \nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T19:26:27.000000Z"}, {"uuid": "7b391f55-cc6d-47ce-af4c-2eaab14c1eb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21602", "type": "seen", "source": "https://t.me/cvedetector/14873", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21602 - Juniper Networks Junos OS and Junos OS Evolved BGP Routing Protocol Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-21602 \nPublished : Jan. 9, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS).   \n  \nContinuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.  \n  \nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.  \n  \nThis issue affects Junos OS:\u00a0  \n  \n  \n  \n  *  from 21.4 before 21.4R3-S9,\u00a0  \n  *  from 22.2 before 22.2R3-S5,\u00a0  \n  *  from 22.3 before 22.3R3-S4,  \n  *  from 22.4 before 22.4R3-S5,\u00a0  \n  *  from 23.2 before 23.2R2-S3,\u00a0  \n  *  from 23.4 before 23.4R2-S3,\u00a0  \n  *  from 24.2 before 24.2R1-S2, 24.2R2;\u00a0  \n  \n  \nThis issue does not affect versions prior to\u00a021.1R1.  \n  \n  \n  \n  \n  \nJunos OS Evolved:\u00a0  \n  \n  \n  \n  *  from 21.4 before 21.4R3-S9-EVO,\u00a0  \n  *  from 22.2 before 22.2R3-S5-EVO,\u00a0  \n  *  from 22.3 before 22.3R3-S4-EVO,  \n  *  from 22.4 before 22.4R3-S5-EVO,\u00a0  \n  *  from 23.2 before 23.2R2-S3-EVO,\u00a0  \n  *  from 23.4 before 23.4R2-S3-EVO,\u00a0  \n  *  from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.  \n  \n  \nThis issue does not affect versions prior to 21.1R1-EVO \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T19:26:26.000000Z"}, {"uuid": "0242a41c-f9db-4a07-a084-c1f09372e14f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21603", "type": "seen", "source": "https://t.me/cvedetector/14640", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21603 - MZK-DP300N Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21603 \nPublished : Jan. 8, 2025, 4:15 a.m. | 29\u00a0minutes ago \nDescription : Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T05:46:44.000000Z"}, {"uuid": "0aed1887-6195-44fd-9a20-5f7fba8534af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21609", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498", "content": "", "creation_timestamp": "2025-01-03T01:46:18.000000Z"}, {"uuid": "a51f5c00-ae1a-4b32-bc60-cf4cf41c7e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21600", "type": "seen", "source": "Telegram/xMevvoDSNNsJlXZspG5SlPD3UI0rjKdwu57I9ZMvXptyVxcj", "content": "", "creation_timestamp": "2025-01-28T03:22:55.000000Z"}, {"uuid": "00e67554-4916-4401-93fc-83442511f0c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21605", "type": "published-proof-of-concept", "source": "Telegram/tGlnxgJ45kvnhr-0GuZEauiX58JIxK_MY4hRnR_Ek7fiyk0", "content": "", "creation_timestamp": "2025-04-23T20:32:34.000000Z"}, {"uuid": "48162aa6-c467-4843-b746-041ff3ed45e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2160", "type": "seen", "source": "Telegram/h-wD1PWBp82CaC6Di3eZCqsG5iIHoAO-Fbct8ZAcwUSHY9E", "content": "", "creation_timestamp": "2025-04-14T17:02:17.000000Z"}, {"uuid": "9b8df011-16be-4944-8ce8-b4751d007923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21607", "type": "published-proof-of-concept", "source": "https://github.com/vyperlang/vyper/security/advisories/GHSA-vgf2-gvx8-xwc3", "content": "", "creation_timestamp": "2025-01-14T16:07:50.000000Z"}]}