Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-11T05:46:46.610183+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/a0fec689-f2d6-42ee-9c38-0a33910b57cb/export a0fec689-f2d6-42ee-9c38-0a33910b57cb 2026-05-11T05:46:46.818507+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a0fec689-f2d6-42ee-9c38-0a33910b57cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22654", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lijpzzvcrh2c", "content": "", "creation_timestamp": "2025-02-19T12:00:15.985034Z"} 2025-02-19T12:00:15.985034+00:00 https://vulnerability.circl.lu/sighting/9db5a5bf-746c-4a80-ad1b-e6d32aa7199e/export 9db5a5bf-746c-4a80-ad1b-e6d32aa7199e 2026-05-11T05:46:46.818430+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "9db5a5bf-746c-4a80-ad1b-e6d32aa7199e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22654", "type": "published-proof-of-concept", "source": "Telegram/Cbd9pH6CBBnHukvSRq1Tu3zR4Xg4YgS90Nvgmtyu7EmMHDA", "content": "", "creation_timestamp": "2025-02-19T22:00:06.000000Z"} 2025-02-19T22:00:06+00:00 https://vulnerability.circl.lu/sighting/59a9be2c-48ab-4e19-b98b-e5d5a9433b1e/export 59a9be2c-48ab-4e19-b98b-e5d5a9433b1e 2026-05-11T05:46:46.818352+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "59a9be2c-48ab-4e19-b98b-e5d5a9433b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22654", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3likychk3js2n", "content": "", "creation_timestamp": "2025-02-20T00:00:48.573611Z"} 2025-02-20T00:00:48.573611+00:00 https://vulnerability.circl.lu/sighting/b345fd2c-59db-4f91-9151-0f9260e179c8/export b345fd2c-59db-4f91-9151-0f9260e179c8 2026-05-11T05:46:46.818266+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "b345fd2c-59db-4f91-9151-0f9260e179c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2265", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2265\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte\n\ud83d\udccf Published: 2025-03-13T16:33:28.145Z\n\ud83d\udccf Modified: 2025-03-13T16:33:28.145Z\n\ud83d\udd17 References:\n1. https://www.tenable.com/security/research/tra-2025-08", "creation_timestamp": "2025-03-13T16:45:16.000000Z"} 2025-03-13T16:45:16+00:00 https://vulnerability.circl.lu/sighting/afd24c78-0429-4f45-95a4-a1450ac56409/export afd24c78-0429-4f45-95a4-a1450ac56409 2026-05-11T05:46:46.818180+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "afd24c78-0429-4f45-95a4-a1450ac56409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2265", "type": "seen", "source": "https://t.me/cvedetector/20231", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2265 - Sante PACS Server.exe Password Hash Truncation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2265 \nPublished : March 13, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : The password of a web user in \"Sante PACS Server.exe\" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T19:48:06.000000Z"} 2025-03-13T19:48:06+00:00 https://vulnerability.circl.lu/sighting/d2b01b37-3169-4ba0-8693-6201709e7d79/export d2b01b37-3169-4ba0-8693-6201709e7d79 2026-05-11T05:46:46.818089+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d2b01b37-3169-4ba0-8693-6201709e7d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22659", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9158", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22659\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44.\n\ud83d\udccf Published: 2025-03-27T15:01:50.207Z\n\ud83d\udccf Modified: 2025-03-27T18:17:19.910Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/themeisle-companion/vulnerability/wordpress-orbit-fox-by-themeisle-plugin-2-10-44-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T18:26:33.000000Z"} 2025-03-27T18:26:33+00:00 https://vulnerability.circl.lu/sighting/8ffcb614-245f-4fbb-8b59-60ce56ca2478/export 8ffcb614-245f-4fbb-8b59-60ce56ca2478 2026-05-11T05:46:46.817994+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8ffcb614-245f-4fbb-8b59-60ce56ca2478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22658", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9159", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22658\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through 1.2.0.\n\ud83d\udccf Published: 2025-03-27T15:02:56.064Z\n\ud83d\udccf Modified: 2025-03-27T18:16:58.510Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/listings-for-appfolio/vulnerability/wordpress-listings-for-appfolio-plugin-1-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T18:26:34.000000Z"} 2025-03-27T18:26:34+00:00 https://vulnerability.circl.lu/sighting/2557b1cf-f316-4494-a692-02fd1da46b0c/export 2557b1cf-f316-4494-a692-02fd1da46b0c 2026-05-11T05:46:46.817892+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "2557b1cf-f316-4494-a692-02fd1da46b0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22652", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9160", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22652\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through 4.0.1.\n\ud83d\udccf Published: 2025-03-27T15:04:44.560Z\n\ud83d\udccf Modified: 2025-03-27T18:16:32.085Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/payment-forms-for-paystack/vulnerability/wordpress-payment-forms-for-paystack-plugin-4-0-1-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T18:26:35.000000Z"} 2025-03-27T18:26:35+00:00 https://vulnerability.circl.lu/sighting/9eafdd78-d279-482b-9419-b2a6b383cb43/export 9eafdd78-d279-482b-9419-b2a6b383cb43 2026-05-11T05:46:46.817760+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "9eafdd78-d279-482b-9419-b2a6b383cb43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22652", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llmqin6uqi2s", "content": "", "creation_timestamp": "2025-03-30T21:02:01.816319Z"} 2025-03-30T21:02:01.816319+00:00 https://vulnerability.circl.lu/sighting/d1afba28-2370-4a09-8cb5-b80776216224/export d1afba28-2370-4a09-8cb5-b80776216224 2026-05-11T05:46:46.815439+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d1afba28-2370-4a09-8cb5-b80776216224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22657", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"} 2025-08-25T18:31:43+00:00