https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-30T06:14:48.798851+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/67c2a833-1f72-4de1-80fc-ab0639c8a5f1/export67c2a833-1f72-4de1-80fc-ab0639c8a5f12026-05-30T06:14:49.490571+00:00Joseph Leehttps://vulnerability.circl.lu/user/syspect{"uuid": "67c2a833-1f72-4de1-80fc-ab0639c8a5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-27145", "type": "published-proof-of-concept", "source": "https://github.com/9001/copyparty/security/advisories/GHSA-m2jw-cj8v-937r", "content": "", "creation_timestamp": "2025-02-25T01:31:40.000000Z"}2025-02-25T01:31:40+00:00https://vulnerability.circl.lu/sighting/1da003bb-c763-4fee-a253-eb72dde9a2cb/export1da003bb-c763-4fee-a253-eb72dde9a2cb2026-05-30T06:14:49.488318+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "1da003bb-c763-4fee-a253-eb72dde9a2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27145", "type": "seen", "source": "https://t.me/cvedetector/18848", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-27145 - \"copyparty DOM-Based Cross-Site Scripting Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-27145 \nPublished : Feb. 25, 2025, 2:15 a.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the same privileges as that user. For example, this could give unintended read-access to files owned by that user. The bug is triggered by the drag-drop action itself; it is not necessary to actually initiate the upload. The file must be empty (zero bytes). Note that, as a general-purpose webserver, it is intentionally possible to upload HTML-files with arbitrary javascript in `\",\n \"Detection Date\": \"25 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T04:49:57.000000Z"}2025-02-25T04:49:57+00:00