https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 09 May 2026 10:37:58 +0000 https://vulnerability.circl.lu/sighting/735b7893-c5f6-4027-89c8-8fd4d19a30dd/export {"uuid": "735b7893-c5f6-4027-89c8-8fd4d19a30dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21627", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lizdqxo5qz2l", "content": "", "creation_timestamp": "2025-02-25T17:03:01.690351Z"} {"uuid": "735b7893-c5f6-4027-89c8-8fd4d19a30dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21627", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lizdqxo5qz2l", "content": "", "creation_timestamp": "2025-02-25T17:03:01.690351Z"} https://vulnerability.circl.lu/sighting/735b7893-c5f6-4027-89c8-8fd4d19a30dd/export Tue, 25 Feb 2025 17:03:01 +0000 https://vulnerability.circl.lu/sighting/dfb1b71b-6309-489d-938d-8c35ca9e79bf/export {"uuid": "dfb1b71b-6309-489d-938d-8c35ca9e79bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21626", "type": "seen", "source": "https://t.me/cvedetector/18899", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21626 - GLPI Information Disclosure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21626 \nPublished : Feb. 25, 2025, 4:15 p.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T19:03:38.000000Z"} {"uuid": "dfb1b71b-6309-489d-938d-8c35ca9e79bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21626", "type": "seen", "source": "https://t.me/cvedetector/18899", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21626 - GLPI Information Disclosure Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21626 \nPublished : Feb. 25, 2025, 4:15 p.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T19:03:38.000000Z"} https://vulnerability.circl.lu/sighting/dfb1b71b-6309-489d-938d-8c35ca9e79bf/export Tue, 25 Feb 2025 19:03:38 +0000 https://vulnerability.circl.lu/sighting/00f40f01-db2b-415c-9de2-c1d090f567fc/export {"uuid": "00f40f01-db2b-415c-9de2-c1d090f567fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21627", "type": "seen", "source": "https://t.me/cvedetector/18901", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21627 - GLPI Reflected Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-21627 \nPublished : Feb. 25, 2025, 4:15 p.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T19:03:39.000000Z"} {"uuid": "00f40f01-db2b-415c-9de2-c1d090f567fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21627", "type": "seen", "source": "https://t.me/cvedetector/18901", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21627 - GLPI Reflected Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-21627 \nPublished : Feb. 25, 2025, 4:15 p.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T19:03:39.000000Z"} https://vulnerability.circl.lu/sighting/00f40f01-db2b-415c-9de2-c1d090f567fc/export Tue, 25 Feb 2025 19:03:39 +0000 https://vulnerability.circl.lu/sighting/c1e37cf8-d7cc-4d96-a8f0-1fb411d23f37/export {"uuid": "c1e37cf8-d7cc-4d96-a8f0-1fb411d23f37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21627", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5347", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21627\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue.\n\ud83d\udccf Published: 2025-02-25T15:43:34.919Z\n\ud83d\udccf Modified: 2025-02-25T19:12:43.921Z\n\ud83d\udd17 References:\n1. https://github.com/glpi-project/glpi/security/advisories/GHSA-qm8p-jmj2-qfc2", "creation_timestamp": "2025-02-25T19:23:34.000000Z"} {"uuid": "c1e37cf8-d7cc-4d96-a8f0-1fb411d23f37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21627", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5347", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21627\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contains a fix for the issue.\n\ud83d\udccf Published: 2025-02-25T15:43:34.919Z\n\ud83d\udccf Modified: 2025-02-25T19:12:43.921Z\n\ud83d\udd17 References:\n1. https://github.com/glpi-project/glpi/security/advisories/GHSA-qm8p-jmj2-qfc2", "creation_timestamp": "2025-02-25T19:23:34.000000Z"} https://vulnerability.circl.lu/sighting/c1e37cf8-d7cc-4d96-a8f0-1fb411d23f37/export Tue, 25 Feb 2025 19:23:34 +0000 https://vulnerability.circl.lu/sighting/5c6c7c3a-e174-4fd5-a69c-120b527e99c6/export {"uuid": "5c6c7c3a-e174-4fd5-a69c-120b527e99c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/16832", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC, and documentation of deployment of a vulnerable instance of ClipBucket-v5 for demonstration of CVE-2025-21624.\nURL\uff1ahttps://github.com/shreyas-malhotra/CVE-2025-21624\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-04T13:26:34.000000Z"} {"uuid": "5c6c7c3a-e174-4fd5-a69c-120b527e99c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/16832", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC, and documentation of deployment of a vulnerable instance of ClipBucket-v5 for demonstration of CVE-2025-21624.\nURL\uff1ahttps://github.com/shreyas-malhotra/CVE-2025-21624\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-04T13:26:34.000000Z"} https://vulnerability.circl.lu/sighting/5c6c7c3a-e174-4fd5-a69c-120b527e99c6/export Tue, 04 Mar 2025 13:26:34 +0000 https://vulnerability.circl.lu/sighting/17ebeecf-1ae4-43e1-8340-5fea1edb4238/export {"uuid": "17ebeecf-1ae4-43e1-8340-5fea1edb4238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "published-proof-of-concept", "source": "Telegram/AUcfxApx61EFHOeSqEfIRLhfCLQTn8bpNAF6AdXUDg93-Ws", "content": "", "creation_timestamp": "2025-03-04T22:00:06.000000Z"} {"uuid": "17ebeecf-1ae4-43e1-8340-5fea1edb4238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "published-proof-of-concept", "source": "Telegram/AUcfxApx61EFHOeSqEfIRLhfCLQTn8bpNAF6AdXUDg93-Ws", "content": "", "creation_timestamp": "2025-03-04T22:00:06.000000Z"} https://vulnerability.circl.lu/sighting/17ebeecf-1ae4-43e1-8340-5fea1edb4238/export Tue, 04 Mar 2025 22:00:06 +0000 https://vulnerability.circl.lu/sighting/b850a213-165f-4c75-a5de-8628d3dc5fc0/export {"uuid": "b850a213-165f-4c75-a5de-8628d3dc5fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2162", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12392", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2162\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-04-18T06:00:08.243Z\n\ud83d\udccf Modified: 2025-04-18T06:00:08.243Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/06063788-7ab8-49cc-9911-1d9926fcf99d/", "creation_timestamp": "2025-04-18T06:58:25.000000Z"} {"uuid": "b850a213-165f-4c75-a5de-8628d3dc5fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2162", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12392", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2162\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-04-18T06:00:08.243Z\n\ud83d\udccf Modified: 2025-04-18T06:00:08.243Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/06063788-7ab8-49cc-9911-1d9926fcf99d/", "creation_timestamp": "2025-04-18T06:58:25.000000Z"} https://vulnerability.circl.lu/sighting/b850a213-165f-4c75-a5de-8628d3dc5fc0/export Fri, 18 Apr 2025 06:58:25 +0000 https://vulnerability.circl.lu/sighting/2e77863e-9ebe-4da3-9ff7-18a78d6f0cd5/export {"uuid": "2e77863e-9ebe-4da3-9ff7-18a78d6f0cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21626", "type": "seen", "source": "MISP/8e1b6542-ae86-4729-a7a6-4e9f670b8bb7", "content": "", "creation_timestamp": "2025-08-22T17:25:06.000000Z"} {"uuid": "2e77863e-9ebe-4da3-9ff7-18a78d6f0cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21626", "type": "seen", "source": "MISP/8e1b6542-ae86-4729-a7a6-4e9f670b8bb7", "content": "", "creation_timestamp": "2025-08-22T17:25:06.000000Z"} https://vulnerability.circl.lu/sighting/2e77863e-9ebe-4da3-9ff7-18a78d6f0cd5/export Fri, 22 Aug 2025 17:25:06 +0000 https://vulnerability.circl.lu/sighting/44c844a2-ace2-4c20-abb4-c1b2de8e5743/export {"uuid": "44c844a2-ace2-4c20-abb4-c1b2de8e5743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21629", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} {"uuid": "44c844a2-ace2-4c20-abb4-c1b2de8e5743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-21629", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} https://vulnerability.circl.lu/sighting/44c844a2-ace2-4c20-abb4-c1b2de8e5743/export Wed, 03 Dec 2025 14:14:49 +0000 https://vulnerability.circl.lu/sighting/d1953f5e-4d0c-47cb-b983-9f4870dca0ef/export {"uuid": "d1953f5e-4d0c-47cb-b983-9f4870dca0ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21629", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} {"uuid": "d1953f5e-4d0c-47cb-b983-9f4870dca0ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-21629", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/d1953f5e-4d0c-47cb-b983-9f4870dca0ef/export Thu, 19 Mar 2026 00:00:00 +0000