https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 31 May 2026 12:23:40 +0000 https://vulnerability.circl.lu/sighting/f5597609-ee21-4394-a586-4951e98f216b/export {"uuid": "f5597609-ee21-4394-a586-4951e98f216b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22907", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113838818205014386", "content": "", "creation_timestamp": "2025-01-16T15:48:40.299965Z"} {"uuid": "f5597609-ee21-4394-a586-4951e98f216b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22907", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113838818205014386", "content": "", "creation_timestamp": "2025-01-16T15:48:40.299965Z"} https://vulnerability.circl.lu/sighting/f5597609-ee21-4394-a586-4951e98f216b/export Thu, 16 Jan 2025 15:48:40 +0000 https://vulnerability.circl.lu/sighting/f5131460-b2e4-4b00-9d3a-0f90c15aef64/export {"uuid": "f5131460-b2e4-4b00-9d3a-0f90c15aef64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2290", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8020", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2290\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to \"Trash\" for every published post, therefore limiting the availability of the website's content.\n\ud83d\udccf Published: 2025-03-19T04:21:05.815Z\n\ud83d\udccf Modified: 2025-03-19T04:21:05.815Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f64dbf2-b75a-4a35-9b4e-413b8fd1fff0?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3257328/lifterlms/trunk/includes/class.llms.ajax.handler.php", "creation_timestamp": "2025-03-19T04:48:47.000000Z"} {"uuid": "f5131460-b2e4-4b00-9d3a-0f90c15aef64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2290", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8020", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2290\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to \"Trash\" for every published post, therefore limiting the availability of the website's content.\n\ud83d\udccf Published: 2025-03-19T04:21:05.815Z\n\ud83d\udccf Modified: 2025-03-19T04:21:05.815Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f64dbf2-b75a-4a35-9b4e-413b8fd1fff0?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3257328/lifterlms/trunk/includes/class.llms.ajax.handler.php", "creation_timestamp": "2025-03-19T04:48:47.000000Z"} https://vulnerability.circl.lu/sighting/f5131460-b2e4-4b00-9d3a-0f90c15aef64/export Wed, 19 Mar 2025 04:48:47 +0000 https://vulnerability.circl.lu/sighting/518abb06-e8fb-40fe-bf0c-4ff6102864bb/export {"uuid": "518abb06-e8fb-40fe-bf0c-4ff6102864bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2290", "type": "seen", "source": "https://t.me/cvedetector/20624", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2290 - LifterLMS WordPress Plugin Unauthenticated Post Trashing Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2290 \nPublished : March 19, 2025, 5:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to \"Trash\" for every published post, therefore limiting the availability of the website's content. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T07:57:41.000000Z"} {"uuid": "518abb06-e8fb-40fe-bf0c-4ff6102864bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2290", "type": "seen", "source": "https://t.me/cvedetector/20624", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2290 - LifterLMS WordPress Plugin Unauthenticated Post Trashing Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2290 \nPublished : March 19, 2025, 5:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to \"Trash\" for every published post, therefore limiting the availability of the website's content. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T07:57:41.000000Z"} https://vulnerability.circl.lu/sighting/518abb06-e8fb-40fe-bf0c-4ff6102864bb/export Wed, 19 Mar 2025 07:57:41 +0000 https://vulnerability.circl.lu/sighting/3032e157-e152-4475-a1f7-3556170c996b/export {"uuid": "3032e157-e152-4475-a1f7-3556170c996b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8230", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22905\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.\n\ud83d\udccf Published: 2025-01-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T15:44:05.771Z\n\ud83d\udd17 References:\n1. https://www.edimax.com/edimax/global/\n2. http://re11s.com\n3. https://github.com/xyqer1/RE11S_1.11-mp-CommandInjection", "creation_timestamp": "2025-03-20T16:18:21.000000Z"} {"uuid": "3032e157-e152-4475-a1f7-3556170c996b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8230", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22905\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.\n\ud83d\udccf Published: 2025-01-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T15:44:05.771Z\n\ud83d\udd17 References:\n1. https://www.edimax.com/edimax/global/\n2. http://re11s.com\n3. https://github.com/xyqer1/RE11S_1.11-mp-CommandInjection", "creation_timestamp": "2025-03-20T16:18:21.000000Z"} https://vulnerability.circl.lu/sighting/3032e157-e152-4475-a1f7-3556170c996b/export Thu, 20 Mar 2025 16:18:21 +0000 https://vulnerability.circl.lu/sighting/57372fb7-8bb4-432c-8ebc-9d4872b2b031/export {"uuid": "57372fb7-8bb4-432c-8ebc-9d4872b2b031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22903", "type": "seen", "source": "https://t.me/cvedetector/22997", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22903 - TOTOLINK N600R Stack Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22903 \nPublished : April 15, 2025, 7:16 p.m. | 56\u00a0minutes ago \nDescription : TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T22:28:03.000000Z"} {"uuid": "57372fb7-8bb4-432c-8ebc-9d4872b2b031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22903", "type": "seen", "source": "https://t.me/cvedetector/22997", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22903 - TOTOLINK N600R Stack Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22903 \nPublished : April 15, 2025, 7:16 p.m. | 56\u00a0minutes ago \nDescription : TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T22:28:03.000000Z"} https://vulnerability.circl.lu/sighting/57372fb7-8bb4-432c-8ebc-9d4872b2b031/export Tue, 15 Apr 2025 22:28:03 +0000 https://vulnerability.circl.lu/sighting/4ec66018-c1f6-43bb-ab57-9618cc12c53b/export {"uuid": "4ec66018-c1f6-43bb-ab57-9618cc12c53b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22900", "type": "seen", "source": "https://t.me/cvedetector/23005", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22900 - Totolink N600R Buffer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22900 \nPublished : April 15, 2025, 7:16 p.m. | 56\u00a0minutes ago \nDescription : Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T22:28:12.000000Z"} {"uuid": "4ec66018-c1f6-43bb-ab57-9618cc12c53b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22900", "type": "seen", "source": "https://t.me/cvedetector/23005", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22900 - Totolink N600R Buffer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22900 \nPublished : April 15, 2025, 7:16 p.m. | 56\u00a0minutes ago \nDescription : Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T22:28:12.000000Z"} https://vulnerability.circl.lu/sighting/4ec66018-c1f6-43bb-ab57-9618cc12c53b/export Tue, 15 Apr 2025 22:28:12 +0000 https://vulnerability.circl.lu/sighting/069c15a0-6462-4fe3-9567-8a7f72f259c8/export {"uuid": "069c15a0-6462-4fe3-9567-8a7f72f259c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22900", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114348661119837676", "content": "", "creation_timestamp": "2025-04-16T16:48:21.665163Z"} {"uuid": "069c15a0-6462-4fe3-9567-8a7f72f259c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22900", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114348661119837676", "content": "", "creation_timestamp": "2025-04-16T16:48:21.665163Z"} https://vulnerability.circl.lu/sighting/069c15a0-6462-4fe3-9567-8a7f72f259c8/export Wed, 16 Apr 2025 16:48:21 +0000 https://vulnerability.circl.lu/sighting/91d2a958-a792-45ef-82af-be798b0db84c/export {"uuid": "91d2a958-a792-45ef-82af-be798b0db84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22903", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12137", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.\n\ud83d\udccf Published: 2025-04-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T18:33:46.384Z\n\ud83d\udd17 References:\n1. https://github.com/xyqer1/TOTLINK-N600R-setWiFiWpsConfig-StackOverflow", "creation_timestamp": "2025-04-16T18:56:16.000000Z"} {"uuid": "91d2a958-a792-45ef-82af-be798b0db84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22903", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12137", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22903\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.\n\ud83d\udccf Published: 2025-04-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-16T18:33:46.384Z\n\ud83d\udd17 References:\n1. https://github.com/xyqer1/TOTLINK-N600R-setWiFiWpsConfig-StackOverflow", "creation_timestamp": "2025-04-16T18:56:16.000000Z"} https://vulnerability.circl.lu/sighting/91d2a958-a792-45ef-82af-be798b0db84c/export Wed, 16 Apr 2025 18:56:16 +0000 https://vulnerability.circl.lu/sighting/221a7e04-8919-4dca-84c9-4b15a01e2cd2/export {"uuid": "221a7e04-8919-4dca-84c9-4b15a01e2cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-7d94594b-ae20c1dc5483d2a2", "content": "", "creation_timestamp": "2025-10-11T06:19:01.060954Z"} {"uuid": "221a7e04-8919-4dca-84c9-4b15a01e2cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-7d94594b-ae20c1dc5483d2a2", "content": "", "creation_timestamp": "2025-10-11T06:19:01.060954Z"} https://vulnerability.circl.lu/sighting/221a7e04-8919-4dca-84c9-4b15a01e2cd2/export Sat, 11 Oct 2025 06:19:01 +0000 https://vulnerability.circl.lu/sighting/a4c86760-e9e3-4d1a-a362-95233954c4e9/export {"uuid": "a4c86760-e9e3-4d1a-a362-95233954c4e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "seen", "source": "MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a", "content": "", "creation_timestamp": "2025-10-14T10:31:56.000000Z"} {"uuid": "a4c86760-e9e3-4d1a-a362-95233954c4e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22905", "type": "seen", "source": "MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a", "content": "", "creation_timestamp": "2025-10-14T10:31:56.000000Z"} https://vulnerability.circl.lu/sighting/a4c86760-e9e3-4d1a-a362-95233954c4e9/export Tue, 14 Oct 2025 10:31:56 +0000