Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 31 May 2026 05:52:23 +0000 a17cd8c4-ef46-45e8-a86c-7a10808ed88a https://vulnerability.circl.lu/sighting/a17cd8c4-ef46-45e8-a86c-7a10808ed88a/export {"uuid": "a17cd8c4-ef46-45e8-a86c-7a10808ed88a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25605", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4955", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25605\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.\n\ud83d\udccf Published: 2025-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T18:44:44.812Z\n\ud83d\udd17 References:\n1. https://github.com/sezangel/IOT-vul/tree/main/Totolink/X5000R/4", "creation_timestamp": "2025-02-21T19:18:34.000000Z"} {"uuid": "a17cd8c4-ef46-45e8-a86c-7a10808ed88a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25605", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4955", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25605\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.\n\ud83d\udccf Published: 2025-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T18:44:44.812Z\n\ud83d\udd17 References:\n1. https://github.com/sezangel/IOT-vul/tree/main/Totolink/X5000R/4", "creation_timestamp": "2025-02-21T19:18:34.000000Z"} https://vulnerability.circl.lu/sighting/a17cd8c4-ef46-45e8-a86c-7a10808ed88a/export Fri, 21 Feb 2025 19:18:34 +0000 a6e57a88-3bdb-4a0a-8ad6-c6d795ba3736 https://vulnerability.circl.lu/sighting/a6e57a88-3bdb-4a0a-8ad6-c6d795ba3736/export {"uuid": "a6e57a88-3bdb-4a0a-8ad6-c6d795ba3736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25604", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4954", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25604\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.\n\ud83d\udccf Published: 2025-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T18:46:49.852Z\n\ud83d\udd17 References:\n1. https://github.com/sezangel/IOT-vul/tree/main/Totolink/X5000R/5", "creation_timestamp": "2025-02-21T19:18:34.000000Z"} {"uuid": "a6e57a88-3bdb-4a0a-8ad6-c6d795ba3736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25604", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4954", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25604\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.\n\ud83d\udccf Published: 2025-02-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T18:46:49.852Z\n\ud83d\udd17 References:\n1. https://github.com/sezangel/IOT-vul/tree/main/Totolink/X5000R/5", "creation_timestamp": "2025-02-21T19:18:34.000000Z"} https://vulnerability.circl.lu/sighting/a6e57a88-3bdb-4a0a-8ad6-c6d795ba3736/export Fri, 21 Feb 2025 19:18:34 +0000 e1938dfe-016b-4006-a027-f02171f64159 https://vulnerability.circl.lu/sighting/e1938dfe-016b-4006-a027-f02171f64159/export {"uuid": "e1938dfe-016b-4006-a027-f02171f64159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25605", "type": "seen", "source": "https://t.me/cvedetector/18683", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-25605 - Totolink X5000R Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-25605 \nPublished : Feb. 21, 2025, 7:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T22:17:11.000000Z"} {"uuid": "e1938dfe-016b-4006-a027-f02171f64159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25605", "type": "seen", "source": "https://t.me/cvedetector/18683", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-25605 - Totolink X5000R Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-25605 \nPublished : Feb. 21, 2025, 7:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T22:17:11.000000Z"} https://vulnerability.circl.lu/sighting/e1938dfe-016b-4006-a027-f02171f64159/export Fri, 21 Feb 2025 22:17:11 +0000 81d0193e-030d-4e7a-8854-cdd68a98cf41 https://vulnerability.circl.lu/sighting/81d0193e-030d-4e7a-8854-cdd68a98cf41/export {"uuid": "81d0193e-030d-4e7a-8854-cdd68a98cf41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25604", "type": "seen", "source": "https://t.me/cvedetector/18685", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-25604 - Totolink X5000R Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-25604 \nPublished : Feb. 21, 2025, 7:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T22:17:13.000000Z"} {"uuid": "81d0193e-030d-4e7a-8854-cdd68a98cf41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25604", "type": "seen", "source": "https://t.me/cvedetector/18685", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-25604 - Totolink X5000R Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-25604 \nPublished : Feb. 21, 2025, 7:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T22:17:13.000000Z"} https://vulnerability.circl.lu/sighting/81d0193e-030d-4e7a-8854-cdd68a98cf41/export Fri, 21 Feb 2025 22:17:13 +0000 9428cd5f-1484-4356-b64b-1c6419684d14 https://vulnerability.circl.lu/sighting/9428cd5f-1484-4356-b64b-1c6419684d14/export {"uuid": "9428cd5f-1484-4356-b64b-1c6419684d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25609", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5958", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25609\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa\n\ud83d\udccf Published: 2025-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T18:53:32.725Z\n\ud83d\udd17 References:\n1. https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_ipv6.md", "creation_timestamp": "2025-02-28T19:27:03.000000Z"} {"uuid": "9428cd5f-1484-4356-b64b-1c6419684d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25609", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5958", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25609\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa\n\ud83d\udccf Published: 2025-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T18:53:32.725Z\n\ud83d\udd17 References:\n1. https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_ipv6.md", "creation_timestamp": "2025-02-28T19:27:03.000000Z"} https://vulnerability.circl.lu/sighting/9428cd5f-1484-4356-b64b-1c6419684d14/export Fri, 28 Feb 2025 19:27:03 +0000 4c6f14b4-5b4c-4937-9ab4-b37547398bcc https://vulnerability.circl.lu/sighting/4c6f14b4-5b4c-4937-9ab4-b37547398bcc/export {"uuid": "4c6f14b4-5b4c-4937-9ab4-b37547398bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25609", "type": "seen", "source": "https://t.me/cvedetector/19184", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-25609 - TOTOlink A3002R Buffer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-25609 \nPublished : Feb. 28, 2025, 7:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T22:03:07.000000Z"} {"uuid": "4c6f14b4-5b4c-4937-9ab4-b37547398bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25609", "type": "seen", "source": "https://t.me/cvedetector/19184", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-25609 - TOTOlink A3002R Buffer Overflow Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-25609 \nPublished : Feb. 28, 2025, 7:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T22:03:07.000000Z"} https://vulnerability.circl.lu/sighting/4c6f14b4-5b4c-4937-9ab4-b37547398bcc/export Fri, 28 Feb 2025 22:03:07 +0000 15de97bd-f710-47cd-ad23-4606ac8dfa0d https://vulnerability.circl.lu/sighting/15de97bd-f710-47cd-ad23-4606ac8dfa0d/export {"uuid": "15de97bd-f710-47cd-ad23-4606ac8dfa0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2560", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16806", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2560\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-19T06:00:05.453Z\n\ud83d\udccf Modified: 2025-05-19T06:00:05.453Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/2adaa55a-4a6d-40ca-ae19-fcb82420894a/", "creation_timestamp": "2025-05-19T06:38:50.000000Z"} {"uuid": "15de97bd-f710-47cd-ad23-4606ac8dfa0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2560", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16806", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2560\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-19T06:00:05.453Z\n\ud83d\udccf Modified: 2025-05-19T06:00:05.453Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/2adaa55a-4a6d-40ca-ae19-fcb82420894a/", "creation_timestamp": "2025-05-19T06:38:50.000000Z"} https://vulnerability.circl.lu/sighting/15de97bd-f710-47cd-ad23-4606ac8dfa0d/export Mon, 19 May 2025 06:38:50 +0000 6244a238-34ce-477a-bed7-03292bc0f464 https://vulnerability.circl.lu/sighting/6244a238-34ce-477a-bed7-03292bc0f464/export {"uuid": "6244a238-34ce-477a-bed7-03292bc0f464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25609", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:29.000000Z"} {"uuid": "6244a238-34ce-477a-bed7-03292bc0f464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25609", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:29.000000Z"} https://vulnerability.circl.lu/sighting/6244a238-34ce-477a-bed7-03292bc0f464/export Tue, 19 Aug 2025 18:29:29 +0000