https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 05:04:36 +0000 https://vulnerability.circl.lu/sighting/2b9fe65d-5f32-430d-bab7-7eefabe33c66/export {"uuid": "2b9fe65d-5f32-430d-bab7-7eefabe33c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26662", "type": "seen", "source": "https://t.me/cvedetector/25154", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-26662 - Apache Data Services Management Console Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-26662 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:30.000000Z"} {"uuid": "2b9fe65d-5f32-430d-bab7-7eefabe33c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26662", "type": "seen", "source": "https://t.me/cvedetector/25154", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-26662 - Apache Data Services Management Console Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-26662 \nPublished : May 13, 2025, 1:15 a.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T05:30:30.000000Z"} https://vulnerability.circl.lu/sighting/2b9fe65d-5f32-430d-bab7-7eefabe33c66/export Tue, 13 May 2025 05:30:30 +0000 https://vulnerability.circl.lu/sighting/84b969b6-c8a1-4ff0-ac75-1509e6b573a6/export {"uuid": "84b969b6-c8a1-4ff0-ac75-1509e6b573a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26662", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26662\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.\n\ud83d\udccf Published: 2025-05-13T00:09:05.682Z\n\ud83d\udccf Modified: 2025-05-13T14:06:48.738Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3558755\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-05-13T14:30:56.000000Z"} {"uuid": "84b969b6-c8a1-4ff0-ac75-1509e6b573a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26662", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26662\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.\n\ud83d\udccf Published: 2025-05-13T00:09:05.682Z\n\ud83d\udccf Modified: 2025-05-13T14:06:48.738Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3558755\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-05-13T14:30:56.000000Z"} https://vulnerability.circl.lu/sighting/84b969b6-c8a1-4ff0-ac75-1509e6b573a6/export Tue, 13 May 2025 14:30:56 +0000