https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 30 May 2026 06:14:47 +0000 https://vulnerability.circl.lu/sighting/67c2a833-1f72-4de1-80fc-ab0639c8a5f1/export {"uuid": "67c2a833-1f72-4de1-80fc-ab0639c8a5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-27145", "type": "published-proof-of-concept", "source": "https://github.com/9001/copyparty/security/advisories/GHSA-m2jw-cj8v-937r", "content": "", "creation_timestamp": "2025-02-25T01:31:40.000000Z"} {"uuid": "67c2a833-1f72-4de1-80fc-ab0639c8a5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-27145", "type": "published-proof-of-concept", "source": "https://github.com/9001/copyparty/security/advisories/GHSA-m2jw-cj8v-937r", "content": "", "creation_timestamp": "2025-02-25T01:31:40.000000Z"} https://vulnerability.circl.lu/sighting/67c2a833-1f72-4de1-80fc-ab0639c8a5f1/export Tue, 25 Feb 2025 01:31:40 +0000 https://vulnerability.circl.lu/sighting/1da003bb-c763-4fee-a253-eb72dde9a2cb/export {"uuid": "1da003bb-c763-4fee-a253-eb72dde9a2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27145", "type": "seen", "source": "https://t.me/cvedetector/18848", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-27145 - \"copyparty DOM-Based Cross-Site Scripting Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-27145 \nPublished : Feb. 25, 2025, 2:15 a.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the same privileges as that user. For example, this could give unintended read-access to files owned by that user. The bug is triggered by the drag-drop action itself; it is not necessary to actually initiate the upload. The file must be empty (zero bytes). Note that, as a general-purpose webserver, it is intentionally possible to upload HTML-files with arbitrary javascript in `\",\n \"Detection Date\": \"25 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T04:49:57.000000Z"} {"uuid": "1da003bb-c763-4fee-a253-eb72dde9a2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27145", "type": "seen", "source": "https://t.me/cvedetector/18848", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-27145 - \"copyparty DOM-Based Cross-Site Scripting Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-27145 \nPublished : Feb. 25, 2025, 2:15 a.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the same privileges as that user. For example, this could give unintended read-access to files owned by that user. The bug is triggered by the drag-drop action itself; it is not necessary to actually initiate the upload. The file must be empty (zero bytes). Note that, as a general-purpose webserver, it is intentionally possible to upload HTML-files with arbitrary javascript in `\",\n \"Detection Date\": \"25 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T04:49:57.000000Z"} https://vulnerability.circl.lu/sighting/1da003bb-c763-4fee-a253-eb72dde9a2cb/export Tue, 25 Feb 2025 04:49:57 +0000