https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 13 Jun 2026 06:30:07 +0000 https://vulnerability.circl.lu/sighting/0a0afb3f-d4a0-4c87-b186-207a49409439/export {"uuid": "0a0afb3f-d4a0-4c87-b186-207a49409439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3140", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3140\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T04:31:05.693Z\n\ud83d\udccf Modified: 2025-04-03T13:10:23.408Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303045\n2. https://vuldb.com/?ctiid.303045\n3. https://vuldb.com/?submit.525308\n4. https://github.com/Lena-lyy/SQL/blob/main/SQL1.md\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-04-03T13:35:06.000000Z"} {"uuid": "0a0afb3f-d4a0-4c87-b186-207a49409439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3140", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3140\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T04:31:05.693Z\n\ud83d\udccf Modified: 2025-04-03T13:10:23.408Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303045\n2. https://vuldb.com/?ctiid.303045\n3. https://vuldb.com/?submit.525308\n4. https://github.com/Lena-lyy/SQL/blob/main/SQL1.md\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-04-03T13:35:06.000000Z"} https://vulnerability.circl.lu/sighting/0a0afb3f-d4a0-4c87-b186-207a49409439/export Thu, 03 Apr 2025 13:35:06 +0000 https://vulnerability.circl.lu/sighting/8572d481-9cbe-427a-ba41-f0e63a97a4ec/export {"uuid": "8572d481-9cbe-427a-ba41-f0e63a97a4ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31405", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10437", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31405\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5.\n\ud83d\udccf Published: 2025-04-04T13:26:10.946Z\n\ud83d\udccf Modified: 2025-04-04T13:26:10.946Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/fami-woocommerce-compare/vulnerability/wordpress-fami-woocommerce-compare-plugin-1-0-5-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:43.000000Z"} {"uuid": "8572d481-9cbe-427a-ba41-f0e63a97a4ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31405", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10437", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31405\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5.\n\ud83d\udccf Published: 2025-04-04T13:26:10.946Z\n\ud83d\udccf Modified: 2025-04-04T13:26:10.946Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/fami-woocommerce-compare/vulnerability/wordpress-fami-woocommerce-compare-plugin-1-0-5-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:43.000000Z"} https://vulnerability.circl.lu/sighting/8572d481-9cbe-427a-ba41-f0e63a97a4ec/export Fri, 04 Apr 2025 13:35:43 +0000 https://vulnerability.circl.lu/sighting/a58b7a59-62d8-4e98-828e-fad79a23b1b7/export {"uuid": "a58b7a59-62d8-4e98-828e-fad79a23b1b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31407", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10439", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31407\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.\n\ud83d\udccf Published: 2025-04-04T13:24:56.744Z\n\ud83d\udccf Modified: 2025-04-04T13:24:56.744Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/tiger/vulnerability/wordpress-tiger-theme-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:44.000000Z"} {"uuid": "a58b7a59-62d8-4e98-828e-fad79a23b1b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31407", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10439", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31407\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.\n\ud83d\udccf Published: 2025-04-04T13:24:56.744Z\n\ud83d\udccf Modified: 2025-04-04T13:24:56.744Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/tiger/vulnerability/wordpress-tiger-theme-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:44.000000Z"} https://vulnerability.circl.lu/sighting/a58b7a59-62d8-4e98-828e-fad79a23b1b7/export Fri, 04 Apr 2025 13:35:44 +0000 https://vulnerability.circl.lu/sighting/edf1e9c1-57ba-49d5-aa98-d86aea50f86a/export {"uuid": "edf1e9c1-57ba-49d5-aa98-d86aea50f86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llyninijha2p", "content": "", "creation_timestamp": "2025-04-04T14:40:15.091205Z"} {"uuid": "edf1e9c1-57ba-49d5-aa98-d86aea50f86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llyninijha2p", "content": "", "creation_timestamp": "2025-04-04T14:40:15.091205Z"} https://vulnerability.circl.lu/sighting/edf1e9c1-57ba-49d5-aa98-d86aea50f86a/export Fri, 04 Apr 2025 14:40:15 +0000 https://vulnerability.circl.lu/sighting/a87a1372-5d13-47ed-b38e-7ba44cb77f8c/export {"uuid": "a87a1372-5d13-47ed-b38e-7ba44cb77f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280477286926972", "content": "", "creation_timestamp": "2025-04-04T15:48:17.558443Z"} {"uuid": "a87a1372-5d13-47ed-b38e-7ba44cb77f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280477286926972", "content": "", "creation_timestamp": "2025-04-04T15:48:17.558443Z"} https://vulnerability.circl.lu/sighting/a87a1372-5d13-47ed-b38e-7ba44cb77f8c/export Fri, 04 Apr 2025 15:48:17 +0000 https://vulnerability.circl.lu/sighting/5115a146-fada-4871-8fc1-d8448a6e9814/export {"uuid": "5115a146-fada-4871-8fc1-d8448a6e9814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280477286926972", "content": "", "creation_timestamp": "2025-04-04T15:48:17.560164Z"} {"uuid": "5115a146-fada-4871-8fc1-d8448a6e9814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114280477286926972", "content": "", "creation_timestamp": "2025-04-04T15:48:17.560164Z"} https://vulnerability.circl.lu/sighting/5115a146-fada-4871-8fc1-d8448a6e9814/export Fri, 04 Apr 2025 15:48:17 +0000 https://vulnerability.circl.lu/sighting/3b36e286-ea1d-43de-ae17-ef4c4283ba64/export {"uuid": "3b36e286-ea1d-43de-ae17-ef4c4283ba64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llys3ni4yz2z", "content": "", "creation_timestamp": "2025-04-04T16:02:27.241537Z"} {"uuid": "3b36e286-ea1d-43de-ae17-ef4c4283ba64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llys3ni4yz2z", "content": "", "creation_timestamp": "2025-04-04T16:02:27.241537Z"} https://vulnerability.circl.lu/sighting/3b36e286-ea1d-43de-ae17-ef4c4283ba64/export Fri, 04 Apr 2025 16:02:27 +0000 https://vulnerability.circl.lu/sighting/e89258c6-461e-4644-bb5a-6bd14bc32b39/export {"uuid": "e89258c6-461e-4644-bb5a-6bd14bc32b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://t.me/cvedetector/22134", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31403 - Shiptrack SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31403 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:21.000000Z"} {"uuid": "e89258c6-461e-4644-bb5a-6bd14bc32b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31403", "type": "seen", "source": "https://t.me/cvedetector/22134", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31403 - Shiptrack SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31403 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:21.000000Z"} https://vulnerability.circl.lu/sighting/e89258c6-461e-4644-bb5a-6bd14bc32b39/export Fri, 04 Apr 2025 18:01:21 +0000 https://vulnerability.circl.lu/sighting/a2362b32-e7cf-408c-9640-8271998816e9/export {"uuid": "a2362b32-e7cf-408c-9640-8271998816e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31405", "type": "seen", "source": "https://t.me/cvedetector/22135", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31405 - Zankover Fami WooCommerce Compare PHP Local File Inclusion\", \n \"Content\": \"CVE ID : CVE-2025-31405 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:22.000000Z"} {"uuid": "a2362b32-e7cf-408c-9640-8271998816e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31405", "type": "seen", "source": "https://t.me/cvedetector/22135", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31405 - Zankover Fami WooCommerce Compare PHP Local File Inclusion\", \n \"Content\": \"CVE ID : CVE-2025-31405 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:22.000000Z"} https://vulnerability.circl.lu/sighting/a2362b32-e7cf-408c-9640-8271998816e9/export Fri, 04 Apr 2025 18:01:22 +0000 https://vulnerability.circl.lu/sighting/92d59a75-958c-4d0c-96c5-06c1f77a561f/export {"uuid": "92d59a75-958c-4d0c-96c5-06c1f77a561f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31407", "type": "seen", "source": "https://t.me/cvedetector/22136", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31407 - Hutsixdigital Tiger Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31407 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:23.000000Z"} {"uuid": "92d59a75-958c-4d0c-96c5-06c1f77a561f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31407", "type": "seen", "source": "https://t.me/cvedetector/22136", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31407 - Hutsixdigital Tiger Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31407 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:23.000000Z"} https://vulnerability.circl.lu/sighting/92d59a75-958c-4d0c-96c5-06c1f77a561f/export Fri, 04 Apr 2025 18:01:23 +0000