Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 17:26:46 +0000 9583e2ca-4f80-4ab1-b4b2-8cc4674be7d4 https://vulnerability.circl.lu/sighting/9583e2ca-4f80-4ab1-b4b2-8cc4674be7d4/export {"uuid": "9583e2ca-4f80-4ab1-b4b2-8cc4674be7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6705", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19750", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6705\n\ud83d\udd25 CVSS Score: 7.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: On open-vsx.org https://open-vsx.org/ \u00a0it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of CI job runs. An attacker who had access to an existing extension could take over the service account of the marketplace. The issue has been fixed on June 24th, 2025 and the vulnerable code present in the publish-extension code repository.\n\ud83d\udccf Published: 2025-06-27T14:57:06.595Z\n\ud83d\udccf Modified: 2025-06-27T16:21:22.026Z\n\ud83d\udd17 References:\n1. https://open-vsx.org\n2. https://github.com/EclipseFdn/publish-extensions/pull/881", "creation_timestamp": "2025-06-27T16:57:30.000000Z"} {"uuid": "9583e2ca-4f80-4ab1-b4b2-8cc4674be7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6705", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19750", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6705\n\ud83d\udd25 CVSS Score: 7.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: On open-vsx.org https://open-vsx.org/ \u00a0it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of CI job runs. An attacker who had access to an existing extension could take over the service account of the marketplace. The issue has been fixed on June 24th, 2025 and the vulnerable code present in the publish-extension code repository.\n\ud83d\udccf Published: 2025-06-27T14:57:06.595Z\n\ud83d\udccf Modified: 2025-06-27T16:21:22.026Z\n\ud83d\udd17 References:\n1. https://open-vsx.org\n2. https://github.com/EclipseFdn/publish-extensions/pull/881", "creation_timestamp": "2025-06-27T16:57:30.000000Z"} https://vulnerability.circl.lu/sighting/9583e2ca-4f80-4ab1-b4b2-8cc4674be7d4/export Fri, 27 Jun 2025 16:57:30 +0000