https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 17:49:37 +0000 https://vulnerability.circl.lu/sighting/bdcc9d95-4753-4429-b319-7fd05bf881ca/export {"uuid": "bdcc9d95-4753-4429-b319-7fd05bf881ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "seen", "source": "https://t.me/cvedetector/24054", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-46549 - YesWiki Reflected Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-46549 \nPublished : April 29, 2025, 9:15 p.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T01:11:53.000000Z"} {"uuid": "bdcc9d95-4753-4429-b319-7fd05bf881ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "seen", "source": "https://t.me/cvedetector/24054", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-46549 - YesWiki Reflected Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-46549 \nPublished : April 29, 2025, 9:15 p.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"30 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T01:11:53.000000Z"} https://vulnerability.circl.lu/sighting/bdcc9d95-4753-4429-b319-7fd05bf881ca/export Wed, 30 Apr 2025 01:11:53 +0000 https://vulnerability.circl.lu/sighting/2b422513-7303-40cf-8f71-daac6516619f/export {"uuid": "2b422513-7303-40cf-8f71-daac6516619f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16899", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46543\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a.\n\ud83d\udccf Published: 2025-05-19T17:04:06.073Z\n\ud83d\udccf Modified: 2025-05-19T17:04:06.073Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/enhanced-paypal-shortcodes/vulnerability/wordpress-enhanced-paypal-shortcodes-plugin-0-5a-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T17:39:10.000000Z"} {"uuid": "2b422513-7303-40cf-8f71-daac6516619f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16899", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46543\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a.\n\ud83d\udccf Published: 2025-05-19T17:04:06.073Z\n\ud83d\udccf Modified: 2025-05-19T17:04:06.073Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/enhanced-paypal-shortcodes/vulnerability/wordpress-enhanced-paypal-shortcodes-plugin-0-5a-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T17:39:10.000000Z"} https://vulnerability.circl.lu/sighting/2b422513-7303-40cf-8f71-daac6516619f/export Mon, 19 May 2025 17:39:10 +0000 https://vulnerability.circl.lu/sighting/9e0830ef-aa95-4d15-a2d8-f2edfdf934ad/export {"uuid": "9e0830ef-aa95-4d15-a2d8-f2edfdf934ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/202", "content": "", "creation_timestamp": "2025-06-03T13:46:03.000000Z"} {"uuid": "9e0830ef-aa95-4d15-a2d8-f2edfdf934ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/202", "content": "", "creation_timestamp": "2025-06-03T13:46:03.000000Z"} https://vulnerability.circl.lu/sighting/9e0830ef-aa95-4d15-a2d8-f2edfdf934ad/export Tue, 03 Jun 2025 13:46:03 +0000 https://vulnerability.circl.lu/sighting/8f06f5bc-da33-4e84-852c-0ac2ac50607e/export {"uuid": "8f06f5bc-da33-4e84-852c-0ac2ac50607e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpn2wq4soa2", "content": "", "creation_timestamp": "2025-06-03T15:45:49.313240Z"} {"uuid": "8f06f5bc-da33-4e84-852c-0ac2ac50607e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpn2wq4soa2", "content": "", "creation_timestamp": "2025-06-03T15:45:49.313240Z"} https://vulnerability.circl.lu/sighting/8f06f5bc-da33-4e84-852c-0ac2ac50607e/export Tue, 03 Jun 2025 15:45:49 +0000 https://vulnerability.circl.lu/sighting/cbcce9e0-f0b7-4afc-8fee-7ed5079901bb/export {"uuid": "cbcce9e0-f0b7-4afc-8fee-7ed5079901bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lqpoc222742r", "content": "", "creation_timestamp": "2025-06-03T16:06:26.738279Z"} {"uuid": "cbcce9e0-f0b7-4afc-8fee-7ed5079901bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lqpoc222742r", "content": "", "creation_timestamp": "2025-06-03T16:06:26.738279Z"} https://vulnerability.circl.lu/sighting/cbcce9e0-f0b7-4afc-8fee-7ed5079901bb/export Tue, 03 Jun 2025 16:06:26 +0000 https://vulnerability.circl.lu/sighting/d6a3dbc8-5990-470e-bba1-b193e511c6a9/export {"uuid": "d6a3dbc8-5990-470e-bba1-b193e511c6a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18125", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46548\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied.\n\n\nUsers that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.\n\n\n\n\nAkka was affected by the same issue and has released the fix in version 1.6.1.\n\ud83d\udccf Published: 2025-06-03T14:45:32.890Z\n\ud83d\udccf Modified: 2025-06-11T17:44:23.190Z\n\ud83d\udd17 References:\n1. https://github.com/apache/pekko-management/pull/418\n2. https://github.com/akka/akka-management/pull/1385\n3. https://lists.apache.org/thread/tnd84hj9w0ggjcft6cp12q67d5jzhp66", "creation_timestamp": "2025-06-11T18:35:19.000000Z"} {"uuid": "d6a3dbc8-5990-470e-bba1-b193e511c6a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18125", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46548\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied.\n\n\nUsers that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.\n\n\n\n\nAkka was affected by the same issue and has released the fix in version 1.6.1.\n\ud83d\udccf Published: 2025-06-03T14:45:32.890Z\n\ud83d\udccf Modified: 2025-06-11T17:44:23.190Z\n\ud83d\udd17 References:\n1. https://github.com/apache/pekko-management/pull/418\n2. https://github.com/akka/akka-management/pull/1385\n3. https://lists.apache.org/thread/tnd84hj9w0ggjcft6cp12q67d5jzhp66", "creation_timestamp": "2025-06-11T18:35:19.000000Z"} https://vulnerability.circl.lu/sighting/d6a3dbc8-5990-470e-bba1-b193e511c6a9/export Wed, 11 Jun 2025 18:35:19 +0000 https://vulnerability.circl.lu/sighting/18b1063d-24ae-414d-899c-deb39201d528/export {"uuid": "18b1063d-24ae-414d-899c-deb39201d528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4654", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/20098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4654\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)\n\ud83d\udccf Published: 2025-07-02T03:47:24.306Z\n\ud83d\udccf Modified: 2025-07-02T03:47:24.306Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f29d476-0730-437c-8065-309523278efa?source=cve\n2. https://plugins.trac.wordpress.org/browser/soumettre-fr/tags/2.1.5/public/rest/class-soumettre-rest-route.php#L211", "creation_timestamp": "2025-07-02T04:12:22.000000Z"} {"uuid": "18b1063d-24ae-414d-899c-deb39201d528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4654", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/20098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4654\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)\n\ud83d\udccf Published: 2025-07-02T03:47:24.306Z\n\ud83d\udccf Modified: 2025-07-02T03:47:24.306Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f29d476-0730-437c-8065-309523278efa?source=cve\n2. https://plugins.trac.wordpress.org/browser/soumettre-fr/tags/2.1.5/public/rest/class-soumettre-rest-route.php#L211", "creation_timestamp": "2025-07-02T04:12:22.000000Z"} https://vulnerability.circl.lu/sighting/18b1063d-24ae-414d-899c-deb39201d528/export Wed, 02 Jul 2025 04:12:22 +0000 https://vulnerability.circl.lu/sighting/f39917bb-2903-4c6e-a7cf-838f9181699e/export {"uuid": "f39917bb-2903-4c6e-a7cf-838f9181699e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4654", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsxu4y5ttm2k", "content": "", "creation_timestamp": "2025-07-02T09:02:40.462714Z"} {"uuid": "f39917bb-2903-4c6e-a7cf-838f9181699e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4654", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsxu4y5ttm2k", "content": "", "creation_timestamp": "2025-07-02T09:02:40.462714Z"} https://vulnerability.circl.lu/sighting/f39917bb-2903-4c6e-a7cf-838f9181699e/export Wed, 02 Jul 2025 09:02:40 +0000 https://vulnerability.circl.lu/sighting/b5c44902-4963-4edd-9bea-748447529189/export {"uuid": "b5c44902-4963-4edd-9bea-748447529189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-46549.yaml", "content": "", "creation_timestamp": "2026-01-11T21:44:47.000000Z"} {"uuid": "b5c44902-4963-4edd-9bea-748447529189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-46549.yaml", "content": "", "creation_timestamp": "2026-01-11T21:44:47.000000Z"} https://vulnerability.circl.lu/sighting/b5c44902-4963-4edd-9bea-748447529189/export Sun, 11 Jan 2026 21:44:47 +0000 https://vulnerability.circl.lu/sighting/644f47b7-7b73-4072-9c2d-1e2893290a61/export {"uuid": "644f47b7-7b73-4072-9c2d-1e2893290a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mcfxrjunli23", "content": "", "creation_timestamp": "2026-01-14T21:03:06.134517Z"} {"uuid": "644f47b7-7b73-4072-9c2d-1e2893290a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mcfxrjunli23", "content": "", "creation_timestamp": "2026-01-14T21:03:06.134517Z"} https://vulnerability.circl.lu/sighting/644f47b7-7b73-4072-9c2d-1e2893290a61/export Wed, 14 Jan 2026 21:03:06 +0000