https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-23T01:53:30.261183+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/5b52f5f2-82cd-4de8-b23d-2c408c8ed9ae/export5b52f5f2-82cd-4de8-b23d-2c408c8ed9ae2026-06-23T01:53:30.504897+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "5b52f5f2-82cd-4de8-b23d-2c408c8ed9ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28917", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8868", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28917\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 2.9.2.\n\ud83d\udccf Published: 2025-03-26T14:24:24.733Z\n\ud83d\udccf Modified: 2025-03-26T15:10:48.837Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/custom-smilies-se/vulnerability/wordpress-custom-smilies-plugin-2-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-26T15:26:15.000000Z"}2025-03-26T15:26:15+00:00https://vulnerability.circl.lu/sighting/24c14637-02ea-48bf-9159-7bf8e37edd6d/export24c14637-02ea-48bf-9159-7bf8e37edd6d2026-06-23T01:53:30.504810+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "24c14637-02ea-48bf-9159-7bf8e37edd6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28916", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llc4nsjeg32v", "content": "", "creation_timestamp": "2025-03-26T15:40:20.370958Z"}2025-03-26T15:40:20.370958+00:00https://vulnerability.circl.lu/sighting/eae6261a-9d11-437d-aeb7-6748e2834414/exporteae6261a-9d11-437d-aeb7-6748e28344142026-06-23T01:53:30.504710+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "eae6261a-9d11-437d-aeb7-6748e2834414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28911", "type": "seen", "source": "https://t.me/cvedetector/21199", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-28911 - Gravity2Pdf Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-28911 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF allows Reflected XSS. This issue affects Gravity 2 PDF: from n/a through 3.1.3. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:27.000000Z"}2025-03-26T18:04:27+00:00https://vulnerability.circl.lu/sighting/d57cc29f-c890-46d9-bf8c-0d40568b57bd/exportd57cc29f-c890-46d9-bf8c-0d40568b57bd2026-06-23T01:53:30.504612+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "d57cc29f-c890-46d9-bf8c-0d40568b57bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28916", "type": "seen", "source": "https://t.me/cvedetector/21200", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-28916 - Docpro PHP Remote File Inclusion Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-28916 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:28.000000Z"}2025-03-26T18:04:28+00:00https://vulnerability.circl.lu/sighting/b2da3ae6-61b4-42c8-8263-bb7bdbe65505/exportb2da3ae6-61b4-42c8-8263-bb7bdbe655052026-06-23T01:53:30.504529+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "b2da3ae6-61b4-42c8-8263-bb7bdbe65505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28917", "type": "seen", "source": "https://t.me/cvedetector/21201", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-28917 - Apache NotFound Custom Smilies Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-28917 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 2.9.2. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:29.000000Z"}2025-03-26T18:04:29+00:00https://vulnerability.circl.lu/sighting/717b17b9-b874-44ac-b2d3-16966a089971/export717b17b9-b874-44ac-b2d3-16966a0899712026-06-23T01:53:30.504454+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "717b17b9-b874-44ac-b2d3-16966a089971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9860", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2891\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.\n\ud83d\udccf Published: 2025-04-01T07:29:12.911Z\n\ud83d\udccf Modified: 2025-04-01T07:29:12.911Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve\n2. https://contempothemes.com/changelog/", "creation_timestamp": "2025-04-01T07:32:09.000000Z"}2025-04-01T07:32:09+00:00https://vulnerability.circl.lu/sighting/7e61d077-8696-42f9-b00b-282621b8867a/export7e61d077-8696-42f9-b00b-282621b8867a2026-06-23T01:53:30.504383+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "7e61d077-8696-42f9-b00b-282621b8867a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114262074055767061", "content": "", "creation_timestamp": "2025-04-01T09:48:06.702418Z"}2025-04-01T09:48:06.702418+00:00https://vulnerability.circl.lu/sighting/dd23fdda-fa1e-47f8-9030-7def5b3ce432/exportdd23fdda-fa1e-47f8-9030-7def5b3ce4322026-06-23T01:53:30.504264+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "dd23fdda-fa1e-47f8-9030-7def5b3ce432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114262074055767061", "content": "", "creation_timestamp": "2025-04-01T09:48:06.704909Z"}2025-04-01T09:48:06.704909+00:00https://vulnerability.circl.lu/sighting/026176da-1a28-4d0f-a852-556568399d35/export026176da-1a28-4d0f-a852-556568399d352026-06-23T01:53:30.504152+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "026176da-1a28-4d0f-a852-556568399d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2891", "type": "seen", "source": "https://t.me/cvedetector/21738", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2891 - \"Real Estate 7 WordPress Theme Arbitrary File Upload Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-2891 \nPublished : April 1, 2025, 8:15 a.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T11:57:25.000000Z"}2025-04-01T11:57:25+00:00https://vulnerability.circl.lu/sighting/767386d6-d63f-4702-a865-fdb5538ecfa7/export767386d6-d63f-4702-a865-fdb5538ecfa72026-06-23T01:53:30.501415+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "767386d6-d63f-4702-a865-fdb5538ecfa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28915", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}2025-08-13T13:26:34+00:00