https://vulnerability.circl.lu/sightings/feed 2026-06-13T05:43:21.002032+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/e78896d5-0b6c-4811-8cf5-13e7c24d0546/export 2026-06-13T05:43:21.165623+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "e78896d5-0b6c-4811-8cf5-13e7c24d0546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47679", "type": "seen", "source": "https://t.me/cvedetector/24731", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-47679 - RS WP Book Showcase Cross-site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-47679 \nPublished : May 7, 2025, 3:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T19:00:59.000000Z"} 2025-05-07T19:00:59+00:00 https://vulnerability.circl.lu/sighting/a645ae4d-b884-420d-ac34-9061613f02b6/export 2026-06-13T05:43:21.165536+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "a645ae4d-b884-420d-ac34-9061613f02b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47676", "type": "seen", "source": "https://t.me/cvedetector/24732", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-47676 - Faiyaz Alam User Login History Stored Cross-site Scripting\", \n \"Content\": \"CVE ID : CVE-2025-47676 \nPublished : May 7, 2025, 3:16 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faiyaz Alam User Login History allows Stored XSS. This issue affects User Login History: from n/a through 2.1.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-07T19:00:59.000000Z"} 2025-05-07T19:00:59+00:00 https://vulnerability.circl.lu/sighting/bbd25985-aa48-48f4-83bd-9ebba62f0ef8/export 2026-06-13T05:43:21.165449+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "bbd25985-aa48-48f4-83bd-9ebba62f0ef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4767", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16664", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4767\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py of the component Test Endpoint. The manipulation of the argument input_model leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-16T09:31:26.176Z\n\ud83d\udccf Modified: 2025-05-16T09:31:26.176Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309068\n2. https://vuldb.com/?ctiid.309068\n3. https://vuldb.com/?submit.571363\n4. https://github.com/defog-ai/introspect/issues/496\n5. https://github.com/defog-ai/introspect/issues/496#issue-3036183861", "creation_timestamp": "2025-05-16T09:34:48.000000Z"} 2025-05-16T09:34:48+00:00 https://vulnerability.circl.lu/sighting/2d40a9df-0385-4834-bf3b-07bb27825b15/export 2026-06-13T05:43:21.165371+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "2d40a9df-0385-4834-bf3b-07bb27825b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4767", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpc3nxgql424", "content": "", "creation_timestamp": "2025-05-16T13:03:17.530103Z"} 2025-05-16T13:03:17.530103+00:00 https://vulnerability.circl.lu/sighting/69e629f5-4c40-4d1c-9ec0-8e4833b75bcc/export 2026-06-13T05:43:21.165296+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "69e629f5-4c40-4d1c-9ec0-8e4833b75bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47672", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lptvpv3e6f2r", "content": "", "creation_timestamp": "2025-05-23T15:04:54.659998Z"} 2025-05-23T15:04:54.659998+00:00 https://vulnerability.circl.lu/sighting/4dfb3764-1a70-451f-97f6-e72bd4184c35/export 2026-06-13T05:43:21.165217+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "4dfb3764-1a70-451f-97f6-e72bd4184c35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47670", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lptwlcri3z2j", "content": "", "creation_timestamp": "2025-05-23T15:20:15.215679Z"} 2025-05-23T15:20:15.215679+00:00 https://vulnerability.circl.lu/sighting/0fa887cb-afbf-4e62-9c5f-17377936ba97/export 2026-06-13T05:43:21.165138+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "0fa887cb-afbf-4e62-9c5f-17377936ba97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47678", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17440", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47678\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.\n\ud83d\udccf Published: 2025-05-23T12:43:19.709Z\n\ud83d\udccf Modified: 2025-05-23T17:22:59.314Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/funnelcockpit/vulnerability/wordpress-funnelcockpit-plugin-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:44:53.000000Z"} 2025-05-23T17:44:53+00:00 https://vulnerability.circl.lu/sighting/d03d3f35-c156-4321-97ea-a20edaecf1fe/export 2026-06-13T05:43:21.165055+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "d03d3f35-c156-4321-97ea-a20edaecf1fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47673", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17441", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47673\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16.\n\ud83d\udccf Published: 2025-05-23T12:43:20.166Z\n\ud83d\udccf Modified: 2025-05-23T17:10:56.949Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/arconix-shortcodes/vulnerability/wordpress-arconix-shortcodes-plugin-2-1-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:45:27.000000Z"} 2025-05-23T17:45:27+00:00 https://vulnerability.circl.lu/sighting/11c6409d-5b40-4bb5-97b8-83bc3ff6f71d/export 2026-06-13T05:43:21.164951+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "11c6409d-5b40-4bb5-97b8-83bc3ff6f71d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47672", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17449", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47672\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a through 2.2.2.\n\ud83d\udccf Published: 2025-05-23T12:43:20.654Z\n\ud83d\udccf Modified: 2025-05-23T16:54:57.010Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/miniorange-discord-integration/vulnerability/wordpress-miniorange-discord-integration-2-2-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:48:39.000000Z"} 2025-05-23T17:48:39+00:00 https://vulnerability.circl.lu/sighting/b1f3023b-4921-495f-99d0-d57d0946d8dd/export 2026-06-13T05:43:21.162894+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "b1f3023b-4921-495f-99d0-d57d0946d8dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47671", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17450", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47671\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0.\n\ud83d\udccf Published: 2025-05-23T12:43:21.167Z\n\ud83d\udccf Modified: 2025-05-23T16:44:08.118Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/binary-mlm-plan/vulnerability/wordpress-binary-mlm-plan-3-0-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T17:48:48.000000Z"} 2025-05-23T17:48:48+00:00