https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 21 Jun 2026 17:23:45 +0000 https://vulnerability.circl.lu/sighting/48846f74-ff4d-408e-bc49-f02cd0fab9ce/export {"uuid": "48846f74-ff4d-408e-bc49-f02cd0fab9ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "seen", "source": "https://t.me/NinjaSec/300", "content": "Code execution, bypasses, and exploits \u2014 again, for educational purposes only:\n\n\n26. CVE-2025-12359 \u2013 RCE via unsafe deserialization in REST API (CVSS 9.4)\n27. CVE-2025-12360 \u2013 XSS in Admin Dashboard plugin (CVSS 7.6)\n28. CVE-2025-12361 \u2013 Remote file inclusion in CMS plugin (CVSS 8.9)\n29. CVE-2025-12362 \u2013 Logic flaw in session handler exposes tokens (CVSS 7.5)\n30. CVE-2025-12363 \u2013 RCE in PDF conversion tool via crafted input (CVSS 9.5)\n31. CVE-2025-12364 \u2013 Auth bypass in Single Sign-On service (CVSS 9.1)\n32. CVE-2025-12365 \u2013 LFI in backup module of web control panel (CVSS 8.6)\n33. CVE-2025-12366 \u2013 CSRF on firewall config panel (CVSS 8.0)\n34. CVE-2025-12367 \u2013 SSRF in metadata parser allows internal access (CVSS 9.0)\n35. CVE-2025-12368 \u2013 SQLi in search API of project management tool (CVSS 8.2)\n36. CVE-2025-12369 \u2013 Improper permission checks in job scheduler (CVSS 8.5)\n37. CVE-2025-12370 \u2013 Open redirect leads to phishing vector (CVSS 6.5)\n38. CVE-2025-12371 \u2013 DoS via XML bomb in document parser (CVSS 7.9)\n39. CVE-2025-12372 \u2013 Directory traversal in logs endpoint (CVSS 8.1)\n40. CVE-2025-12373 \u2013 Memory leak in image rendering library (CVSS 6.9)\n41. CVE-2025-12374 \u2013 Hardcoded credentials in IoT config interface (CVSS 9.0)\n42. CVE-2025-12375 \u2013 Insecure update mechanism in desktop agent (CVSS 9.3)\n43. CVE-2025-12376 \u2013 Path traversal in zip archive handler (CVSS 8.7)\n44. CVE-2025-12377 \u2013 Race condition in file uploader logic (CVSS 7.8)\n45. CVE-2025-12378 \u2013 Java deserialization bug in SOAP API (CVSS 9.2)\n46. CVE-2025-12379 \u2013 JWT token forgery via alg=none trick (CVSS 8.8)\n47. CVE-2025-12380 \u2013 CORS misconfig allows cross-origin token theft (CVSS 8.5)\n48. CVE-2025-12381 \u2013 Exploitable crash in media encoder (CVSS 7.0)\n49. CVE-2025-12382 \u2013 Server misconfig allows upload of executables (CVSS 8.6)\n50. CVE-2025-12383 \u2013 LDAP injection in auth form (CVSS 8.9)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"} {"uuid": "48846f74-ff4d-408e-bc49-f02cd0fab9ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "seen", "source": "https://t.me/NinjaSec/300", "content": "Code execution, bypasses, and exploits \u2014 again, for educational purposes only:\n\n\n26. CVE-2025-12359 \u2013 RCE via unsafe deserialization in REST API (CVSS 9.4)\n27. CVE-2025-12360 \u2013 XSS in Admin Dashboard plugin (CVSS 7.6)\n28. CVE-2025-12361 \u2013 Remote file inclusion in CMS plugin (CVSS 8.9)\n29. CVE-2025-12362 \u2013 Logic flaw in session handler exposes tokens (CVSS 7.5)\n30. CVE-2025-12363 \u2013 RCE in PDF conversion tool via crafted input (CVSS 9.5)\n31. CVE-2025-12364 \u2013 Auth bypass in Single Sign-On service (CVSS 9.1)\n32. CVE-2025-12365 \u2013 LFI in backup module of web control panel (CVSS 8.6)\n33. CVE-2025-12366 \u2013 CSRF on firewall config panel (CVSS 8.0)\n34. CVE-2025-12367 \u2013 SSRF in metadata parser allows internal access (CVSS 9.0)\n35. CVE-2025-12368 \u2013 SQLi in search API of project management tool (CVSS 8.2)\n36. CVE-2025-12369 \u2013 Improper permission checks in job scheduler (CVSS 8.5)\n37. CVE-2025-12370 \u2013 Open redirect leads to phishing vector (CVSS 6.5)\n38. CVE-2025-12371 \u2013 DoS via XML bomb in document parser (CVSS 7.9)\n39. CVE-2025-12372 \u2013 Directory traversal in logs endpoint (CVSS 8.1)\n40. CVE-2025-12373 \u2013 Memory leak in image rendering library (CVSS 6.9)\n41. CVE-2025-12374 \u2013 Hardcoded credentials in IoT config interface (CVSS 9.0)\n42. CVE-2025-12375 \u2013 Insecure update mechanism in desktop agent (CVSS 9.3)\n43. CVE-2025-12376 \u2013 Path traversal in zip archive handler (CVSS 8.7)\n44. CVE-2025-12377 \u2013 Race condition in file uploader logic (CVSS 7.8)\n45. CVE-2025-12378 \u2013 Java deserialization bug in SOAP API (CVSS 9.2)\n46. CVE-2025-12379 \u2013 JWT token forgery via alg=none trick (CVSS 8.8)\n47. CVE-2025-12380 \u2013 CORS misconfig allows cross-origin token theft (CVSS 8.5)\n48. CVE-2025-12381 \u2013 Exploitable crash in media encoder (CVSS 7.0)\n49. CVE-2025-12382 \u2013 Server misconfig allows upload of executables (CVSS 8.6)\n50. CVE-2025-12383 \u2013 LDAP injection in auth form (CVSS 8.9)\n\n#HackersFactory", "creation_timestamp": "2025-05-07T15:48:27.000000Z"} https://vulnerability.circl.lu/sighting/48846f74-ff4d-408e-bc49-f02cd0fab9ce/export Wed, 07 May 2025 15:48:27 +0000 https://vulnerability.circl.lu/sighting/bab89a6a-9fb0-4c5f-9dbe-06f1bc96357f/export {"uuid": "bab89a6a-9fb0-4c5f-9dbe-06f1bc96357f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "published-proof-of-concept", "source": "Telegram/51hy6eeB0OX5Oi4WYV6NJVEVeitRj2FXamGCe71U1ruORGw", "content": "", "creation_timestamp": "2026-01-10T15:00:50.000000Z"} {"uuid": "bab89a6a-9fb0-4c5f-9dbe-06f1bc96357f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "published-proof-of-concept", "source": "Telegram/51hy6eeB0OX5Oi4WYV6NJVEVeitRj2FXamGCe71U1ruORGw", "content": "", "creation_timestamp": "2026-01-10T15:00:50.000000Z"} https://vulnerability.circl.lu/sighting/bab89a6a-9fb0-4c5f-9dbe-06f1bc96357f/export Sat, 10 Jan 2026 15:00:50 +0000 https://vulnerability.circl.lu/sighting/11f879bf-5207-4517-969c-88945910d434/export {"uuid": "11f879bf-5207-4517-969c-88945910d434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mc3kb27i5l2u", "content": "", "creation_timestamp": "2026-01-10T17:34:33.372407Z"} {"uuid": "11f879bf-5207-4517-969c-88945910d434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mc3kb27i5l2u", "content": "", "creation_timestamp": "2026-01-10T17:34:33.372407Z"} https://vulnerability.circl.lu/sighting/11f879bf-5207-4517-969c-88945910d434/export Sat, 10 Jan 2026 17:34:33 +0000 https://vulnerability.circl.lu/sighting/0cd86e61-4fb7-4d59-9205-dc85d66208cb/export {"uuid": "0cd86e61-4fb7-4d59-9205-dc85d66208cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "seen", "source": "https://gist.github.com/Darkcrai86/144a39b2375a676f607eca8d3d08ed2f", "content": "", "creation_timestamp": "2026-01-12T08:32:33.000000Z"} {"uuid": "0cd86e61-4fb7-4d59-9205-dc85d66208cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-12379", "type": "seen", "source": "https://gist.github.com/Darkcrai86/144a39b2375a676f607eca8d3d08ed2f", "content": "", "creation_timestamp": "2026-01-12T08:32:33.000000Z"} https://vulnerability.circl.lu/sighting/0cd86e61-4fb7-4d59-9205-dc85d66208cb/export Mon, 12 Jan 2026 08:32:33 +0000