https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 15 Jun 2026 03:45:17 +0000 https://vulnerability.circl.lu/sighting/d299bbe6-d415-4bde-9a81-3bae2aa28dda/export {"uuid": "d299bbe6-d415-4bde-9a81-3bae2aa28dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lga3bq3g6c2m", "content": "", "creation_timestamp": "2025-01-21T05:04:26.326694Z"} {"uuid": "d299bbe6-d415-4bde-9a81-3bae2aa28dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lga3bq3g6c2m", "content": "", "creation_timestamp": "2025-01-21T05:04:26.326694Z"} https://vulnerability.circl.lu/sighting/d299bbe6-d415-4bde-9a81-3bae2aa28dda/export Tue, 21 Jan 2025 05:04:26 +0000 https://vulnerability.circl.lu/sighting/be3e5786-7983-47c9-983f-5adae078d42a/export {"uuid": "be3e5786-7983-47c9-983f-5adae078d42a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lgaxk5jcvd2y", "content": "", "creation_timestamp": "2025-01-21T13:30:10.817218Z"} {"uuid": "be3e5786-7983-47c9-983f-5adae078d42a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lgaxk5jcvd2y", "content": "", "creation_timestamp": "2025-01-21T13:30:10.817218Z"} https://vulnerability.circl.lu/sighting/be3e5786-7983-47c9-983f-5adae078d42a/export Tue, 21 Jan 2025 13:30:10 +0000 https://vulnerability.circl.lu/sighting/693b87c2-b9a5-4623-9e41-27a85f866be4/export {"uuid": "693b87c2-b9a5-4623-9e41-27a85f866be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lgb2pu274w2m", "content": "", "creation_timestamp": "2025-01-21T14:27:03.218211Z"} {"uuid": "693b87c2-b9a5-4623-9e41-27a85f866be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lgb2pu274w2m", "content": "", "creation_timestamp": "2025-01-21T14:27:03.218211Z"} https://vulnerability.circl.lu/sighting/693b87c2-b9a5-4623-9e41-27a85f866be4/export Tue, 21 Jan 2025 14:27:03 +0000 https://vulnerability.circl.lu/sighting/52eebc4c-aec0-4c98-b8a0-c1a5e85a15e0/export {"uuid": "52eebc4c-aec0-4c98-b8a0-c1a5e85a15e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-22146", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lgcrzxzayk2y", "content": "", "creation_timestamp": "2025-01-22T06:56:58.880121Z"} {"uuid": "52eebc4c-aec0-4c98-b8a0-c1a5e85a15e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-22146", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lgcrzxzayk2y", "content": "", "creation_timestamp": "2025-01-22T06:56:58.880121Z"} https://vulnerability.circl.lu/sighting/52eebc4c-aec0-4c98-b8a0-c1a5e85a15e0/export Wed, 22 Jan 2025 06:56:58 +0000 https://vulnerability.circl.lu/sighting/2bd80dc5-3cd5-4144-bdc2-059c53fd822b/export {"uuid": "2bd80dc5-3cd5-4144-bdc2-059c53fd822b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22143", "type": "seen", "source": "Telegram/gbOHN_ydkOD3zE6XmhkH60U-29FsZi5fzq6tIzthLeOsTf1j", "content": "", "creation_timestamp": "2025-02-14T10:09:21.000000Z"} {"uuid": "2bd80dc5-3cd5-4144-bdc2-059c53fd822b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22143", "type": "seen", "source": "Telegram/gbOHN_ydkOD3zE6XmhkH60U-29FsZi5fzq6tIzthLeOsTf1j", "content": "", "creation_timestamp": "2025-02-14T10:09:21.000000Z"} https://vulnerability.circl.lu/sighting/2bd80dc5-3cd5-4144-bdc2-059c53fd822b/export Fri, 14 Feb 2025 10:09:21 +0000 https://vulnerability.circl.lu/sighting/a8a4acfd-5852-455c-bdb0-552f9a26c8a1/export {"uuid": "a8a4acfd-5852-455c-bdb0-552f9a26c8a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22145", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5269", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22145\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6.\n\ud83d\udccf Published: 2025-01-08T20:40:37.545Z\n\ud83d\udccf Modified: 2025-02-25T13:07:45.559Z\n\ud83d\udd17 References:\n1. https://github.com/CarbonPHP/carbon/security/advisories/GHSA-j3f9-p6hm-5w6q\n2. https://github.com/briannesbitt/Carbon/commit/129700ed449b1f02d70272d2ac802357c8c30c58", "creation_timestamp": "2025-02-25T13:23:45.000000Z"} {"uuid": "a8a4acfd-5852-455c-bdb0-552f9a26c8a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22145", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5269", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22145\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6.\n\ud83d\udccf Published: 2025-01-08T20:40:37.545Z\n\ud83d\udccf Modified: 2025-02-25T13:07:45.559Z\n\ud83d\udd17 References:\n1. https://github.com/CarbonPHP/carbon/security/advisories/GHSA-j3f9-p6hm-5w6q\n2. https://github.com/briannesbitt/Carbon/commit/129700ed449b1f02d70272d2ac802357c8c30c58", "creation_timestamp": "2025-02-25T13:23:45.000000Z"} https://vulnerability.circl.lu/sighting/a8a4acfd-5852-455c-bdb0-552f9a26c8a1/export Tue, 25 Feb 2025 13:23:45 +0000 https://vulnerability.circl.lu/sighting/9afe996c-7476-48c0-a3b8-8b57fa61a771/export {"uuid": "9afe996c-7476-48c0-a3b8-8b57fa61a771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2214", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7254", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2214\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-11T23:31:04.357Z\n\ud83d\udccf Modified: 2025-03-11T23:31:04.357Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299285\n2. https://vuldb.com/?ctiid.299285\n3. https://vuldb.com/?submit.512032\n4. https://github.com/Fewword/Poc/blob/main/microweber/mwb-poc1.md", "creation_timestamp": "2025-03-11T23:40:51.000000Z"} {"uuid": "9afe996c-7476-48c0-a3b8-8b57fa61a771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2214", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7254", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2214\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-11T23:31:04.357Z\n\ud83d\udccf Modified: 2025-03-11T23:31:04.357Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299285\n2. https://vuldb.com/?ctiid.299285\n3. https://vuldb.com/?submit.512032\n4. https://github.com/Fewword/Poc/blob/main/microweber/mwb-poc1.md", "creation_timestamp": "2025-03-11T23:40:51.000000Z"} https://vulnerability.circl.lu/sighting/9afe996c-7476-48c0-a3b8-8b57fa61a771/export Tue, 11 Mar 2025 23:40:51 +0000 https://vulnerability.circl.lu/sighting/5f6d1379-8a2f-4fa7-945c-e2fefe18eae6/export {"uuid": "5f6d1379-8a2f-4fa7-945c-e2fefe18eae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22149", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17474", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22149\n\ud83d\udd25 CVSS Score: 2.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N)\n\ud83d\udd39 Description: JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation. The affected auto-caching HTTP client was added in version v0.5.0 and fixed in v0.6.0. The only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the HTTPClientStorageOptions.RefreshInterval to zero (or not specifying the value).\n\ud83d\udccf Published: 2025-01-09T17:22:59.757Z\n\ud83d\udccf Modified: 2025-05-23T19:56:35.937Z\n\ud83d\udd17 References:\n1. https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82\n2. https://github.com/MicahParks/jwkset/issues/40\n3. https://github.com/MicahParks/jwkset/commit/01db49a90f7f20c7fb39a699a2f19a7a5f379ed3", "creation_timestamp": "2025-05-23T20:49:57.000000Z"} {"uuid": "5f6d1379-8a2f-4fa7-945c-e2fefe18eae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22149", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17474", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22149\n\ud83d\udd25 CVSS Score: 2.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N)\n\ud83d\udd39 Description: JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation. The affected auto-caching HTTP client was added in version v0.5.0 and fixed in v0.6.0. The only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the HTTPClientStorageOptions.RefreshInterval to zero (or not specifying the value).\n\ud83d\udccf Published: 2025-01-09T17:22:59.757Z\n\ud83d\udccf Modified: 2025-05-23T19:56:35.937Z\n\ud83d\udd17 References:\n1. https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82\n2. https://github.com/MicahParks/jwkset/issues/40\n3. https://github.com/MicahParks/jwkset/commit/01db49a90f7f20c7fb39a699a2f19a7a5f379ed3", "creation_timestamp": "2025-05-23T20:49:57.000000Z"} https://vulnerability.circl.lu/sighting/5f6d1379-8a2f-4fa7-945c-e2fefe18eae6/export Fri, 23 May 2025 20:49:57 +0000 https://vulnerability.circl.lu/sighting/e38970d5-05d6-4e94-b7ff-2b63b03b6348/export {"uuid": "e38970d5-05d6-4e94-b7ff-2b63b03b6348", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2214", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"} {"uuid": "e38970d5-05d6-4e94-b7ff-2b63b03b6348", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2214", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"} https://vulnerability.circl.lu/sighting/e38970d5-05d6-4e94-b7ff-2b63b03b6348/export Wed, 13 Aug 2025 13:26:34 +0000 https://vulnerability.circl.lu/sighting/4c80ea30-0971-429c-a6b1-59edd0acdffa/export {"uuid": "4c80ea30-0971-429c-a6b1-59edd0acdffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"} {"uuid": "4c80ea30-0971-429c-a6b1-59edd0acdffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22146", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"} https://vulnerability.circl.lu/sighting/4c80ea30-0971-429c-a6b1-59edd0acdffa/export Mon, 01 Sep 2025 13:53:38 +0000