<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 08 Jul 2026 11:51:45 +0000</lastBuildDate>
    <item>
      <title>50e2238b-fcce-465c-922d-337053a4b593</title>
      <link>https://vulnerability.circl.lu/sighting/50e2238b-fcce-465c-922d-337053a4b593/export</link>
      <description>{"uuid": "50e2238b-fcce-465c-922d-337053a4b593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://t.me/cvedetector/22750", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2575 - WordPress Z Companion Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2575 \nPublished : April 11, 2025, 12:15 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T16:27:17.000000Z"}</description>
      <content:encoded>{"uuid": "50e2238b-fcce-465c-922d-337053a4b593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://t.me/cvedetector/22750", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2575 - WordPress Z Companion Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2575 \nPublished : April 11, 2025, 12:15 p.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T16:27:17.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/50e2238b-fcce-465c-922d-337053a4b593/export</guid>
      <pubDate>Fri, 11 Apr 2025 16:27:17 +0000</pubDate>
    </item>
    <item>
      <title>467c3ec0-e6f0-4f3b-8b8b-19a0ae8d99e3</title>
      <link>https://vulnerability.circl.lu/sighting/467c3ec0-e6f0-4f3b-8b8b-19a0ae8d99e3/export</link>
      <description>{"uuid": "467c3ec0-e6f0-4f3b-8b8b-19a0ae8d99e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdybqlrg2g", "content": "", "creation_timestamp": "2025-04-11T15:37:56.845986Z"}</description>
      <content:encoded>{"uuid": "467c3ec0-e6f0-4f3b-8b8b-19a0ae8d99e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdybqlrg2g", "content": "", "creation_timestamp": "2025-04-11T15:37:56.845986Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/467c3ec0-e6f0-4f3b-8b8b-19a0ae8d99e3/export</guid>
      <pubDate>Fri, 11 Apr 2025 15:37:56 +0000</pubDate>
    </item>
    <item>
      <title>3783fb9f-4f4a-4423-a501-4b28832f8118</title>
      <link>https://vulnerability.circl.lu/sighting/3783fb9f-4f4a-4423-a501-4b28832f8118/export</link>
      <description>{"uuid": "3783fb9f-4f4a-4423-a501-4b28832f8118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11414", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2575\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed.\n\ud83d\udccf Published: 2025-04-11T11:11:57.129Z\n\ud83d\udccf Modified: 2025-04-11T11:11:57.129Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f7bba4-76c3-4904-bd96-2074147b33f5?source=cve\n2. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/importer/wxr-importer.php#L149\n3. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/importer/wxr-importer.php#L63\n4. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/inc/importer.php#L148\n5. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/inc/importer.php#L62\n6. https://wordpress.org/plugins/z-companion/#developers\n7. https://plugins.trac.wordpress.org/changeset/3270130/", "creation_timestamp": "2025-04-11T11:50:43.000000Z"}</description>
      <content:encoded>{"uuid": "3783fb9f-4f4a-4423-a501-4b28832f8118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2575", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11414", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2575\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed.\n\ud83d\udccf Published: 2025-04-11T11:11:57.129Z\n\ud83d\udccf Modified: 2025-04-11T11:11:57.129Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f7bba4-76c3-4904-bd96-2074147b33f5?source=cve\n2. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/importer/wxr-importer.php#L149\n3. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/importer/wxr-importer.php#L63\n4. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/inc/importer.php#L148\n5. https://plugins.trac.wordpress.org/browser/z-companion/trunk/import/inc/importer.php#L62\n6. https://wordpress.org/plugins/z-companion/#developers\n7. https://plugins.trac.wordpress.org/changeset/3270130/", "creation_timestamp": "2025-04-11T11:50:43.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3783fb9f-4f4a-4423-a501-4b28832f8118/export</guid>
      <pubDate>Fri, 11 Apr 2025 11:50:43 +0000</pubDate>
    </item>
    <item>
      <title>348607ea-36bc-4758-842f-106ada78a079</title>
      <link>https://vulnerability.circl.lu/sighting/348607ea-36bc-4758-842f-106ada78a079/export</link>
      <description>{"uuid": "348607ea-36bc-4758-842f-106ada78a079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25758", "type": "seen", "source": "https://t.me/cvedetector/20772", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25758 - KukuFM Android Backup Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-25758 \nPublished : March 20, 2025, 9:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup=\"true\" in the ANdroidManifest.xml \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T00:05:37.000000Z"}</description>
      <content:encoded>{"uuid": "348607ea-36bc-4758-842f-106ada78a079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25758", "type": "seen", "source": "https://t.me/cvedetector/20772", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25758 - KukuFM Android Backup Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-25758 \nPublished : March 20, 2025, 9:15 p.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup=\"true\" in the ANdroidManifest.xml \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T00:05:37.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/348607ea-36bc-4758-842f-106ada78a079/export</guid>
      <pubDate>Fri, 21 Mar 2025 00:05:37 +0000</pubDate>
    </item>
    <item>
      <title>d9922252-6c2a-4e5f-8263-041db04241ce</title>
      <link>https://vulnerability.circl.lu/sighting/d9922252-6c2a-4e5f-8263-041db04241ce/export</link>
      <description>{"uuid": "d9922252-6c2a-4e5f-8263-041db04241ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25759", "type": "seen", "source": "https://t.me/cvedetector/19064", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25759 - SUCMS Directory Traversal and File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25759 \nPublished : Feb. 27, 2025, 3:15 p.m. | 2\u00a0hours, 16\u00a0minutes ago \nDescription : An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T19:15:58.000000Z"}</description>
      <content:encoded>{"uuid": "d9922252-6c2a-4e5f-8263-041db04241ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25759", "type": "seen", "source": "https://t.me/cvedetector/19064", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25759 - SUCMS Directory Traversal and File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25759 \nPublished : Feb. 27, 2025, 3:15 p.m. | 2\u00a0hours, 16\u00a0minutes ago \nDescription : An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T19:15:58.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d9922252-6c2a-4e5f-8263-041db04241ce/export</guid>
      <pubDate>Thu, 27 Feb 2025 19:15:58 +0000</pubDate>
    </item>
    <item>
      <title>74967a5e-992d-471e-af51-5ee413d8bf48</title>
      <link>https://vulnerability.circl.lu/sighting/74967a5e-992d-471e-af51-5ee413d8bf48/export</link>
      <description>{"uuid": "74967a5e-992d-471e-af51-5ee413d8bf48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25759", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6hjfzb2b2y", "content": "", "creation_timestamp": "2025-02-27T17:53:43.015769Z"}</description>
      <content:encoded>{"uuid": "74967a5e-992d-471e-af51-5ee413d8bf48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25759", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6hjfzb2b2y", "content": "", "creation_timestamp": "2025-02-27T17:53:43.015769Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/74967a5e-992d-471e-af51-5ee413d8bf48/export</guid>
      <pubDate>Thu, 27 Feb 2025 17:53:43 +0000</pubDate>
    </item>
    <item>
      <title>9e8d07ce-2cd1-4895-83d9-54c94eab031e</title>
      <link>https://vulnerability.circl.lu/sighting/9e8d07ce-2cd1-4895-83d9-54c94eab031e/export</link>
      <description>{"uuid": "9e8d07ce-2cd1-4895-83d9-54c94eab031e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25759", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5679", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25759\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request.\n\ud83d\udccf Published: 2025-02-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T14:19:09.821Z\n\ud83d\udd17 References:\n1. https://github.com/147536951/Qianyi-learn/blob/main/SUCMS.pdf", "creation_timestamp": "2025-02-27T14:27:09.000000Z"}</description>
      <content:encoded>{"uuid": "9e8d07ce-2cd1-4895-83d9-54c94eab031e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-25759", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5679", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25759\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request.\n\ud83d\udccf Published: 2025-02-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T14:19:09.821Z\n\ud83d\udd17 References:\n1. https://github.com/147536951/Qianyi-learn/blob/main/SUCMS.pdf", "creation_timestamp": "2025-02-27T14:27:09.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9e8d07ce-2cd1-4895-83d9-54c94eab031e/export</guid>
      <pubDate>Thu, 27 Feb 2025 14:27:09 +0000</pubDate>
    </item>
  </channel>
</rss>
