https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 30 Jun 2026 14:08:58 +0000 https://vulnerability.circl.lu/sighting/0d508f68-3882-438d-b208-fadb8b1d59b7/export {"uuid": "0d508f68-3882-438d-b208-fadb8b1d59b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32786", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4th3y4tlov2", "content": "", "creation_timestamp": "2025-11-04T21:11:00.060669Z"} {"uuid": "0d508f68-3882-438d-b208-fadb8b1d59b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32786", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4th3y4tlov2", "content": "", "creation_timestamp": "2025-11-04T21:11:00.060669Z"} https://vulnerability.circl.lu/sighting/0d508f68-3882-438d-b208-fadb8b1d59b7/export Tue, 04 Nov 2025 21:11:00 +0000 https://vulnerability.circl.lu/sighting/3642421f-f5e3-468e-85b5-84e354b5d7e9/export {"uuid": "3642421f-f5e3-468e-85b5-84e354b5d7e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32788", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13456", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32788\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.\n\ud83d\udccf Published: 2025-04-22T17:14:39.690Z\n\ud83d\udccf Modified: 2025-04-25T16:03:30.506Z\n\ud83d\udd17 References:\n1. https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x\n2. https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2", "creation_timestamp": "2025-04-25T16:07:12.000000Z"} {"uuid": "3642421f-f5e3-468e-85b5-84e354b5d7e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32788", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13456", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32788\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.\n\ud83d\udccf Published: 2025-04-22T17:14:39.690Z\n\ud83d\udccf Modified: 2025-04-25T16:03:30.506Z\n\ud83d\udd17 References:\n1. https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x\n2. https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2", "creation_timestamp": "2025-04-25T16:07:12.000000Z"} https://vulnerability.circl.lu/sighting/3642421f-f5e3-468e-85b5-84e354b5d7e9/export Fri, 25 Apr 2025 16:07:12 +0000 https://vulnerability.circl.lu/sighting/c5332be1-ca44-4e71-8cce-ebbc27fc2cad/export {"uuid": "c5332be1-ca44-4e71-8cce-ebbc27fc2cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://t.me/cvedetector/23369", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3278 - \"UrbanGo Membership Plugin Privilege Escalation Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-3278 \nPublished : April 19, 2025, 3:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T06:47:42.000000Z"} {"uuid": "c5332be1-ca44-4e71-8cce-ebbc27fc2cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://t.me/cvedetector/23369", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3278 - \"UrbanGo Membership Plugin Privilege Escalation Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-3278 \nPublished : April 19, 2025, 3:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T06:47:42.000000Z"} https://vulnerability.circl.lu/sighting/c5332be1-ca44-4e71-8cce-ebbc27fc2cad/export Sat, 19 Apr 2025 06:47:42 +0000 https://vulnerability.circl.lu/sighting/9580565f-022d-464a-ac5a-868142cf838f/export {"uuid": "9580565f-022d-464a-ac5a-868142cf838f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114363053490062654", "content": "", "creation_timestamp": "2025-04-19T05:48:30.453443Z"} {"uuid": "9580565f-022d-464a-ac5a-868142cf838f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114363053490062654", "content": "", "creation_timestamp": "2025-04-19T05:48:30.453443Z"} https://vulnerability.circl.lu/sighting/9580565f-022d-464a-ac5a-868142cf838f/export Sat, 19 Apr 2025 05:48:30 +0000 https://vulnerability.circl.lu/sighting/8dca4d12-b9f7-47f3-af86-f814447e84a7/export {"uuid": "8dca4d12-b9f7-47f3-af86-f814447e84a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln55ovm2zmo2", "content": "", "creation_timestamp": "2025-04-19T03:06:50.565960Z"} {"uuid": "8dca4d12-b9f7-47f3-af86-f814447e84a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln55ovm2zmo2", "content": "", "creation_timestamp": "2025-04-19T03:06:50.565960Z"} https://vulnerability.circl.lu/sighting/8dca4d12-b9f7-47f3-af86-f814447e84a7/export Sat, 19 Apr 2025 03:06:50 +0000 https://vulnerability.circl.lu/sighting/e3baf786-bebe-489b-af6c-7e08c0874c68/export {"uuid": "e3baf786-bebe-489b-af6c-7e08c0874c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12559", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3278\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.\n\ud83d\udccf Published: 2025-04-19T02:22:33.746Z\n\ud83d\udccf Modified: 2025-04-19T02:22:33.746Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve\n2. https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624", "creation_timestamp": "2025-04-19T02:59:07.000000Z"} {"uuid": "e3baf786-bebe-489b-af6c-7e08c0874c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3278", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12559", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3278\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.\n\ud83d\udccf Published: 2025-04-19T02:22:33.746Z\n\ud83d\udccf Modified: 2025-04-19T02:22:33.746Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve\n2. https://themeforest.net/item/urbango-directory-and-listing-wordpress-theme/22712624", "creation_timestamp": "2025-04-19T02:59:07.000000Z"} https://vulnerability.circl.lu/sighting/e3baf786-bebe-489b-af6c-7e08c0874c68/export Sat, 19 Apr 2025 02:59:07 +0000 https://vulnerability.circl.lu/sighting/4001d9fd-4ed4-49a7-a182-f0369c060456/export {"uuid": "4001d9fd-4ed4-49a7-a182-f0369c060456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32787", "type": "seen", "source": "https://t.me/cvedetector/23206", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32787 - SoftEtherVPN NULL Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-32787 \nPublished : April 16, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:44.000000Z"} {"uuid": "4001d9fd-4ed4-49a7-a182-f0369c060456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32787", "type": "seen", "source": "https://t.me/cvedetector/23206", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32787 - SoftEtherVPN NULL Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-32787 \nPublished : April 16, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:44.000000Z"} https://vulnerability.circl.lu/sighting/4001d9fd-4ed4-49a7-a182-f0369c060456/export Thu, 17 Apr 2025 02:06:44 +0000 https://vulnerability.circl.lu/sighting/98db5ca1-11d2-4fee-9ef8-b81301b02dd3/export {"uuid": "98db5ca1-11d2-4fee-9ef8-b81301b02dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32783", "type": "seen", "source": "https://t.me/cvedetector/23205", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32783 - XWiki Platform Cross-Site Information Disclosure\", \n \"Content\": \"CVE ID : CVE-2025-32783 \nPublished : April 16, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting \"Prevent unregistered users to view pages\" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to \"everyone\" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private. This issue will not be patched as Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. A workaround for this issue involves keeping Message Stream disabled by default. It's advised to keep it disabled from Administration > Social > Message Stream. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:43.000000Z"} {"uuid": "98db5ca1-11d2-4fee-9ef8-b81301b02dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32783", "type": "seen", "source": "https://t.me/cvedetector/23205", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32783 - XWiki Platform Cross-Site Information Disclosure\", \n \"Content\": \"CVE ID : CVE-2025-32783 \nPublished : April 16, 2025, 10:15 p.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting \"Prevent unregistered users to view pages\" in the Administrations Rights. The vulnerability is that any message sent in a subwiki to \"everyone\" is actually sent to the farm: any visitor of the main wiki will be able to see that message through the Dashboard, even if the subwiki is configured to be private. This issue will not be patched as Message Stream has been deprecated in XWiki 16.8.0RC1 and is not maintained anymore. A workaround for this issue involves keeping Message Stream disabled by default. It's advised to keep it disabled from Administration > Social > Message Stream. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"17 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T02:06:43.000000Z"} https://vulnerability.circl.lu/sighting/98db5ca1-11d2-4fee-9ef8-b81301b02dd3/export Thu, 17 Apr 2025 02:06:43 +0000 https://vulnerability.circl.lu/sighting/a6510343-1743-4749-bc23-aead162be361/export {"uuid": "a6510343-1743-4749-bc23-aead162be361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32789", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo5ctc2i24", "content": "", "creation_timestamp": "2025-04-16T22:44:22.351825Z"} {"uuid": "a6510343-1743-4749-bc23-aead162be361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32789", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo5ctc2i24", "content": "", "creation_timestamp": "2025-04-16T22:44:22.351825Z"} https://vulnerability.circl.lu/sighting/a6510343-1743-4749-bc23-aead162be361/export Wed, 16 Apr 2025 22:44:22 +0000 https://vulnerability.circl.lu/sighting/b0799cd1-8142-4e41-bcd5-82bfb89ee7bd/export {"uuid": "b0799cd1-8142-4e41-bcd5-82bfb89ee7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32783", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo5clxcv2q", "content": "", "creation_timestamp": "2025-04-16T22:44:21.078326Z"} {"uuid": "b0799cd1-8142-4e41-bcd5-82bfb89ee7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32783", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmxo5clxcv2q", "content": "", "creation_timestamp": "2025-04-16T22:44:21.078326Z"} https://vulnerability.circl.lu/sighting/b0799cd1-8142-4e41-bcd5-82bfb89ee7bd/export Wed, 16 Apr 2025 22:44:21 +0000