Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-10T04:03:08.072516+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/da472951-fb4b-4b2e-b805-c031bc2faab4/export da472951-fb4b-4b2e-b805-c031bc2faab4 2026-05-10T04:03:08.263461+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "da472951-fb4b-4b2e-b805-c031bc2faab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29993", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9035", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29993\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.\n\ud83d\udccf Published: 2025-03-27T09:06:53.028Z\n\ud83d\udccf Modified: 2025-03-27T09:06:53.028Z\n\ud83d\udd17 References:\n1. https://www.powercms.jp/news/release-powercms-661-528-459.html\n2. https://jvn.jp/en/jp/JVN39026557/", "creation_timestamp": "2025-03-27T09:26:57.000000Z"} 2025-03-27T09:26:57+00:00 https://vulnerability.circl.lu/sighting/7c8df025-2fa9-4c41-9a56-1e96cdc712c4/export 7c8df025-2fa9-4c41-9a56-1e96cdc712c4 2026-05-10T04:03:08.263356+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "7c8df025-2fa9-4c41-9a56-1e96cdc712c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29993", "type": "seen", "source": "https://t.me/cvedetector/21272", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-29993 - PowerCMS HTTP Header Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-29993 \nPublished : March 27, 2025, 10:15 a.m. | 1\u00a0hour, 10\u00a0minutes ago \nDescription : The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-27T12:28:06.000000Z"} 2025-03-27T12:28:06+00:00 https://vulnerability.circl.lu/sighting/bdc0d2fc-f830-4257-a7c4-5f9b03224326/export bdc0d2fc-f830-4257-a7c4-5f9b03224326 2026-05-10T04:03:08.263260+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "bdc0d2fc-f830-4257-a7c4-5f9b03224326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29993", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3llkjloo3l22b", "content": "", "creation_timestamp": "2025-03-29T23:53:04.292162Z"} 2025-03-29T23:53:04.292162+00:00 https://vulnerability.circl.lu/sighting/713ec6bc-5f86-4966-bcfa-aa8f95f4fd6f/export 713ec6bc-5f86-4966-bcfa-aa8f95f4fd6f 2026-05-10T04:03:08.263141+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "713ec6bc-5f86-4966-bcfa-aa8f95f4fd6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2999", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9677", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2999\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-31T14:31:04.982Z\n\ud83d\udccf Modified: 2025-03-31T15:15:18.302Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302048\n2. https://vuldb.com/?ctiid.302048\n3. https://vuldb.com/?submit.524198\n4. https://github.com/pytorch/pytorch/issues/149622\n5. https://github.com/pytorch/pytorch/issues/149622#issue-2935495265", "creation_timestamp": "2025-03-31T15:31:12.000000Z"} 2025-03-31T15:31:12+00:00 https://vulnerability.circl.lu/sighting/2b3a7d7c-d291-481f-8154-a03e17a543d5/export 2b3a7d7c-d291-481f-8154-a03e17a543d5 2026-05-10T04:03:08.263038+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "2b3a7d7c-d291-481f-8154-a03e17a543d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2999", "type": "seen", "source": "https://t.me/cvedetector/21627", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2999 - PyTorch Memory Corruption Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2999 \nPublished : March 31, 2025, 3:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T19:12:38.000000Z"} 2025-03-31T19:12:38+00:00 https://vulnerability.circl.lu/sighting/ddaad11e-3d69-4b41-b41a-a0543d40cffd/export ddaad11e-3d69-4b41-b41a-a0543d40cffd 2026-05-10T04:03:08.262927+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "ddaad11e-3d69-4b41-b41a-a0543d40cffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29991", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10156", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29991\n\ud83d\udd25 CVSS Score: 2.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.\n\ud83d\udccf Published: 2025-04-03T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T02:00:20.791Z\n\ud83d\udd17 References:\n1. https://www.yubico.com/support/security-advisories/ysa-2025-02/", "creation_timestamp": "2025-04-03T02:35:05.000000Z"} 2025-04-03T02:35:05+00:00 https://vulnerability.circl.lu/sighting/a44e61c0-b504-4329-a1c4-6190347308b5/export a44e61c0-b504-4329-a1c4-6190347308b5 2026-05-10T04:03:08.262816+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "a44e61c0-b504-4329-a1c4-6190347308b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29991", "type": "seen", "source": "https://t.me/cvedetector/21941", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-29991 - Yubico YubiKey FIDO CTAP PIN/UV Auth Protocol Two Signature Verification Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-29991 \nPublished : April 3, 2025, 3:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification. \nSeverity: 2.2 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T06:52:24.000000Z"} 2025-04-03T06:52:24+00:00 https://vulnerability.circl.lu/sighting/459a9f34-989f-4b5a-b350-40cd107494cd/export 459a9f34-989f-4b5a-b350-40cd107494cd 2026-05-10T04:03:08.262714+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "459a9f34-989f-4b5a-b350-40cd107494cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29991", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llvdotk6hx2f", "content": "", "creation_timestamp": "2025-04-03T07:06:47.223563Z"} 2025-04-03T07:06:47.223563+00:00 https://vulnerability.circl.lu/sighting/f2266700-3d89-4a2c-9979-3ba54586a0c0/export f2266700-3d89-4a2c-9979-3ba54586a0c0 2026-05-10T04:03:08.262528+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "f2266700-3d89-4a2c-9979-3ba54586a0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29999", "type": "seen", "source": "https://t.me/cvedetector/22442", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-29999 - Siemens License Server (SLS) Path Traversal Arbitrary Code Execution\", \n \"Content\": \"CVE ID : CVE-2025-29999 \nPublished : April 8, 2025, 9:15 a.m. | 2\u00a0hours, 10\u00a0minutes ago \nDescription : A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation. \nThis could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory. \nSeverity: 6.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T13:59:50.000000Z"} 2025-04-08T13:59:50+00:00 https://vulnerability.circl.lu/sighting/313c5fcb-84af-4767-92f7-22b67cabcef0/export 313c5fcb-84af-4767-92f7-22b67cabcef0 2026-05-10T04:03:08.258883+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "313c5fcb-84af-4767-92f7-22b67cabcef0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-29999", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-01", "content": "", "creation_timestamp": "2025-04-10T10:00:00.000000Z"} 2025-04-10T10:00:00+00:00