https://vulnerability.circl.lu/sightings/feed 2026-05-10T02:19:24.277824+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/79ef12cb-31d5-4e0f-bfe7-070c9735e774/export 2026-05-10T02:19:24.460513+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "79ef12cb-31d5-4e0f-bfe7-070c9735e774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30369", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9719", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30369\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1.\n\ud83d\udccf Published: 2025-03-31T16:32:54.301Z\n\ud83d\udccf Modified: 2025-03-31T16:32:54.301Z\n\ud83d\udd17 References:\n1. https://github.com/zulip/zulip/security/advisories/GHSA-fcgx-q63f-7gw4", "creation_timestamp": "2025-03-31T17:31:13.000000Z"} 2025-03-31T17:31:13+00:00 https://vulnerability.circl.lu/sighting/8385ab11-1c74-49bc-831d-89dcd37b6e34/export 2026-05-10T02:19:24.460356+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "8385ab11-1c74-49bc-831d-89dcd37b6e34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30368\n\ud83d\udd25 CVSS Score: 2.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1.\n\ud83d\udccf Published: 2025-03-31T16:26:48.673Z\n\ud83d\udccf Modified: 2025-03-31T18:59:32.854Z\n\ud83d\udd17 References:\n1. https://github.com/zulip/zulip/security/advisories/GHSA-rmhr-5ffq-qcrc\n2. https://github.com/zulip/zulip/commit/07dcee36b2a34d63429d7a706f880628cf3433df\n3. https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-10-1", "creation_timestamp": "2025-03-31T19:31:09.000000Z"} 2025-03-31T19:31:09+00:00 https://vulnerability.circl.lu/sighting/03aa6999-6f2b-4782-85a7-35625fd8949f/export 2026-05-10T02:19:24.460210+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "03aa6999-6f2b-4782-85a7-35625fd8949f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "seen", "source": "https://t.me/cvedetector/21638", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30368 - Zulip Server Unauthorized Organization Export Deletion\", \n \"Content\": \"CVE ID : CVE-2025-30368 \nPublished : March 31, 2025, 5:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete an export of a different organization. This is fixed in Zulip Server 10.1. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T21:43:20.000000Z"} 2025-03-31T21:43:20+00:00 https://vulnerability.circl.lu/sighting/806b2f23-fd9c-4e25-93c8-da4d07c21297/export 2026-05-10T02:19:24.460053+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "806b2f23-fd9c-4e25-93c8-da4d07c21297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30369", "type": "seen", "source": "https://t.me/cvedetector/21639", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30369 - Zulip Server Organization Profile Field Deletion Privilege Escalation\", \n \"Content\": \"CVE ID : CVE-2025-30369 \nPublished : March 31, 2025, 5:15 p.m. | 1\u00a0hour, 48\u00a0minutes ago \nDescription : Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization was incorrectly allowed to delete custom profile fields belonging to a different organization. This is fixed in Zulip Server 10.1. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"31 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T21:43:21.000000Z"} 2025-03-31T21:43:21+00:00 https://vulnerability.circl.lu/sighting/880ef4b0-4d6c-44e3-bfc1-84a894f33644/export 2026-05-10T02:19:24.459872+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "880ef4b0-4d6c-44e3-bfc1-84a894f33644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3036", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9781", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3036\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.\n\ud83d\udccf Published: 2025-03-31T22:00:10.200Z\n\ud83d\udccf Modified: 2025-03-31T22:00:10.200Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.302097\n2. https://vuldb.com/?ctiid.302097\n3. https://vuldb.com/?submit.524630\n4. https://github.com/yzk2356911358/StudentServlet-JSP/issues/2\n5. https://github.com/yzk2356911358/StudentServlet-JSP/issues/2#issue-2937740237", "creation_timestamp": "2025-03-31T22:31:21.000000Z"} 2025-03-31T22:31:21+00:00 https://vulnerability.circl.lu/sighting/0c505876-f783-4c1d-ad39-aa9adf654173/export 2026-05-10T02:19:24.459694+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "0c505876-f783-4c1d-ad39-aa9adf654173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3036", "type": "seen", "source": "https://t.me/cvedetector/21658", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3036 - \"yzk2356911358 StudentServlet-JSP Cross-Site Scripting Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-3036 \nPublished : March 31, 2025, 10:15 p.m. | 51\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T01:54:27.000000Z"} 2025-04-01T01:54:27+00:00 https://vulnerability.circl.lu/sighting/8c5a79a5-f030-4309-8334-cfa6744f35b5/export 2026-05-10T02:19:24.459534+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "8c5a79a5-f030-4309-8334-cfa6744f35b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30360", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpv7jzbovj2", "content": "", "creation_timestamp": "2025-06-03T18:11:11.142704Z"} 2025-06-03T18:11:11.142704+00:00 https://vulnerability.circl.lu/sighting/7c1f81be-8654-4d1e-a701-3bb1e80c0639/export 2026-05-10T02:19:24.459369+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "7c1f81be-8654-4d1e-a701-3bb1e80c0639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30360", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqpxsy6iks2r", "content": "", "creation_timestamp": "2025-06-03T18:56:58.808756Z"} 2025-06-03T18:56:58.808756+00:00 https://vulnerability.circl.lu/sighting/471a60bb-34d5-4a5e-aa50-75b87c272b4e/export 2026-05-10T02:19:24.459170+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "471a60bb-34d5-4a5e-aa50-75b87c272b4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:44.000000Z"} 2025-08-10T18:27:44+00:00 https://vulnerability.circl.lu/sighting/00e698f3-1563-49f0-bd0b-efdc91ee9665/export 2026-05-10T02:19:24.455890+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "00e698f3-1563-49f0-bd0b-efdc91ee9665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30368", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:56.000000Z"} 2025-09-10T07:47:56+00:00