https://vulnerability.circl.lu/sightings/feed 2026-05-08T03:17:18.688305+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/6a29e803-6ae4-44ad-bc67-e4a565a36a75/export 2026-05-08T03:17:18.905089+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "6a29e803-6ae4-44ad-bc67-e4a565a36a75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31415", "type": "seen", "source": "https://t.me/cvedetector/21722", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31415 - YayCommerce YayExtra Missing Authorization Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-31415 \nPublished : April 1, 2025, 6:15 a.m. | 1\u00a0hour, 5\u00a0minutes ago \nDescription : Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T09:26:41.000000Z"} 2025-04-01T09:26:41+00:00 https://vulnerability.circl.lu/sighting/aec90bd0-fa4d-44f2-bbb9-a305d565e029/export 2026-05-08T03:17:18.904980+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "aec90bd0-fa4d-44f2-bbb9-a305d565e029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3141", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10163", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3141\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-04-03T05:00:16.544Z\n\ud83d\udccf Modified: 2025-04-03T05:00:16.544Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303046\n2. https://vuldb.com/?ctiid.303046\n3. https://vuldb.com/?submit.525309\n4. https://github.com/Lena-lyy/SQL/blob/main/SQL2.md\n5. https://www.sourcecodester.com/", "creation_timestamp": "2025-04-03T05:36:30.000000Z"} 2025-04-03T05:36:30+00:00 https://vulnerability.circl.lu/sighting/d2c2562e-e418-4277-94df-a79d26c1ed22/export 2026-05-08T03:17:18.904882+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "d2c2562e-e418-4277-94df-a79d26c1ed22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3141", "type": "seen", "source": "https://t.me/cvedetector/21947", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3141 - SourceCodester Online Medicine Ordering System SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3141 \nPublished : April 3, 2025, 5:15 a.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T09:22:51.000000Z"} 2025-04-03T09:22:51+00:00 https://vulnerability.circl.lu/sighting/d8fcc761-f296-47a0-bcb2-a4cfd7c0fcad/export 2026-05-08T03:17:18.904785+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "d8fcc761-f296-47a0-bcb2-a4cfd7c0fcad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31416", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10440", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31416\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4.\n\ud83d\udccf Published: 2025-04-04T13:21:57.498Z\n\ud83d\udccf Modified: 2025-04-04T13:21:57.498Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/awesome-event-booking/vulnerability/wordpress-awesome-event-booking-plugin-2-8-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:45.000000Z"} 2025-04-04T13:35:45+00:00 https://vulnerability.circl.lu/sighting/931afdd6-b5d1-46dc-ae6f-7249f9379fb8/export 2026-05-08T03:17:18.904690+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "931afdd6-b5d1-46dc-ae6f-7249f9379fb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31418", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10441", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31418\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6.\n\ud83d\udccf Published: 2025-04-04T13:20:48.054Z\n\ud83d\udccf Modified: 2025-04-04T13:20:48.054Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/gravel/vulnerability/wordpress-gravel-theme-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-04T13:35:46.000000Z"} 2025-04-04T13:35:46+00:00 https://vulnerability.circl.lu/sighting/bbf3cec4-a5ee-49b5-b0ce-ab3e199c64b4/export 2026-05-08T03:17:18.904588+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "bbf3cec4-a5ee-49b5-b0ce-ab3e199c64b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31418", "type": "seen", "source": "https://t.me/cvedetector/22133", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31418 - Noonnoo Gravel Cross-site Scripting\", \n \"Content\": \"CVE ID : CVE-2025-31418 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:20.000000Z"} 2025-04-04T18:01:20+00:00 https://vulnerability.circl.lu/sighting/369275f7-b64e-45df-93a6-34895821f695/export 2026-05-08T03:17:18.904452+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "369275f7-b64e-45df-93a6-34895821f695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31416", "type": "seen", "source": "https://t.me/cvedetector/22137", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31416 - Awesome Event Booking Cross-site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-31416 \nPublished : April 4, 2025, 2:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T18:01:24.000000Z"} 2025-04-04T18:01:24+00:00 https://vulnerability.circl.lu/sighting/e07fc103-e55d-4624-8e40-98db1141cdca/export 2026-05-08T03:17:18.904348+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "e07fc103-e55d-4624-8e40-98db1141cdca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31411", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11220", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31411\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12.\n\ud83d\udccf Published: 2025-04-10T10:16:12.191Z\n\ud83d\udccf Modified: 2025-04-10T10:16:12.191Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/linet-erp-woocommerce-integration/vulnerability/wordpress-linet-erp-woocommerce-integration-plugin-3-5-12-arbitrary-file-read-deletion-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-10T10:49:19.000000Z"} 2025-04-10T10:49:19+00:00 https://vulnerability.circl.lu/sighting/84945cd5-d642-428d-9fcf-e122c91433c2/export 2026-05-08T03:17:18.904208+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "84945cd5-d642-428d-9fcf-e122c91433c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31411", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmhfsn62bd2h", "content": "", "creation_timestamp": "2025-04-10T11:32:41.881201Z"} 2025-04-10T11:32:41.881201+00:00 https://vulnerability.circl.lu/sighting/02ef3218-5d6f-424b-a6c2-a78da9bae0ae/export 2026-05-08T03:17:18.901319+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "02ef3218-5d6f-424b-a6c2-a78da9bae0ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31411", "type": "seen", "source": "https://t.me/cvedetector/22652", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-31411 - Linet ERP-Woocommerce Integration Path Traversal\", \n \"Content\": \"CVE ID : CVE-2025-31411 \nPublished : April 10, 2025, 11:15 a.m. | 1\u00a0hour, 55\u00a0minutes ago \nDescription : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"10 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-10T15:21:47.000000Z"} 2025-04-10T15:21:47+00:00