https://vulnerability.circl.lu/sightings/feed 2026-05-09T04:00:23.714059+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/2d95d84e-7676-4902-b407-f474f5a22704/export 2026-05-09T04:00:23.872754+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "2d95d84e-7676-4902-b407-f474f5a22704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31837", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3llr5w27dcr2u", "content": "", "creation_timestamp": "2025-04-01T15:12:45.713807Z"} 2025-04-01T15:12:45.713807+00:00 https://vulnerability.circl.lu/sighting/6f36cf4f-66fc-4a4f-b5ca-5e4f778c6a05/export 2026-05-09T04:00:23.872688+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "6f36cf4f-66fc-4a4f-b5ca-5e4f778c6a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31839", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9964", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31839\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts allows Cross Site Request Forgery. This issue affects DN Footer Contacts: from n/a through 1.8.\n\ud83d\udccf Published: 2025-04-01T14:51:54.448Z\n\ud83d\udccf Modified: 2025-04-01T18:20:29.909Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/dn-footer-contacts/vulnerability/wordpress-footer-contacts-bar-plugin-1-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T18:32:40.000000Z"} 2025-04-01T18:32:40+00:00 https://vulnerability.circl.lu/sighting/9f4534a1-ef34-4ae3-8ea0-2226f0a9bb55/export 2026-05-09T04:00:23.872620+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "9f4534a1-ef34-4ae3-8ea0-2226f0a9bb55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31832", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9994", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31832\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector allows Retrieve Embedded Sensitive Data. This issue affects ACF City Selector: from n/a through 1.16.0.\n\ud83d\udccf Published: 2025-04-01T14:51:50.752Z\n\ud83d\udccf Modified: 2025-04-01T19:12:07.547Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/acf-city-selector/vulnerability/wordpress-acf-city-selector-plugin-1-16-0-sensitive-data-exposure-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:33.000000Z"} 2025-04-01T19:32:33+00:00 https://vulnerability.circl.lu/sighting/dcaeae3e-3ce1-4783-886b-3d3dfe6b5c4c/export 2026-05-09T04:00:23.872550+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "dcaeae3e-3ce1-4783-886b-3d3dfe6b5c4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31833", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9996", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31833\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: Authorization Bypass Through User-Controlled Key vulnerability in themeglow JobBoard Job listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBoard Job listing: from n/a through 1.2.7.\n\ud83d\udccf Published: 2025-04-01T14:51:51.275Z\n\ud83d\udccf Modified: 2025-04-01T19:02:54.212Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/job-board-light/vulnerability/wordpress-jobboard-job-listing-plugin-plugin-1-2-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:34.000000Z"} 2025-04-01T19:32:34+00:00 https://vulnerability.circl.lu/sighting/3b53ac7e-3311-4613-b0e9-60a1f4f69247/export 2026-05-09T04:00:23.872481+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "3b53ac7e-3311-4613-b0e9-60a1f4f69247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31834", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9997", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31834\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in themeglow JobBoard Job listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBoard Job listing: from n/a through 1.2.7.\n\ud83d\udccf Published: 2025-04-01T14:51:51.781Z\n\ud83d\udccf Modified: 2025-04-01T19:01:52.490Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/job-board-light/vulnerability/wordpress-jobboard-job-listing-plugin-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:38.000000Z"} 2025-04-01T19:32:38+00:00 https://vulnerability.circl.lu/sighting/cfcbb249-36bd-4ba1-9467-caebabc3b5c7/export 2026-05-09T04:00:23.872408+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "cfcbb249-36bd-4ba1-9467-caebabc3b5c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31835", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9998", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31835\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brice Capobianco WP Plugin Info Card allows DOM-Based XSS. This issue affects WP Plugin Info Card: from n/a through 5.2.5.\n\ud83d\udccf Published: 2025-04-01T14:51:52.302Z\n\ud83d\udccf Modified: 2025-04-01T18:59:25.525Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-plugin-info-card/vulnerability/wordpress-wp-plugin-info-card-plugin-5-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:39.000000Z"} 2025-04-01T19:32:39+00:00 https://vulnerability.circl.lu/sighting/fc2afc44-4c9c-4971-97ee-d9718cc42cbf/export 2026-05-09T04:00:23.872329+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "fc2afc44-4c9c-4971-97ee-d9718cc42cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31836", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10000", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31836\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in matthewrubin Review Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Review Manager: from n/a through 2.2.0.\n\ud83d\udccf Published: 2025-04-01T14:51:52.810Z\n\ud83d\udccf Modified: 2025-04-01T18:55:38.149Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/review-manager/vulnerability/wordpress-review-manager-plugin-2-2-0-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:41.000000Z"} 2025-04-01T19:32:41+00:00 https://vulnerability.circl.lu/sighting/b17f305a-395f-46c0-a4bb-efc4f7a50656/export 2026-05-09T04:00:23.872246+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "b17f305a-395f-46c0-a4bb-efc4f7a50656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3183", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10362", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3183\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.\n\ud83d\udccf Published: 2025-04-03T22:00:16.394Z\n\ud83d\udccf Modified: 2025-04-03T22:00:16.394Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.303142\n2. https://vuldb.com/?ctiid.303142\n3. https://vuldb.com/?submit.543843\n4. https://github.com/p1026/CVE/issues/17", "creation_timestamp": "2025-04-03T22:36:00.000000Z"} 2025-04-03T22:36:00+00:00 https://vulnerability.circl.lu/sighting/58d963cc-1421-4570-a11f-c69a8c9c35f6/export 2026-05-09T04:00:23.872143+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "58d963cc-1421-4570-a11f-c69a8c9c35f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3183", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llxactzfp226", "content": "", "creation_timestamp": "2025-04-04T01:11:47.013441Z"} 2025-04-04T01:11:47.013441+00:00 https://vulnerability.circl.lu/sighting/35ff22bf-fbb6-4559-8084-208eddabbf27/export 2026-05-09T04:00:23.868614+00:00 Automation user http://cve.circl.lu/user/automation {"uuid": "35ff22bf-fbb6-4559-8084-208eddabbf27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3183", "type": "seen", "source": "https://t.me/cvedetector/22038", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3183 - Projectworlds Online Doctor Appointment Booking System SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3183 \nPublished : April 3, 2025, 10:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T02:06:57.000000Z"} 2025-04-04T02:06:57+00:00