https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 29 May 2026 14:38:04 +0000 https://vulnerability.circl.lu/sighting/9a6dec3e-fb2a-4eea-aa5c-e25c9281f0bd/export {"uuid": "9a6dec3e-fb2a-4eea-aa5c-e25c9281f0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0461", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpnkhwfnx2h", "content": "", "creation_timestamp": "2025-01-14T16:16:08.168129Z"} {"uuid": "9a6dec3e-fb2a-4eea-aa5c-e25c9281f0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0461", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpnkhwfnx2h", "content": "", "creation_timestamp": "2025-01-14T16:16:08.168129Z"} https://vulnerability.circl.lu/sighting/9a6dec3e-fb2a-4eea-aa5c-e25c9281f0bd/export Tue, 14 Jan 2025 16:16:08 +0000 https://vulnerability.circl.lu/sighting/bde7d9de-ffdd-4e13-9579-dd9c4ba6f769/export {"uuid": "bde7d9de-ffdd-4e13-9579-dd9c4ba6f769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0461", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1507", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-0461\n\ud83d\udd39 Description: A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-14T16:00:19.736Z\n\ud83d\udccf Modified: 2025-01-14T16:00:19.736Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.291478\n2. https://vuldb.com/?ctiid.291478\n3. https://vuldb.com/?submit.474252\n4. https://github.com/BxYQ/ld/blob/main/downloadSocialPromotionQrcode_fileread.doc", "creation_timestamp": "2025-01-14T16:18:11.000000Z"} {"uuid": "bde7d9de-ffdd-4e13-9579-dd9c4ba6f769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0461", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1507", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-0461\n\ud83d\udd39 Description: A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-01-14T16:00:19.736Z\n\ud83d\udccf Modified: 2025-01-14T16:00:19.736Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.291478\n2. https://vuldb.com/?ctiid.291478\n3. https://vuldb.com/?submit.474252\n4. https://github.com/BxYQ/ld/blob/main/downloadSocialPromotionQrcode_fileread.doc", "creation_timestamp": "2025-01-14T16:18:11.000000Z"} https://vulnerability.circl.lu/sighting/bde7d9de-ffdd-4e13-9579-dd9c4ba6f769/export Tue, 14 Jan 2025 16:18:11 +0000 https://vulnerability.circl.lu/sighting/bf17ec3b-a34e-4aed-81dd-2970be34595f/export {"uuid": "bf17ec3b-a34e-4aed-81dd-2970be34595f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0461", "type": "seen", "source": "https://t.me/cvedetector/15294", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-0461 - \"Lingdang CRM Path Traversal Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-0461 \nPublished : Jan. 14, 2025, 4:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"14 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T18:10:58.000000Z"} {"uuid": "bf17ec3b-a34e-4aed-81dd-2970be34595f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0461", "type": "seen", "source": "https://t.me/cvedetector/15294", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-0461 - \"Lingdang CRM Path Traversal Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2025-0461 \nPublished : Jan. 14, 2025, 4:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"14 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-14T18:10:58.000000Z"} https://vulnerability.circl.lu/sighting/bf17ec3b-a34e-4aed-81dd-2970be34595f/export Tue, 14 Jan 2025 18:10:58 +0000