https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 05:09:56 +0000 https://vulnerability.circl.lu/sighting/68ac483c-5ec3-40d0-80ea-1e48255efb4b/export {"uuid": "68ac483c-5ec3-40d0-80ea-1e48255efb4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-50870", "type": "seen", "source": "https://t.me/bhhub/866", "content": "\u201cFresh Carnage\u201d \u2014 New Critical CVEs of the Week (Never Before Featured)\n\n\ud83e\uddec CVE-2025-50472 \u2013 Command Injection via Payload Parser\n\nCVSS: 9.8\nA flaw in how a core component parses external inputs lets attackers execute arbitrary system commands. Triggered via network \u2014 perfect for worms.\n\n\ud83e\uddef CVE-2025-54574 \u2013 Auth Bypass in Embedded Auth Module\n\nCVSS: 9.3 | AI Score: 8.5\nImproper input validation enables remote attackers to bypass login gates and access admin functionality. Expect this in IoT and router exploits.\n\n\ud83d\uddc2 CVE-2025-50870 \u2013 Memory Corruption in XML Parser\n\nCVSS: 9.8\nAnother parser bites the dust \u2014 this one chokes on malformed markup, allowing full compromise via crafted XML. Happens quietly during automated processing.\n\n\ud83e\uddde CVE-2025-5954 \u2013 Untrusted Input in Dynamic Eval Context\n\nCVSS: 9.8\nDynamic code evaluation fed with unsanitized input? You know how this ends. Attackers can inject logic, spawn shells, or pivot laterally.\n\n\ud83d\udef0 CVE-2025-8426 \u2013 Remote Buffer Overflow in Packet Handler\n\nCVSS: 9.4 | AI Score: 9.0\nThe kind of bug attackers love: network-exposed, unauthenticated, and trivially overflowed. One bad packet is all it takes.\n\n@bhhub", "creation_timestamp": "2025-08-10T17:27:27.000000Z"} {"uuid": "68ac483c-5ec3-40d0-80ea-1e48255efb4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-50870", "type": "seen", "source": "https://t.me/bhhub/866", "content": "\u201cFresh Carnage\u201d \u2014 New Critical CVEs of the Week (Never Before Featured)\n\n\ud83e\uddec CVE-2025-50472 \u2013 Command Injection via Payload Parser\n\nCVSS: 9.8\nA flaw in how a core component parses external inputs lets attackers execute arbitrary system commands. Triggered via network \u2014 perfect for worms.\n\n\ud83e\uddef CVE-2025-54574 \u2013 Auth Bypass in Embedded Auth Module\n\nCVSS: 9.3 | AI Score: 8.5\nImproper input validation enables remote attackers to bypass login gates and access admin functionality. Expect this in IoT and router exploits.\n\n\ud83d\uddc2 CVE-2025-50870 \u2013 Memory Corruption in XML Parser\n\nCVSS: 9.8\nAnother parser bites the dust \u2014 this one chokes on malformed markup, allowing full compromise via crafted XML. Happens quietly during automated processing.\n\n\ud83e\uddde CVE-2025-5954 \u2013 Untrusted Input in Dynamic Eval Context\n\nCVSS: 9.8\nDynamic code evaluation fed with unsanitized input? You know how this ends. Attackers can inject logic, spawn shells, or pivot laterally.\n\n\ud83d\udef0 CVE-2025-8426 \u2013 Remote Buffer Overflow in Packet Handler\n\nCVSS: 9.4 | AI Score: 9.0\nThe kind of bug attackers love: network-exposed, unauthenticated, and trivially overflowed. One bad packet is all it takes.\n\n@bhhub", "creation_timestamp": "2025-08-10T17:27:27.000000Z"} https://vulnerability.circl.lu/sighting/68ac483c-5ec3-40d0-80ea-1e48255efb4b/export Sun, 10 Aug 2025 17:27:27 +0000