Most recent sightings.

https://db.gcve.eu/sightings/feed Most recent sightings. 2026-05-23T07:59:12.565185+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/1ea93f46-42ea-443a-b15f-43c266f7643a/export 1ea93f46-42ea-443a-b15f-43c266f7643a 2026-05-23T07:59:12.847239+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "1ea93f46-42ea-443a-b15f-43c266f7643a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22577", "type": "seen", "source": "https://t.me/cvedetector/14563", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22577 - Able Player Cross-site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-22577 \nPublished : Jan. 7, 2025, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Damion Armentrout Able Player allows DOM-Based XSS.This issue affects Able Player: from n/a through 1.0. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T18:03:36.000000Z"} 2025-01-07T18:03:36+00:00 https://db.gcve.eu/sighting/2b3e1c94-e3bf-4590-b43c-c8fcc93bb901/export 2b3e1c94-e3bf-4590-b43c-c8fcc93bb901 2026-05-23T07:59:12.847186+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "2b3e1c94-e3bf-4590-b43c-c8fcc93bb901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22570", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfmwewjhhj2p", "content": "", "creation_timestamp": "2025-01-13T14:16:06.634885Z"} 2025-01-13T14:16:06.634885+00:00 https://db.gcve.eu/sighting/19b76a57-083e-4a98-b539-21faea66bd5b/export 19b76a57-083e-4a98-b539-21faea66bd5b 2026-05-23T07:59:12.847124+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "19b76a57-083e-4a98-b539-21faea66bd5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22576", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfmweyprhj2p", "content": "", "creation_timestamp": "2025-01-13T14:16:08.731558Z"} 2025-01-13T14:16:08.731558+00:00 https://db.gcve.eu/sighting/f1f018eb-8804-4ec1-a830-d68dffeb2c9a/export f1f018eb-8804-4ec1-a830-d68dffeb2c9a 2026-05-23T07:59:12.847066+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "f1f018eb-8804-4ec1-a830-d68dffeb2c9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22576", "type": "seen", "source": "https://t.me/cvedetector/15137", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22576 - Marcus Downing Site PIN Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22576 \nPublished : Jan. 13, 2025, 2:15 p.m. | 38\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus Downing Site PIN allows Reflected XSS.This issue affects Site PIN: from n/a through 1.3. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-13T16:14:08.000000Z"} 2025-01-13T16:14:08+00:00 https://db.gcve.eu/sighting/870a2462-48c9-4c66-a964-04401e008dfb/export 870a2462-48c9-4c66-a964-04401e008dfb 2026-05-23T07:59:12.847005+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "870a2462-48c9-4c66-a964-04401e008dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22570", "type": "seen", "source": "https://t.me/cvedetector/15146", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22570 - Milo\u0161 \u0110eki\u0107 Inline Tweets Stored Cross-site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22570 \nPublished : Jan. 13, 2025, 2:15 p.m. | 38\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milo\u0161 \u0110eki\u0107 Inline Tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through 2.0. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-13T16:14:21.000000Z"} 2025-01-13T16:14:21+00:00 https://db.gcve.eu/sighting/292b088c-f1bc-461c-8bbc-00bbe5868eca/export 292b088c-f1bc-461c-8bbc-00bbe5868eca 2026-05-23T07:59:12.846940+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "292b088c-f1bc-461c-8bbc-00bbe5868eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2257", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8818", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2257\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.\n\ud83d\udccf Published: 2025-03-26T08:21:49.944Z\n\ud83d\udccf Modified: 2025-03-26T08:21:49.944Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve\n2. https://plugins.svn.wordpress.org/boldgrid-backup/tags/1.16.7/admin/compressor/class-boldgrid-backup-admin-compressor-system-zip.php\n3. https://github.com/BoldGrid/boldgrid-backup/pull/622/files\n4. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9", "creation_timestamp": "2025-03-26T09:26:03.000000Z"} 2025-03-26T09:26:03+00:00 https://db.gcve.eu/sighting/25104eb4-deb7-4aad-ac73-dcd35842bb02/export 25104eb4-deb7-4aad-ac73-dcd35842bb02 2026-05-23T07:59:12.846884+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "25104eb4-deb7-4aad-ac73-dcd35842bb02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2257", "type": "seen", "source": "Telegram/vxFeWKT3kumdU6cdBVzu6teCfmUQZJYA4HbhY0-VOVXPavQ", "content": "", "creation_timestamp": "2025-03-26T10:01:12.000000Z"} 2025-03-26T10:01:12+00:00 https://db.gcve.eu/sighting/e03902c5-226d-4610-a723-c350c9fc42eb/export e03902c5-226d-4610-a723-c350c9fc42eb 2026-05-23T07:59:12.846819+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "e03902c5-226d-4610-a723-c350c9fc42eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2257", "type": "seen", "source": "https://t.me/cvedetector/21161", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2257 - BoldGrid WordPress Backup Plugin Remote Code Execution\", \n \"Content\": \"CVE ID : CVE-2025-2257 \nPublished : March 26, 2025, 9:15 a.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"26 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T12:12:48.000000Z"} 2025-03-26T12:12:48+00:00 https://db.gcve.eu/sighting/90253a71-5ea1-43d4-97bc-8a52cd445f46/export 90253a71-5ea1-43d4-97bc-8a52cd445f46 2026-05-23T07:59:12.846729+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "90253a71-5ea1-43d4-97bc-8a52cd445f46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22575", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9368", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22575\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4.\n\ud83d\udccf Published: 2025-03-28T15:12:26.217Z\n\ud83d\udccf Modified: 2025-03-28T15:12:26.217Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/super-slider/vulnerability/wordpress-super-responsive-slider-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-28T15:28:39.000000Z"} 2025-03-28T15:28:39+00:00 https://db.gcve.eu/sighting/30e67d37-2273-4b38-8904-8c1d1c26f098/export 30e67d37-2273-4b38-8904-8c1d1c26f098 2026-05-23T07:59:12.844639+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "30e67d37-2273-4b38-8904-8c1d1c26f098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22575", "type": "seen", "source": "https://t.me/cvedetector/21441", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-22575 - Super Responsive Slider Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-22575 \nPublished : March 28, 2025, 3:15 p.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T17:45:19.000000Z"} 2025-03-28T17:45:19+00:00