https://db.gcve.eu/sightings/feedMost recent sightings.2026-06-04T05:04:54.709182+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/6a88a076-4ab2-4c14-8c4b-a513bbf25a45/export6a88a076-4ab2-4c14-8c4b-a513bbf25a452026-06-04T05:04:54.873901+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "6a88a076-4ab2-4c14-8c4b-a513bbf25a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32385", "type": "seen", "source": "https://t.me/cvedetector/23035", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32385 - EspoCRM Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-32385 \nPublished : April 16, 2025, 12:15 a.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and creating a phishing risk. The iframe URL is user-defined, so an attacker would need to trick the user into specifying a malicious URL. The missing sandbox attribute also allows the remote page to send messages to the parent frame. However, EspoCRM does not make use of these messages. This vulnerability is fixed in 9.0.5. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T03:29:27.000000Z"}2025-04-16T03:29:27+00:00https://db.gcve.eu/sighting/64307cf8-4bae-405f-9bdf-7f5e9215e3ab/export64307cf8-4bae-405f-9bdf-7f5e9215e3ab2026-06-04T05:04:54.873847+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "64307cf8-4bae-405f-9bdf-7f5e9215e3ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://t.me/cvedetector/23040", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32388 - SvelteKit XSS Vulnerability in Unsanitized Search Param Names\", \n \"Content\": \"CVE ID : CVE-2025-32388 \nPublished : April 15, 2025, 11:15 p.m. | 2\u00a0hours, 8\u00a0minutes ago \nDescription : SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T03:29:34.000000Z"}2025-04-16T03:29:34+00:00https://db.gcve.eu/sighting/c9ab982b-0d5c-4841-a85f-df2e9c2a6724/exportc9ab982b-0d5c-4841-a85f-df2e9c2a67242026-06-04T05:04:54.873797+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "c9ab982b-0d5c-4841-a85f-df2e9c2a6724", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lmxzutzcrl2w", "content": "", "creation_timestamp": "2025-04-17T02:14:20.573540Z"}2025-04-17T02:14:20.573540+00:00https://db.gcve.eu/sighting/44b246bc-a6e8-4703-8895-7fa1c7e7ae77/export44b246bc-a6e8-4703-8895-7fa1c7e7ae772026-06-04T05:04:54.873746+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "44b246bc-a6e8-4703-8895-7fa1c7e7ae77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32388", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ln2kapl7my2t", "content": "", "creation_timestamp": "2025-04-18T02:12:38.111762Z"}2025-04-18T02:12:38.111762+00:00https://db.gcve.eu/sighting/e722a6af-7c0c-413b-b54d-e90273ceee18/exporte722a6af-7c0c-413b-b54d-e90273ceee182026-06-04T05:04:54.873687+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "e722a6af-7c0c-413b-b54d-e90273ceee18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32389", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12489", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32389\n\ud83d\udd25 CVSS Score: 8.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4.\n\ud83d\udccf Published: 2025-04-18T15:56:39.962Z\n\ud83d\udccf Modified: 2025-04-18T16:24:24.300Z\n\ud83d\udd17 References:\n1. https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x\n2. https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f\n3. https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4", "creation_timestamp": "2025-04-18T16:58:59.000000Z"}2025-04-18T16:58:59+00:00https://db.gcve.eu/sighting/07ec8ab3-46d5-4d1a-8e4c-a875cf6a068f/export07ec8ab3-46d5-4d1a-8e4c-a875cf6a068f2026-06-04T05:04:54.873636+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "07ec8ab3-46d5-4d1a-8e4c-a875cf6a068f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32389", "type": "seen", "source": "https://bsky.app/profile/Minecraft.activitypub.awakari.com.ap.brid.gy/post/3ln45dxk5npy2", "content": "", "creation_timestamp": "2025-04-18T17:28:24.564706Z"}2025-04-18T17:28:24.564706+00:00https://db.gcve.eu/sighting/7b0051e9-9d4a-413e-b8f6-8fc7dbf8d030/export7b0051e9-9d4a-413e-b8f6-8fc7dbf8d0302026-06-04T05:04:54.873584+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "7b0051e9-9d4a-413e-b8f6-8fc7dbf8d030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32389", "type": "published-proof-of-concept", "source": "Telegram/7jNmJD5vjZVenNUqyYR0CPI9qktay_Z3-idVdIxY76S8ayI", "content": "", "creation_timestamp": "2025-04-18T18:31:46.000000Z"}2025-04-18T18:31:46+00:00https://db.gcve.eu/sighting/61303f6d-2233-4d89-94ad-8ec8df2d62f7/export61303f6d-2233-4d89-94ad-8ec8df2d62f72026-06-04T05:04:54.873520+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "61303f6d-2233-4d89-94ad-8ec8df2d62f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32389", "type": "seen", "source": "https://t.me/cvedetector/23310", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32389 - NamelessMC SQL Injection\", \n \"Content\": \"CVE ID : CVE-2025-32389 \nPublished : April 18, 2025, 4:15 p.m. | 26\u00a0minutes ago \nDescription : NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"18 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T19:04:50.000000Z"}2025-04-18T19:04:50+00:00https://db.gcve.eu/sighting/12be0262-b409-4b1e-aac5-54f4a1a9f9ca/export12be0262-b409-4b1e-aac5-54f4a1a9f9ca2026-06-04T05:04:54.873438+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "12be0262-b409-4b1e-aac5-54f4a1a9f9ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32386", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lr4lgwd5es2t", "content": "", "creation_timestamp": "2025-06-08T19:20:09.264423Z"}2025-06-08T19:20:09.264423+00:00https://db.gcve.eu/sighting/79f9471a-b5e6-4a5f-a1a0-daf862f654df/export79f9471a-b5e6-4a5f-a1a0-daf862f654df2026-06-04T05:04:54.872314+00:00cedrichttps://db.gcve.eu/user/cedric{"uuid": "79f9471a-b5e6-4a5f-a1a0-daf862f654df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-32387", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lr4lgwd5es2t", "content": "", "creation_timestamp": "2025-06-08T19:20:09.366789Z"}2025-06-08T19:20:09.366789+00:00