https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-15T19:06:34.072769+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/8379f2aa-0bb5-47ae-98e9-65df907d088e/export8379f2aa-0bb5-47ae-98e9-65df907d088e2026-05-15T19:06:34.288975+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "8379f2aa-0bb5-47ae-98e9-65df907d088e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21638", "type": "seen", "source": "https://t.me/cvedetector/15831", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21638 - Linux SCTP sysctl auth enables NULL Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2025-21638 \nPublished : Jan. 19, 2025, 11:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nsctp: sysctl: auth_enable: avoid using current->nsproxy \n \nAs mentioned in a previous commit of this series, using the 'net' \nstructure via 'current' is not recommended for different reasons: \n \n- Inconsistency: getting info from the reader's/writer's netns vs only \n from the opener's netns. \n \n- current->nsproxy can be NULL in some cases, resulting in an 'Oops' \n (null-ptr-deref), e.g. when the current task is exiting, as spotted by \n syzbot [1] using acct(2). \n \nThe 'net' structure can be obtained from the table->data using \ncontainer_of(). \n \nNote that table->data could also be used directly, but that would \nincrease the size of this fix, while 'sctp.ctl_sock' still needs to be \nretrieved from 'net' structure. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-19T13:07:15.000000Z"}2025-01-19T13:07:15+00:00https://db.gcve.eu/sighting/5c0eb1ff-4a28-4e8c-90db-1908faa5a880/export5c0eb1ff-4a28-4e8c-90db-1908faa5a8802026-05-15T19:06:34.288918+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "5c0eb1ff-4a28-4e8c-90db-1908faa5a880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21635", "type": "seen", "source": "https://t.me/cvedetector/15838", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21635 - \"Linux RDS rds_tcp buffer NULL Pointer Dereference\"\", \n \"Content\": \"CVE ID : CVE-2025-21635 \nPublished : Jan. 19, 2025, 11:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy \n \nAs mentioned in a previous commit of this series, using the 'net' \nstructure via 'current' is not recommended for different reasons: \n \n- Inconsistency: getting info from the reader's/writer's netns vs only \n from the opener's netns. \n \n- current->nsproxy can be NULL in some cases, resulting in an 'Oops' \n (null-ptr-deref), e.g. when the current task is exiting, as spotted by \n syzbot [1] using acct(2). \n \nThe per-netns structure can be obtained from the table->data using \ncontainer_of(), then the 'net' one can be retrieved from the listen \nsocket (if available). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-19T13:07:27.000000Z"}2025-01-19T13:07:27+00:00https://db.gcve.eu/sighting/de5e0efc-9f0c-466f-b04d-f0139c2287dc/exportde5e0efc-9f0c-466f-b04d-f0139c2287dc2026-05-15T19:06:34.288860+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "de5e0efc-9f0c-466f-b04d-f0139c2287dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21639", "type": "seen", "source": "https://t.me/cvedetector/15839", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-21639 - Linux Kernel SCTP - Use Of Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-21639 \nPublished : Jan. 19, 2025, 11:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nsctp: sysctl: rto_min/max: avoid using current->nsproxy \n \nAs mentioned in a previous commit of this series, using the 'net' \nstructure via 'current' is not recommended for different reasons: \n \n- Inconsistency: getting info from the reader's/writer's netns vs only \n from the opener's netns. \n \n- current->nsproxy can be NULL in some cases, resulting in an 'Oops' \n (null-ptr-deref), e.g. when the current task is exiting, as spotted by \n syzbot [1] using acct(2). \n \nThe 'net' structure can be obtained from the table->data using \ncontainer_of(). \n \nNote that table->data could also be used directly, as this is the only \nmember needed from the 'net' structure, but that would increase the size \nof this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-19T13:07:28.000000Z"}2025-01-19T13:07:28+00:00https://db.gcve.eu/sighting/0a014a1a-bf01-4a97-ad99-98956a54ec80/export0a014a1a-bf01-4a97-ad99-98956a54ec802026-05-15T19:06:34.288802+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "0a014a1a-bf01-4a97-ad99-98956a54ec80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2163", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7659", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2163\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-15T03:23:23.156Z\n\ud83d\udccf Modified: 2025-03-15T03:23:23.156Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/2b58fb0f-c7ac-4ee6-84f1-ac14617a7c2b?source=cve\n2. https://plugins.trac.wordpress.org/browser/zoorum-comments/tags/0.9/zoorum-comments-admin.php#L18\n3. https://plugins.trac.wordpress.org/browser/zoorum-comments/tags/0.9/zoorum-comments-admin.php#L38\n4. https://wordpress.org/plugins/zoorum-comments/", "creation_timestamp": "2025-03-15T03:49:06.000000Z"}2025-03-15T03:49:06+00:00https://db.gcve.eu/sighting/82a4e15e-22d2-4e82-ba8a-1ff20ce8b456/export82a4e15e-22d2-4e82-ba8a-1ff20ce8b4562026-05-15T19:06:34.288752+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "82a4e15e-22d2-4e82-ba8a-1ff20ce8b456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2163", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkfdkxuadl26", "content": "", "creation_timestamp": "2025-03-15T04:56:50.643020Z"}2025-03-15T04:56:50.643020+00:00https://db.gcve.eu/sighting/39328011-46cc-41ae-a121-83c85c1103fe/export39328011-46cc-41ae-a121-83c85c1103fe2026-05-15T19:06:34.288692+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "39328011-46cc-41ae-a121-83c85c1103fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2163", "type": "seen", "source": "https://t.me/cvedetector/20352", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2163 - Zoorum Comments for WordPress CSRF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2163 \nPublished : March 15, 2025, 4:15 a.m. | 1\u00a0hour, 35\u00a0minutes ago \nDescription : The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"15 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T06:55:38.000000Z"}2025-03-15T06:55:38+00:00https://db.gcve.eu/sighting/4af11cb7-1f9e-4937-b937-cf86b94691b3/export4af11cb7-1f9e-4937-b937-cf86b94691b32026-05-15T19:06:34.288641+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "4af11cb7-1f9e-4937-b937-cf86b94691b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21634", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}2025-12-03T14:14:49.267740+00:00https://db.gcve.eu/sighting/bac445c9-3513-4651-9431-68e5dbb3f7d9/exportbac445c9-3513-4651-9431-68e5dbb3f7d92026-05-15T19:06:34.288583+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "bac445c9-3513-4651-9431-68e5dbb3f7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21635", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}2025-12-03T14:14:49.267740+00:00https://db.gcve.eu/sighting/570df754-8e9d-4dc0-a884-2322e864322a/export570df754-8e9d-4dc0-a884-2322e864322a2026-05-15T19:06:34.288511+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "570df754-8e9d-4dc0-a884-2322e864322a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21635", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}2026-03-19T00:00:00+00:00https://db.gcve.eu/sighting/c23271a8-ce44-4cc3-abb7-9485a9d19a9c/exportc23271a8-ce44-4cc3-abb7-9485a9d19a9c2026-05-15T19:06:34.286507+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "c23271a8-ce44-4cc3-abb7-9485a9d19a9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21634", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}2026-03-19T00:00:00+00:00