Most recent sightings.

Most recent sightings. https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 07 May 2026 10:03:15 +0000 ae2c1a9b-3fd2-4206-9d5b-bc32d9830202 https://db.gcve.eu/sighting/ae2c1a9b-3fd2-4206-9d5b-bc32d9830202/export {"uuid": "ae2c1a9b-3fd2-4206-9d5b-bc32d9830202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2314", "type": "seen", "source": "https://t.me/cvedetector/23047", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2314 - WordPress User Profile Builder Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2314 \nPublished : April 16, 2025, 3:15 a.m. | 2\u00a0hours, 9\u00a0minutes ago \nDescription : The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nThe issue was partially patched in version 3.13.6 of the plugin, and fully patched in 3.13.7. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T07:40:02.000000Z"} {"uuid": "ae2c1a9b-3fd2-4206-9d5b-bc32d9830202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2314", "type": "seen", "source": "https://t.me/cvedetector/23047", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2314 - WordPress User Profile Builder Stored Cross-Site Scripting Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-2314 \nPublished : April 16, 2025, 3:15 a.m. | 2\u00a0hours, 9\u00a0minutes ago \nDescription : The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nThe issue was partially patched in version 3.13.6 of the plugin, and fully patched in 3.13.7. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T07:40:02.000000Z"} https://db.gcve.eu/sighting/ae2c1a9b-3fd2-4206-9d5b-bc32d9830202/export Wed, 16 Apr 2025 07:40:02 +0000 da7d5acc-7f3b-4f2b-86ea-7c1ecc05ada4 https://db.gcve.eu/sighting/da7d5acc-7f3b-4f2b-86ea-7c1ecc05ada4/export {"uuid": "da7d5acc-7f3b-4f2b-86ea-7c1ecc05ada4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23142", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23142\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: detect and prevent references to a freed transport in sendmsg\n\nsctp_sendmsg() re-uses associations and transports when possible by\ndoing a lookup based on the socket endpoint and the message destination\naddress, and then sctp_sendmsg_to_asoc() sets the selected transport in\nall the message chunks to be sent.\n\nThere's a possible race condition if another thread triggers the removal\nof that selected transport, for instance, by explicitly unbinding an\naddress with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have\nbeen set up and before the message is sent. This can happen if the send\nbuffer is full, during the period when the sender thread temporarily\nreleases the socket lock in sctp_wait_for_sndbuf().\n\nThis causes the access to the transport data in\nsctp_outq_select_transport(), when the association outqueue is flushed,\nto result in a use-after-free read.\n\nThis change avoids this scenario by having sctp_transport_free() signal\nthe freeing of the transport, tagging it as \"dead\". In order to do this,\nthe patch restores the \"dead\" bit in struct sctp_transport, which was\nremoved in\ncommit 47faa1e4c50e (\"sctp: remove the dead field of sctp_transport\").\n\nThen, in the scenario where the sender thread has released the socket\nlock in sctp_wait_for_sndbuf(), the bit is checked again after\nre-acquiring the socket lock to detect the deletion. This is done while\nholding a reference to the transport to prevent it from being freed in\nthe process.\n\nIf the transport was deleted while the socket lock was relinquished,\nsctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the\nsend.\n\nThe bug was found by a private syzbot instance (see the error report [1]\nand the C reproducer that triggers it [2]).\n\ud83d\udccf Published: 2025-05-01T12:55:32.614Z\n\ud83d\udccf Modified: 2025-05-04T13:07:09.069Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/547762250220325d350d0917a7231480e0f4142b\n2. https://git.kernel.org/stable/c/3257386be6a7eb8a8bfc9cbfb746df4eb4fc70e8\n3. https://git.kernel.org/stable/c/0f7df4899299ce4662e5f95badb9dbc57cc37fa5\n4. https://git.kernel.org/stable/c/7a63f4fb0efb4e69efd990cbb740a848679ec4b0\n5. https://git.kernel.org/stable/c/c6fefcb71d246baaf3bacdad1af7ff50ebcfe652\n6. https://git.kernel.org/stable/c/9e7c37fadb3be1fc33073fcf10aa96d166caa697\n7. https://git.kernel.org/stable/c/5bc83bdf5f5b8010d1ca5a4555537e62413ab4e2\n8. https://git.kernel.org/stable/c/2e5068b7e0ae0a54f6cfd03a2f80977da657f1ee\n9. https://git.kernel.org/stable/c/f1a69a940de58b16e8249dff26f74c8cc59b32be", "creation_timestamp": "2025-05-04T13:18:43.000000Z"} {"uuid": "da7d5acc-7f3b-4f2b-86ea-7c1ecc05ada4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23142", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23142\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: detect and prevent references to a freed transport in sendmsg\n\nsctp_sendmsg() re-uses associations and transports when possible by\ndoing a lookup based on the socket endpoint and the message destination\naddress, and then sctp_sendmsg_to_asoc() sets the selected transport in\nall the message chunks to be sent.\n\nThere's a possible race condition if another thread triggers the removal\nof that selected transport, for instance, by explicitly unbinding an\naddress with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have\nbeen set up and before the message is sent. This can happen if the send\nbuffer is full, during the period when the sender thread temporarily\nreleases the socket lock in sctp_wait_for_sndbuf().\n\nThis causes the access to the transport data in\nsctp_outq_select_transport(), when the association outqueue is flushed,\nto result in a use-after-free read.\n\nThis change avoids this scenario by having sctp_transport_free() signal\nthe freeing of the transport, tagging it as \"dead\". In order to do this,\nthe patch restores the \"dead\" bit in struct sctp_transport, which was\nremoved in\ncommit 47faa1e4c50e (\"sctp: remove the dead field of sctp_transport\").\n\nThen, in the scenario where the sender thread has released the socket\nlock in sctp_wait_for_sndbuf(), the bit is checked again after\nre-acquiring the socket lock to detect the deletion. This is done while\nholding a reference to the transport to prevent it from being freed in\nthe process.\n\nIf the transport was deleted while the socket lock was relinquished,\nsctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the\nsend.\n\nThe bug was found by a private syzbot instance (see the error report [1]\nand the C reproducer that triggers it [2]).\n\ud83d\udccf Published: 2025-05-01T12:55:32.614Z\n\ud83d\udccf Modified: 2025-05-04T13:07:09.069Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/547762250220325d350d0917a7231480e0f4142b\n2. https://git.kernel.org/stable/c/3257386be6a7eb8a8bfc9cbfb746df4eb4fc70e8\n3. https://git.kernel.org/stable/c/0f7df4899299ce4662e5f95badb9dbc57cc37fa5\n4. https://git.kernel.org/stable/c/7a63f4fb0efb4e69efd990cbb740a848679ec4b0\n5. https://git.kernel.org/stable/c/c6fefcb71d246baaf3bacdad1af7ff50ebcfe652\n6. https://git.kernel.org/stable/c/9e7c37fadb3be1fc33073fcf10aa96d166caa697\n7. https://git.kernel.org/stable/c/5bc83bdf5f5b8010d1ca5a4555537e62413ab4e2\n8. https://git.kernel.org/stable/c/2e5068b7e0ae0a54f6cfd03a2f80977da657f1ee\n9. https://git.kernel.org/stable/c/f1a69a940de58b16e8249dff26f74c8cc59b32be", "creation_timestamp": "2025-05-04T13:18:43.000000Z"} https://db.gcve.eu/sighting/da7d5acc-7f3b-4f2b-86ea-7c1ecc05ada4/export Sun, 04 May 2025 13:18:43 +0000 4601c754-1a26-43bc-94ff-cb81b779da5b https://db.gcve.eu/sighting/4601c754-1a26-43bc-94ff-cb81b779da5b/export {"uuid": "4601c754-1a26-43bc-94ff-cb81b779da5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23148", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} {"uuid": "4601c754-1a26-43bc-94ff-cb81b779da5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23148", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} https://db.gcve.eu/sighting/4601c754-1a26-43bc-94ff-cb81b779da5b/export Wed, 03 Dec 2025 14:14:49 +0000 75ab915d-de37-41ae-a58a-929a409863ec https://db.gcve.eu/sighting/75ab915d-de37-41ae-a58a-929a409863ec/export {"uuid": "75ab915d-de37-41ae-a58a-929a409863ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23141", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} {"uuid": "75ab915d-de37-41ae-a58a-929a409863ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23141", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} https://db.gcve.eu/sighting/75ab915d-de37-41ae-a58a-929a409863ec/export Wed, 03 Dec 2025 14:14:49 +0000 0f770b3a-0144-4062-a7a6-cddd0c5903ff https://db.gcve.eu/sighting/0f770b3a-0144-4062-a7a6-cddd0c5903ff/export {"uuid": "0f770b3a-0144-4062-a7a6-cddd0c5903ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23145", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3m7sa77dk4m26", "content": "", "creation_timestamp": "2025-12-12T13:50:13.057382Z"} {"uuid": "0f770b3a-0144-4062-a7a6-cddd0c5903ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23145", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3m7sa77dk4m26", "content": "", "creation_timestamp": "2025-12-12T13:50:13.057382Z"} https://db.gcve.eu/sighting/0f770b3a-0144-4062-a7a6-cddd0c5903ff/export Fri, 12 Dec 2025 13:50:13 +0000 f8f1223d-2807-4d2a-9973-9ddff8aa49e1 https://db.gcve.eu/sighting/f8f1223d-2807-4d2a-9973-9ddff8aa49e1/export {"uuid": "f8f1223d-2807-4d2a-9973-9ddff8aa49e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23141", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} {"uuid": "f8f1223d-2807-4d2a-9973-9ddff8aa49e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23141", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} https://db.gcve.eu/sighting/f8f1223d-2807-4d2a-9973-9ddff8aa49e1/export Thu, 19 Mar 2026 00:00:00 +0000 8d522bda-63a4-4d42-9f5e-0fb4304c6c9e https://db.gcve.eu/sighting/8d522bda-63a4-4d42-9f5e-0fb4304c6c9e/export {"uuid": "8d522bda-63a4-4d42-9f5e-0fb4304c6c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23143", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"} {"uuid": "8d522bda-63a4-4d42-9f5e-0fb4304c6c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23143", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"} https://db.gcve.eu/sighting/8d522bda-63a4-4d42-9f5e-0fb4304c6c9e/export Thu, 02 Apr 2026 17:00:00 +0000 36c8862c-e7e4-4815-962c-4ac8428a6365 https://db.gcve.eu/sighting/36c8862c-e7e4-4815-962c-4ac8428a6365/export {"uuid": "36c8862c-e7e4-4815-962c-4ac8428a6365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23143", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"} {"uuid": "36c8862c-e7e4-4815-962c-4ac8428a6365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23143", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"} https://db.gcve.eu/sighting/36c8862c-e7e4-4815-962c-4ac8428a6365/export Tue, 07 Apr 2026 18:00:00 +0000