https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 01 May 2026 21:46:27 +0000 https://db.gcve.eu/sighting/d8d0007e-5d70-4ecc-b803-e9f138e67cea/export {"uuid": "d8d0007e-5d70-4ecc-b803-e9f138e67cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10591", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2933\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.\n\ud83d\udccf Published: 2025-04-05T01:44:45.847Z\n\ud83d\udccf Modified: 2025-04-05T01:44:45.847Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d52e644b-a58f-4e09-9e53-e9cbef75e34f?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3265589%40wp-update-mail-notification&new=3265589%40wp-update-mail-notification", "creation_timestamp": "2025-04-05T02:36:35.000000Z"} {"uuid": "d8d0007e-5d70-4ecc-b803-e9f138e67cea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10591", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2933\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.\n\ud83d\udccf Published: 2025-04-05T01:44:45.847Z\n\ud83d\udccf Modified: 2025-04-05T01:44:45.847Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d52e644b-a58f-4e09-9e53-e9cbef75e34f?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3265589%40wp-update-mail-notification&new=3265589%40wp-update-mail-notification", "creation_timestamp": "2025-04-05T02:36:35.000000Z"} https://db.gcve.eu/sighting/d8d0007e-5d70-4ecc-b803-e9f138e67cea/export Sat, 05 Apr 2025 02:36:35 +0000 https://db.gcve.eu/sighting/74a958a2-b2a8-4659-9021-8f1f93c983ae/export {"uuid": "74a958a2-b2a8-4659-9021-8f1f93c983ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114283308691761771", "content": "", "creation_timestamp": "2025-04-05T03:48:22.407985Z"} {"uuid": "74a958a2-b2a8-4659-9021-8f1f93c983ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114283308691761771", "content": "", "creation_timestamp": "2025-04-05T03:48:22.407985Z"} https://db.gcve.eu/sighting/74a958a2-b2a8-4659-9021-8f1f93c983ae/export Sat, 05 Apr 2025 03:48:22 +0000 https://db.gcve.eu/sighting/a87ab990-ab28-4db0-8a5f-2f644b19e029/export {"uuid": "a87ab990-ab28-4db0-8a5f-2f644b19e029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114283308691761771", "content": "", "creation_timestamp": "2025-04-05T03:48:22.412660Z"} {"uuid": "a87ab990-ab28-4db0-8a5f-2f644b19e029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114283308691761771", "content": "", "creation_timestamp": "2025-04-05T03:48:22.412660Z"} https://db.gcve.eu/sighting/a87ab990-ab28-4db0-8a5f-2f644b19e029/export Sat, 05 Apr 2025 03:48:22 +0000 https://db.gcve.eu/sighting/7a8185bc-cb89-45b8-8cfa-98a70c011b8d/export {"uuid": "7a8185bc-cb89-45b8-8cfa-98a70c011b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm22ldajoh2z", "content": "", "creation_timestamp": "2025-04-05T04:07:02.478402Z"} {"uuid": "7a8185bc-cb89-45b8-8cfa-98a70c011b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm22ldajoh2z", "content": "", "creation_timestamp": "2025-04-05T04:07:02.478402Z"} https://db.gcve.eu/sighting/7a8185bc-cb89-45b8-8cfa-98a70c011b8d/export Sat, 05 Apr 2025 04:07:02 +0000 https://db.gcve.eu/sighting/73e9a299-00ae-4251-bfa4-653beea8ad20/export {"uuid": "73e9a299-00ae-4251-bfa4-653beea8ad20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "published-proof-of-concept", "source": "Telegram/oxIM31ySBtAd95-HqmDOjiMLRHxdwH46KFZ1_RsP-VhoY4w", "content": "", "creation_timestamp": "2025-04-05T04:30:38.000000Z"} {"uuid": "73e9a299-00ae-4251-bfa4-653beea8ad20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "published-proof-of-concept", "source": "Telegram/oxIM31ySBtAd95-HqmDOjiMLRHxdwH46KFZ1_RsP-VhoY4w", "content": "", "creation_timestamp": "2025-04-05T04:30:38.000000Z"} https://db.gcve.eu/sighting/73e9a299-00ae-4251-bfa4-653beea8ad20/export Sat, 05 Apr 2025 04:30:38 +0000 https://db.gcve.eu/sighting/58a0a5e0-cba6-422b-95bc-73620593101c/export {"uuid": "58a0a5e0-cba6-422b-95bc-73620593101c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://t.me/cvedetector/22178", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2933 - \"WordPress Email Notifications for Updates Unauthenticated Privilege Escalation\"\", \n \"Content\": \"CVE ID : CVE-2025-2933 \nPublished : April 5, 2025, 2:15 a.m. | 2\u00a0hours, 9\u00a0minutes ago \nDescription : The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-05T06:33:41.000000Z"} {"uuid": "58a0a5e0-cba6-422b-95bc-73620593101c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "https://t.me/cvedetector/22178", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-2933 - \"WordPress Email Notifications for Updates Unauthenticated Privilege Escalation\"\", \n \"Content\": \"CVE ID : CVE-2025-2933 \nPublished : April 5, 2025, 2:15 a.m. | 2\u00a0hours, 9\u00a0minutes ago \nDescription : The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-05T06:33:41.000000Z"} https://db.gcve.eu/sighting/58a0a5e0-cba6-422b-95bc-73620593101c/export Sat, 05 Apr 2025 06:33:41 +0000 https://db.gcve.eu/sighting/f093320b-7bfb-409f-85e2-3a395a3ccd2f/export {"uuid": "f093320b-7bfb-409f-85e2-3a395a3ccd2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29339", "type": "seen", "source": "https://t.me/cvedetector/23528", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-29339 - Open5GS UPF Assertion Failure Vulnerability in PFCP Session Parameter Validation\", \n \"Content\": \"CVE ID : CVE-2025-29339 \nPublished : April 22, 2025, 5:16 p.m. | 46\u00a0minutes ago \nDescription : An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T20:54:44.000000Z"} {"uuid": "f093320b-7bfb-409f-85e2-3a395a3ccd2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29339", "type": "seen", "source": "https://t.me/cvedetector/23528", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-29339 - Open5GS UPF Assertion Failure Vulnerability in PFCP Session Parameter Validation\", \n \"Content\": \"CVE ID : CVE-2025-29339 \nPublished : April 22, 2025, 5:16 p.m. | 46\u00a0minutes ago \nDescription : An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-22T20:54:44.000000Z"} https://db.gcve.eu/sighting/f093320b-7bfb-409f-85e2-3a395a3ccd2f/export Tue, 22 Apr 2025 20:54:44 +0000 https://db.gcve.eu/sighting/f539b544-e991-4d98-9aa9-57605e67f4a2/export {"uuid": "f539b544-e991-4d98-9aa9-57605e67f4a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29331", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19618", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29331\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates\n\ud83d\udccf Published: 2025-06-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-26T15:11:23.166Z\n\ud83d\udd17 References:\n1. https://www.digilol.net/security-advisories/dlsec2025-001.html\n2. https://github.com/MHSanaei/3x-ui/pull/2661", "creation_timestamp": "2025-06-26T15:52:45.000000Z"} {"uuid": "f539b544-e991-4d98-9aa9-57605e67f4a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29331", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19618", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-29331\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates\n\ud83d\udccf Published: 2025-06-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-26T15:11:23.166Z\n\ud83d\udd17 References:\n1. https://www.digilol.net/security-advisories/dlsec2025-001.html\n2. https://github.com/MHSanaei/3x-ui/pull/2661", "creation_timestamp": "2025-06-26T15:52:45.000000Z"} https://db.gcve.eu/sighting/f539b544-e991-4d98-9aa9-57605e67f4a2/export Thu, 26 Jun 2025 15:52:45 +0000 https://db.gcve.eu/sighting/4bdba5ad-dd3d-4e00-aa0a-298fe0fd7d7b/export {"uuid": "4bdba5ad-dd3d-4e00-aa0a-298fe0fd7d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29331", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsjrqbpivc2q", "content": "", "creation_timestamp": "2025-06-26T18:42:30.608302Z"} {"uuid": "4bdba5ad-dd3d-4e00-aa0a-298fe0fd7d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-29331", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsjrqbpivc2q", "content": "", "creation_timestamp": "2025-06-26T18:42:30.608302Z"} https://db.gcve.eu/sighting/4bdba5ad-dd3d-4e00-aa0a-298fe0fd7d7b/export Thu, 26 Jun 2025 18:42:30 +0000 https://db.gcve.eu/sighting/d1512922-0a41-42a8-a0a1-88a2421fa0e2/export {"uuid": "d1512922-0a41-42a8-a0a1-88a2421fa0e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "Telegram/n1w7Ta-G54MRSrb1VMlA0xlYbSVuf31ZXu_QuieRtS0BjM0", "content": "", "creation_timestamp": "2026-04-08T23:30:06.000000Z"} {"uuid": "d1512922-0a41-42a8-a0a1-88a2421fa0e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2933", "type": "seen", "source": "Telegram/n1w7Ta-G54MRSrb1VMlA0xlYbSVuf31ZXu_QuieRtS0BjM0", "content": "", "creation_timestamp": "2026-04-08T23:30:06.000000Z"} https://db.gcve.eu/sighting/d1512922-0a41-42a8-a0a1-88a2421fa0e2/export Wed, 08 Apr 2026 23:30:06 +0000