https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 17 May 2026 12:21:52 +0000 https://db.gcve.eu/sighting/85d399bd-4e86-4d28-bbf4-961ca4f0147e/export {"uuid": "85d399bd-4e86-4d28-bbf4-961ca4f0147e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40627", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/25079", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-40627 - AbanteCart Reflected Cross-Site Scripting (XSS) Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-40627 \nPublished : May 12, 2025, 12:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/eyes? \n \n[XSS_PAYLOAD]\". \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"12 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T16:56:55.000000Z"} {"uuid": "85d399bd-4e86-4d28-bbf4-961ca4f0147e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40627", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/25079", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-40627 - AbanteCart Reflected Cross-Site Scripting (XSS) Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-40627 \nPublished : May 12, 2025, 12:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/eyes? \n \n[XSS_PAYLOAD]\". \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"12 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T16:56:55.000000Z"} https://db.gcve.eu/sighting/85d399bd-4e86-4d28-bbf4-961ca4f0147e/export Mon, 12 May 2025 16:56:55 +0000 https://db.gcve.eu/sighting/54de448d-844c-470d-9df2-ac87c52a7991/export {"uuid": "54de448d-844c-470d-9df2-ac87c52a7991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40626", "type": "seen", "source": "https://t.me/cvedetector/25080", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-40626 - AbanteCart Reflected Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-40626 \nPublished : May 12, 2025, 12:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/about_us?[XSS_PAYLOAD]\". \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"12 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T16:56:56.000000Z"} {"uuid": "54de448d-844c-470d-9df2-ac87c52a7991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40626", "type": "seen", "source": "https://t.me/cvedetector/25080", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-40626 - AbanteCart Reflected Cross-Site Scripting (XSS)\", \n \"Content\": \"CVE ID : CVE-2025-40626 \nPublished : May 12, 2025, 12:15 p.m. | 2\u00a0hours, 5\u00a0minutes ago \nDescription : Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/about_us?[XSS_PAYLOAD]\". \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"12 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T16:56:56.000000Z"} https://db.gcve.eu/sighting/54de448d-844c-470d-9df2-ac87c52a7991/export Mon, 12 May 2025 16:56:56 +0000 https://db.gcve.eu/sighting/cc080f37-b124-4ff5-b191-2100ea39adf3/export {"uuid": "cc080f37-b124-4ff5-b191-2100ea39adf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40627", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16033", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40627\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/eyes?\n\n[XSS_PAYLOAD]\".\n\ud83d\udccf Published: 2025-05-12T11:36:46.597Z\n\ud83d\udccf Modified: 2025-05-12T18:42:35.890Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-abantecart", "creation_timestamp": "2025-05-12T19:29:23.000000Z"} {"uuid": "cc080f37-b124-4ff5-b191-2100ea39adf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40627", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16033", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40627\n\ud83d\udd25 CVSS Score: 5.1 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Reflected Cross-Site Scripting (XSS) vulnerability in\u00a0AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through\u00a0\"/eyes?\n\n[XSS_PAYLOAD]\".\n\ud83d\udccf Published: 2025-05-12T11:36:46.597Z\n\ud83d\udccf Modified: 2025-05-12T18:42:35.890Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-abantecart", "creation_timestamp": "2025-05-12T19:29:23.000000Z"} https://db.gcve.eu/sighting/cc080f37-b124-4ff5-b191-2100ea39adf3/export Mon, 12 May 2025 19:29:23 +0000 https://db.gcve.eu/sighting/98177e18-2acf-4259-afcf-a82d7d48a18b/export {"uuid": "98177e18-2acf-4259-afcf-a82d7d48a18b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2cxi4ge42h", "content": "", "creation_timestamp": "2025-05-13T10:52:37.269381Z"} {"uuid": "98177e18-2acf-4259-afcf-a82d7d48a18b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lp2cxi4ge42h", "content": "", "creation_timestamp": "2025-05-13T10:52:37.269381Z"} https://db.gcve.eu/sighting/98177e18-2acf-4259-afcf-a82d7d48a18b/export Tue, 13 May 2025 10:52:37 +0000 https://db.gcve.eu/sighting/9d1c44b3-e4cb-47af-ac0d-27e5e948070d/export {"uuid": "9d1c44b3-e4cb-47af-ac0d-27e5e948070d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114500433170308695", "content": "", "creation_timestamp": "2025-05-13T12:05:57.983041Z"} {"uuid": "9d1c44b3-e4cb-47af-ac0d-27e5e948070d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114500433170308695", "content": "", "creation_timestamp": "2025-05-13T12:05:57.983041Z"} https://db.gcve.eu/sighting/9d1c44b3-e4cb-47af-ac0d-27e5e948070d/export Tue, 13 May 2025 12:05:57 +0000 https://db.gcve.eu/sighting/c59ca6bb-2b25-4a66-8770-2d8a83480eb8/export {"uuid": "c59ca6bb-2b25-4a66-8770-2d8a83480eb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://t.me/cvedetector/25182", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-40628 - DomainsPRO SQL Injection\", \n \"Content\": \"CVE ID : CVE-2025-40628 \nPublished : May 13, 2025, 10:15 a.m. | 51\u00a0minutes ago \nDescription : SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the \u201cd\u201d parameter in the \u201c/article.php\u201d endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T13:52:17.000000Z"} {"uuid": "c59ca6bb-2b25-4a66-8770-2d8a83480eb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://t.me/cvedetector/25182", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-40628 - DomainsPRO SQL Injection\", \n \"Content\": \"CVE ID : CVE-2025-40628 \nPublished : May 13, 2025, 10:15 a.m. | 51\u00a0minutes ago \nDescription : SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the \u201cd\u201d parameter in the \u201c/article.php\u201d endpoint. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T13:52:17.000000Z"} https://db.gcve.eu/sighting/c59ca6bb-2b25-4a66-8770-2d8a83480eb8/export Tue, 13 May 2025 13:52:17 +0000 https://db.gcve.eu/sighting/b961457a-7cf9-473c-9ebc-62887e524c43/export {"uuid": "b961457a-7cf9-473c-9ebc-62887e524c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40628\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the \u201cd\u201d parameter in the \u201c/article.php\u201d endpoint.\n\ud83d\udccf Published: 2025-05-13T09:37:39.081Z\n\ud83d\udccf Modified: 2025-05-13T19:05:44.423Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-domainspro", "creation_timestamp": "2025-05-13T19:31:13.000000Z"} {"uuid": "b961457a-7cf9-473c-9ebc-62887e524c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40628", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40628\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the \u201cd\u201d parameter in the \u201c/article.php\u201d endpoint.\n\ud83d\udccf Published: 2025-05-13T09:37:39.081Z\n\ud83d\udccf Modified: 2025-05-13T19:05:44.423Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-domainspro", "creation_timestamp": "2025-05-13T19:31:13.000000Z"} https://db.gcve.eu/sighting/b961457a-7cf9-473c-9ebc-62887e524c43/export Tue, 13 May 2025 19:31:13 +0000 https://db.gcve.eu/sighting/97740db9-8c1b-46ae-aff5-7e4207dfc79b/export {"uuid": "97740db9-8c1b-46ae-aff5-7e4207dfc79b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16687", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40629\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.\n\ud83d\udccf Published: 2025-05-16T12:40:17.878Z\n\ud83d\udccf Modified: 2025-05-16T12:59:59.664Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-pnetlab", "creation_timestamp": "2025-05-16T13:35:55.000000Z"} {"uuid": "97740db9-8c1b-46ae-aff5-7e4207dfc79b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16687", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40629\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sensitive files outside the intended directory.\n\ud83d\udccf Published: 2025-05-16T12:40:17.878Z\n\ud83d\udccf Modified: 2025-05-16T12:59:59.664Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-pnetlab", "creation_timestamp": "2025-05-16T13:35:55.000000Z"} https://db.gcve.eu/sighting/97740db9-8c1b-46ae-aff5-7e4207dfc79b/export Fri, 16 May 2025 13:35:55 +0000 https://db.gcve.eu/sighting/c0464dbf-8545-4c89-9bb5-a926f54fc96c/export {"uuid": "c0464dbf-8545-4c89-9bb5-a926f54fc96c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcizn6iij2p", "content": "", "creation_timestamp": "2025-05-16T17:02:27.935350Z"} {"uuid": "c0464dbf-8545-4c89-9bb5-a926f54fc96c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpcizn6iij2p", "content": "", "creation_timestamp": "2025-05-16T17:02:27.935350Z"} https://db.gcve.eu/sighting/c0464dbf-8545-4c89-9bb5-a926f54fc96c/export Fri, 16 May 2025 17:02:27 +0000 https://db.gcve.eu/sighting/0e62d523-5ced-480c-ad4e-987c8e239a4b/export {"uuid": "0e62d523-5ced-480c-ad4e-987c8e239a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "published-proof-of-concept", "source": "Telegram/uEOlrUu1_l--1w6IndjXIiiKl78HQvEFFzlmBtSlWW7XloE", "content": "", "creation_timestamp": "2025-11-20T03:00:06.000000Z"} {"uuid": "0e62d523-5ced-480c-ad4e-987c8e239a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40629", "type": "published-proof-of-concept", "source": "Telegram/uEOlrUu1_l--1w6IndjXIiiKl78HQvEFFzlmBtSlWW7XloE", "content": "", "creation_timestamp": "2025-11-20T03:00:06.000000Z"} https://db.gcve.eu/sighting/0e62d523-5ced-480c-ad4e-987c8e239a4b/export Thu, 20 Nov 2025 03:00:06 +0000