Most recent sightings.

Most recent sightings. https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 30 Apr 2026 20:10:11 +0000 2aae74c3-a792-44c2-b918-4a93c9b2175e https://db.gcve.eu/sighting/2aae74c3-a792-44c2-b918-4a93c9b2175e/export {"uuid": "2aae74c3-a792-44c2-b918-4a93c9b2175e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31774", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9982", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31774\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WebProtect.ai Astra Security Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Astra Security Suite: from n/a through 0.2.\n\ud83d\udccf Published: 2025-04-01T14:51:21.580Z\n\ud83d\udccf Modified: 2025-04-01T19:30:45.095Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/getastra/vulnerability/wordpress-astra-security-suite-plugin-0-2-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:16.000000Z"} {"uuid": "2aae74c3-a792-44c2-b918-4a93c9b2175e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31774", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9982", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31774\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in WebProtect.ai Astra Security Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Astra Security Suite: from n/a through 0.2.\n\ud83d\udccf Published: 2025-04-01T14:51:21.580Z\n\ud83d\udccf Modified: 2025-04-01T19:30:45.095Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/getastra/vulnerability/wordpress-astra-security-suite-plugin-0-2-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-01T19:32:16.000000Z"} https://db.gcve.eu/sighting/2aae74c3-a792-44c2-b918-4a93c9b2175e/export Tue, 01 Apr 2025 19:32:16 +0000 52277aa0-524a-46b0-b41c-145408e954a8 https://db.gcve.eu/sighting/52277aa0-524a-46b0-b41c-145408e954a8/export {"uuid": "52277aa0-524a-46b0-b41c-145408e954a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31776", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31776\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.\n\ud83d\udccf Published: 2025-04-01T14:51:22.600Z\n\ud83d\udccf Modified: 2025-04-02T15:27:56.673Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/uptime-robot-monitor/vulnerability/wordpress-uptime-robot-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T15:33:26.000000Z"} {"uuid": "52277aa0-524a-46b0-b41c-145408e954a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31776", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31776\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.\n\ud83d\udccf Published: 2025-04-01T14:51:22.600Z\n\ud83d\udccf Modified: 2025-04-02T15:27:56.673Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/uptime-robot-monitor/vulnerability/wordpress-uptime-robot-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T15:33:26.000000Z"} https://db.gcve.eu/sighting/52277aa0-524a-46b0-b41c-145408e954a8/export Wed, 02 Apr 2025 15:33:26 +0000 b3d9cad9-89a4-41dc-91cd-4c7dbd3c3316 https://db.gcve.eu/sighting/b3d9cad9-89a4-41dc-91cd-4c7dbd3c3316/export {"uuid": "b3d9cad9-89a4-41dc-91cd-4c7dbd3c3316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31777", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10105", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31777\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in BeastThemes Clockinator Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clockinator Lite: from n/a through 1.0.7.\n\ud83d\udccf Published: 2025-04-01T14:51:23.123Z\n\ud83d\udccf Modified: 2025-04-02T15:22:49.022Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/clockify-lite/vulnerability/wordpress-clockinator-lite-plugin-1-0-7-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T15:33:36.000000Z"} {"uuid": "b3d9cad9-89a4-41dc-91cd-4c7dbd3c3316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31777", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10105", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31777\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Missing Authorization vulnerability in BeastThemes Clockinator Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clockinator Lite: from n/a through 1.0.7.\n\ud83d\udccf Published: 2025-04-01T14:51:23.123Z\n\ud83d\udccf Modified: 2025-04-02T15:22:49.022Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/clockify-lite/vulnerability/wordpress-clockinator-lite-plugin-1-0-7-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T15:33:36.000000Z"} https://db.gcve.eu/sighting/b3d9cad9-89a4-41dc-91cd-4c7dbd3c3316/export Wed, 02 Apr 2025 15:33:36 +0000 7497ef39-5c0c-49e0-9047-754c2db70eaf https://db.gcve.eu/sighting/7497ef39-5c0c-49e0-9047-754c2db70eaf/export {"uuid": "7497ef39-5c0c-49e0-9047-754c2db70eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31778", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10108", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31778\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raphaelheide Donate Me allows Reflected XSS. This issue affects Donate Me: from n/a through 1.2.5.\n\ud83d\udccf Published: 2025-04-01T14:51:23.646Z\n\ud83d\udccf Modified: 2025-04-02T15:21:15.654Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/donate-me/vulnerability/wordpress-donate-me-plugin-1-2-5-stored-cross-site-scripting-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T15:33:39.000000Z"} {"uuid": "7497ef39-5c0c-49e0-9047-754c2db70eaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31778", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10108", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31778\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raphaelheide Donate Me allows Reflected XSS. This issue affects Donate Me: from n/a through 1.2.5.\n\ud83d\udccf Published: 2025-04-01T14:51:23.646Z\n\ud83d\udccf Modified: 2025-04-02T15:21:15.654Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/donate-me/vulnerability/wordpress-donate-me-plugin-1-2-5-stored-cross-site-scripting-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-02T15:33:39.000000Z"} https://db.gcve.eu/sighting/7497ef39-5c0c-49e0-9047-754c2db70eaf/export Wed, 02 Apr 2025 15:33:39 +0000 f3a7dc97-08b5-428e-8cb2-01328a9f48f8 https://db.gcve.eu/sighting/f3a7dc97-08b5-428e-8cb2-01328a9f48f8/export {"uuid": "f3a7dc97-08b5-428e-8cb2-01328a9f48f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3177", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmfpjri2i", "content": "", "creation_timestamp": "2025-04-03T21:06:36.620799Z"} {"uuid": "f3a7dc97-08b5-428e-8cb2-01328a9f48f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3177", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmfpjri2i", "content": "", "creation_timestamp": "2025-04-03T21:06:36.620799Z"} https://db.gcve.eu/sighting/f3a7dc97-08b5-428e-8cb2-01328a9f48f8/export Thu, 03 Apr 2025 21:06:36 +0000 44d86314-7892-4c3d-b22c-8b042b43ee2e https://db.gcve.eu/sighting/44d86314-7892-4c3d-b22c-8b042b43ee2e/export {"uuid": "44d86314-7892-4c3d-b22c-8b042b43ee2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3177", "type": "seen", "source": "https://t.me/cvedetector/22015", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3177 - FastCMS JWT Handler Cryptographic Key Hard-Coded Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3177 \nPublished : April 3, 2025, 8:15 p.m. | 1\u00a0hour ago \nDescription : A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key \n . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T23:36:13.000000Z"} {"uuid": "44d86314-7892-4c3d-b22c-8b042b43ee2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3177", "type": "seen", "source": "https://t.me/cvedetector/22015", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3177 - FastCMS JWT Handler Cryptographic Key Hard-Coded Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3177 \nPublished : April 3, 2025, 8:15 p.m. | 1\u00a0hour ago \nDescription : A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key \n . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T23:36:13.000000Z"} https://db.gcve.eu/sighting/44d86314-7892-4c3d-b22c-8b042b43ee2e/export Thu, 03 Apr 2025 23:36:13 +0000