https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 25 May 2026 18:16:40 +0000 https://db.gcve.eu/sighting/379cc01b-b764-4476-86ee-a20fde362822/export {"uuid": "379cc01b-b764-4476-86ee-a20fde362822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43860", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17411", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43860\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.\n\ud83d\udccf Published: 2025-05-23T15:35:01.087Z\n\ud83d\udccf Modified: 2025-05-23T15:35:01.087Z\n\ud83d\udd17 References:\n1. https://github.com/openemr/openemr/security/advisories/GHSA-2h9p-7vmc-wmqv", "creation_timestamp": "2025-05-23T15:44:49.000000Z"} {"uuid": "379cc01b-b764-4476-86ee-a20fde362822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43860", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17411", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43860\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)\n\ud83d\udd39 Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.\n\ud83d\udccf Published: 2025-05-23T15:35:01.087Z\n\ud83d\udccf Modified: 2025-05-23T15:35:01.087Z\n\ud83d\udd17 References:\n1. https://github.com/openemr/openemr/security/advisories/GHSA-2h9p-7vmc-wmqv", "creation_timestamp": "2025-05-23T15:44:49.000000Z"} https://db.gcve.eu/sighting/379cc01b-b764-4476-86ee-a20fde362822/export Fri, 23 May 2025 15:44:49 +0000 https://db.gcve.eu/sighting/4d2430fb-4a49-4478-b9d9-4e267fc18f19/export {"uuid": "4d2430fb-4a49-4478-b9d9-4e267fc18f19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43860", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpuam5h2o42s", "content": "", "creation_timestamp": "2025-05-23T18:19:40.934650Z"} {"uuid": "4d2430fb-4a49-4478-b9d9-4e267fc18f19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43860", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpuam5h2o42s", "content": "", "creation_timestamp": "2025-05-23T18:19:40.934650Z"} https://db.gcve.eu/sighting/4d2430fb-4a49-4478-b9d9-4e267fc18f19/export Fri, 23 May 2025 18:19:40 +0000 https://db.gcve.eu/sighting/7f2302dd-bb23-417c-a4b8-af9eb71efefb/export {"uuid": "7f2302dd-bb23-417c-a4b8-af9eb71efefb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43860", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpurwbdv6bj2", "content": "", "creation_timestamp": "2025-05-23T23:29:56.231015Z"} {"uuid": "7f2302dd-bb23-417c-a4b8-af9eb71efefb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43860", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpurwbdv6bj2", "content": "", "creation_timestamp": "2025-05-23T23:29:56.231015Z"} https://db.gcve.eu/sighting/7f2302dd-bb23-417c-a4b8-af9eb71efefb/export Fri, 23 May 2025 23:29:56 +0000 https://db.gcve.eu/sighting/504e8609-1f48-4685-ae6a-f92dc5f268e5/export {"uuid": "504e8609-1f48-4685-ae6a-f92dc5f268e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43863", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18200", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43863\n\ud83d\udd25 CVSS Score: 1.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.\n\ud83d\udccf Published: 2025-06-12T17:29:57.047Z\n\ud83d\udccf Modified: 2025-06-12T17:29:57.047Z\n\ud83d\udd17 References:\n1. https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw", "creation_timestamp": "2025-06-12T17:35:00.000000Z"} {"uuid": "504e8609-1f48-4685-ae6a-f92dc5f268e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43863", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18200", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43863\n\ud83d\udd25 CVSS Score: 1.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.\n\ud83d\udccf Published: 2025-06-12T17:29:57.047Z\n\ud83d\udccf Modified: 2025-06-12T17:29:57.047Z\n\ud83d\udd17 References:\n1. https://github.com/vantage6/vantage6/security/advisories/GHSA-j6g5-p62x-58hw", "creation_timestamp": "2025-06-12T17:35:00.000000Z"} https://db.gcve.eu/sighting/504e8609-1f48-4685-ae6a-f92dc5f268e5/export Thu, 12 Jun 2025 17:35:00 +0000 https://db.gcve.eu/sighting/ffb3ab65-e037-4cda-8d9c-a2ab291ccd77/export {"uuid": "ffb3ab65-e037-4cda-8d9c-a2ab291ccd77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18299", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43866\n\ud83d\udd25 CVSS Score: 1.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.\n\ud83d\udccf Published: 2025-06-12T18:04:57.649Z\n\ud83d\udccf Modified: 2025-06-13T14:06:06.347Z\n\ud83d\udd17 References:\n1. https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh", "creation_timestamp": "2025-06-13T14:35:48.000000Z"} {"uuid": "ffb3ab65-e037-4cda-8d9c-a2ab291ccd77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43866", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18299", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-43866\n\ud83d\udd25 CVSS Score: 1.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.\n\ud83d\udccf Published: 2025-06-12T18:04:57.649Z\n\ud83d\udccf Modified: 2025-06-13T14:06:06.347Z\n\ud83d\udd17 References:\n1. https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh", "creation_timestamp": "2025-06-13T14:35:48.000000Z"} https://db.gcve.eu/sighting/ffb3ab65-e037-4cda-8d9c-a2ab291ccd77/export Fri, 13 Jun 2025 14:35:48 +0000 https://db.gcve.eu/sighting/5363fb57-b95f-44ef-9dfd-33529605673a/export {"uuid": "5363fb57-b95f-44ef-9dfd-33529605673a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43867", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-02", "content": "", "creation_timestamp": "2025-08-07T10:00:00.000000Z"} {"uuid": "5363fb57-b95f-44ef-9dfd-33529605673a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43867", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-02", "content": "", "creation_timestamp": "2025-08-07T10:00:00.000000Z"} https://db.gcve.eu/sighting/5363fb57-b95f-44ef-9dfd-33529605673a/export Thu, 07 Aug 2025 10:00:00 +0000 https://db.gcve.eu/sighting/e4f85005-74f8-490a-ac60-e6f5cfc52996/export {"uuid": "e4f85005-74f8-490a-ac60-e6f5cfc52996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43864", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3madzvrat662z", "content": "", "creation_timestamp": "2025-12-19T15:45:28.948428Z"} {"uuid": "e4f85005-74f8-490a-ac60-e6f5cfc52996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43864", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3madzvrat662z", "content": "", "creation_timestamp": "2025-12-19T15:45:28.948428Z"} https://db.gcve.eu/sighting/e4f85005-74f8-490a-ac60-e6f5cfc52996/export Fri, 19 Dec 2025 15:45:28 +0000 https://db.gcve.eu/sighting/fbde3971-1208-4df8-aaf7-7e676556353d/export {"uuid": "fbde3971-1208-4df8-aaf7-7e676556353d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43865", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3madzvrat662z", "content": "", "creation_timestamp": "2025-12-19T15:45:29.028342Z"} {"uuid": "fbde3971-1208-4df8-aaf7-7e676556353d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43865", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3madzvrat662z", "content": "", "creation_timestamp": "2025-12-19T15:45:29.028342Z"} https://db.gcve.eu/sighting/fbde3971-1208-4df8-aaf7-7e676556353d/export Fri, 19 Dec 2025 15:45:29 +0000 https://db.gcve.eu/sighting/34ec7f5c-9d79-40bf-9174-ee2ca4b4590a/export {"uuid": "34ec7f5c-9d79-40bf-9174-ee2ca4b4590a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43864", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mckha7mnad2z", "content": "", "creation_timestamp": "2026-01-16T15:50:19.817365Z"} {"uuid": "34ec7f5c-9d79-40bf-9174-ee2ca4b4590a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43864", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mckha7mnad2z", "content": "", "creation_timestamp": "2026-01-16T15:50:19.817365Z"} https://db.gcve.eu/sighting/34ec7f5c-9d79-40bf-9174-ee2ca4b4590a/export Fri, 16 Jan 2026 15:50:19 +0000 https://db.gcve.eu/sighting/5c873855-0297-4511-b93a-8c8b0d98c793/export {"uuid": "5c873855-0297-4511-b93a-8c8b0d98c793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43865", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mckha7mnad2z", "content": "", "creation_timestamp": "2026-01-16T15:50:19.907135Z"} {"uuid": "5c873855-0297-4511-b93a-8c8b0d98c793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-43865", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mckha7mnad2z", "content": "", "creation_timestamp": "2026-01-16T15:50:19.907135Z"} https://db.gcve.eu/sighting/5c873855-0297-4511-b93a-8c8b0d98c793/export Fri, 16 Jan 2026 15:50:19 +0000