Circl Vulnerability-lookup

5 CVEs affecting Circl Vulnerability-lookup. Latest disclosed: 2025-12-08. Critical: 0, High: 0.

Top CVEs affecting Circl Vulnerability-lookup
CVESeverityScorePublishedSummary
CVE-2025-60249Medium6.42025-09-25vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or si…
CVE-2025-32413Medium6.42025-04-08Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py.
CVE-2025-426202025-12-08In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Sc…
CVE-2025-426162025-12-08Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged action…
CVE-2025-426152025-12-08In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification…