Circl Vulnerability-lookup
5 CVEs affecting Circl Vulnerability-lookup. Latest disclosed: 2025-12-08. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-60249 | Medium | 6.4 | 2025-09-25 | vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or si… |
CVE-2025-32413 | Medium | 6.4 | 2025-04-08 | Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py. |
CVE-2025-42620 | | 2025-12-08 | In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Sc… | |
CVE-2025-42616 | | 2025-12-08 | Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged action… | |
CVE-2025-42615 | | 2025-12-08 | In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification… |