<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-08T15:24:30.501221+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/32e02b42-d9ef-48e6-9b5c-b6bf25431622/export</id>
    <title>32e02b42-d9ef-48e6-9b5c-b6bf25431622</title>
    <updated>2026-07-08T15:24:30.531628+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "32e02b42-d9ef-48e6-9b5c-b6bf25431622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34048", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116877166458368676", "content": "CVE-2026-34048 (CRITICAL, CVSS 9.9): improper auth in coollabsio Coolify (&amp;lt;4.0.0-beta.471) lets low-priv users execute commands via terminal websockets. Update to 4.0.0-beta.471 ASAP. https://radar.offseq.com/threat/cve-2026-34048-cwe-285-improper-authorization-in-c-485c49c27b765944 #OffSeq #Coolify #CVE202634048 #infosec", "creation_timestamp": "2026-07-07T06:00:35.020591Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/32e02b42-d9ef-48e6-9b5c-b6bf25431622/export"/>
    <published>2026-07-07T06:00:35.020591+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/57aa6359-f720-4da6-a356-edb74b14d859/export</id>
    <title>57aa6359-f720-4da6-a356-edb74b14d859</title>
    <updated>2026-07-08T15:24:30.535012+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "57aa6359-f720-4da6-a356-edb74b14d859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34048", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpzwhvprga2r", "content": "CVE-2026-34048: CRITICAL in coollabsio Coolify (&amp;lt;4.0.0-beta.471) enables low-priv team members to run commands on servers. Patch to 4.0.0-beta.471 now. https://radar.offseq.com/threat/cve-2026-34048-cwe-285-improper-authorization-in-c-485c49c27b765944 #OffSeq #Coolify #CVE202634048", "creation_timestamp": "2026-07-07T06:00:31.913927Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/57aa6359-f720-4da6-a356-edb74b14d859/export"/>
    <published>2026-07-07T06:00:31.913927+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2a9d818f-867b-468e-a7d1-e88053e86763/export</id>
    <title>2a9d818f-867b-468e-a7d1-e88053e86763</title>
    <updated>2026-07-08T15:24:30.535350+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2a9d818f-867b-468e-a7d1-e88053e86763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzqfksntd2a", "content": "CVE-2026-34048 - Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers\nCVE ID : CVE-2026-34048\n \n Published : July 7, 2026, 3:19 a.m. | 28\u00a0minutes ago\n \n Description : Coolify is an open-source a...", "creation_timestamp": "2026-07-07T04:11:50.423686Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2a9d818f-867b-468e-a7d1-e88053e86763/export"/>
    <published>2026-07-07T04:11:50.423686+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/21424613-cf7d-4858-a7ba-76506fe1c07f/export</id>
    <title>21424613-cf7d-4858-a7ba-76506fe1c07f</title>
    <updated>2026-07-08T15:24:30.535637+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "21424613-cf7d-4858-a7ba-76506fe1c07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34048", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpzpxol2362e", "content": "CVE-2026-34048 - coolify\nA security issue in Coolify's terminal feature allows team members with limited access to run server commands on other team members' servers. This could lead to unintended changes\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#coolify #coollabsio #CVE #infosec", "creation_timestamp": "2026-07-07T04:04:04.310184Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/21424613-cf7d-4858-a7ba-76506fe1c07f/export"/>
    <published>2026-07-07T04:04:04.310184+00:00</published>
  </entry>
</feed>
