https://vulnerability.circl.lu/sightings/feed 2026-06-25T10:48:07.896376+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/088b865c-d99f-49f7-8756-0a9c4b6f38ba/export 2026-06-25T10:48:07.916752+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "088b865c-d99f-49f7-8756-0a9c4b6f38ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/jbourdin/1c841962dc31a6cb765da0bf057d0be2", "content": "- **Trello**\n - [TVO - VOLET OUBLIE VARIANT - MOBILE](https://trello.com/c/AhXzP14f/3791-tvo-volet-oublie-variant-mobile) **\ud83e\udd13 Testing**\n - *fix(tvo): adapt quick add panel height and hide view-product link on PDP* [\\#11678](https://github.com/Wishibam/Ecommerce-sylius/pull/11678)\n - [Tvo - Desktop - Tag](https://trello.com/c/tMBF307w/3793-tvo-desktop-tag) **\ud83e\udd13 Testing**\n - *fix(tvo): hide secondary product tag when it would collide with the w\u2026* [\\#11682](https://github.com/Wishibam/Ecommerce-sylius/pull/11682)\n - [\u26a0\ufe0f Action en prod \u26a0\ufe0f Souci d'indexation cheapest variante TVO](https://trello.com/c/hOhjAn2Z/3799-%E2%9A%A0%EF%B8%8F-action-en-prod-%E2%9A%A0%EF%B8%8F-souci-dindexation-cheapest-variante-tvo) **\ud83e\udd13 Testing**\n - *fix(tvo): resolve PLP card images via fallback and prefer sellable va\u2026* [\\#11684](https://github.com/Wishibam/Ecommerce-sylius/pull/11684)\n \n- **Misc**\n - *:wrench: chore: bump mtdowling/jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#11686](https://github.com/Wishibam/Ecommerce-sylius/pull/11686)\n \n- **D\u00e9j\u00e0 en production**\n - *:bug: fix: guard missing jsonProduct attribute (500 PLP/reco)* [\\#11680](https://github.com/Wishibam/Ecommerce-sylius/pull/11680)", "creation_timestamp": "2026-06-18T08:37:24.000000Z"} 2026-06-18T08:37:24+00:00 https://vulnerability.circl.lu/sighting/f9870cbc-a7ba-4b56-a0df-ea6d482eed4e/export 2026-06-25T10:48:07.916662+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "f9870cbc-a7ba-4b56-a0df-ea6d482eed4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/jbourdin/837c3ba37bebbbca796c3a0b7e2a59ee", "content": "- **Trello**\n - [TVO - VOLET OUBLIE VARIANT - MOBILE](https://trello.com/c/AhXzP14f/3791-tvo-volet-oublie-variant-mobile) **\ud83e\udd13 Testing**\n - *fix(tvo): adapt quick add panel height and hide view-product link on PDP* [\\#11678](https://github.com/Wishibam/Ecommerce-sylius/pull/11678)\n - [Tvo - Desktop - Tag](https://trello.com/c/tMBF307w/3793-tvo-desktop-tag) **\ud83e\udd13 Testing**\n - *fix(tvo): hide secondary product tag when it would collide with the w\u2026* [\\#11682](https://github.com/Wishibam/Ecommerce-sylius/pull/11682)\n - [\u26a0\ufe0f Action en prod \u26a0\ufe0f Souci d'indexation cheapest variante TVO](https://trello.com/c/hOhjAn2Z/3799-%E2%9A%A0%EF%B8%8F-action-en-prod-%E2%9A%A0%EF%B8%8F-souci-dindexation-cheapest-variante-tvo) **\ud83e\udd13 Testing**\n - *fix(tvo): resolve PLP card images via fallback and prefer sellable va\u2026* [\\#11684](https://github.com/Wishibam/Ecommerce-sylius/pull/11684)\n \n- **Misc**\n - *:wrench: chore: bump mtdowling/jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#11686](https://github.com/Wishibam/Ecommerce-sylius/pull/11686)\n \n- **D\u00e9j\u00e0 en production**\n - *:bug: fix: guard missing jsonProduct attribute (500 PLP/reco)* [\\#11680](https://github.com/Wishibam/Ecommerce-sylius/pull/11680)", "creation_timestamp": "2026-06-18T08:45:37.000000Z"} 2026-06-18T08:45:37+00:00 https://vulnerability.circl.lu/sighting/d5ce89a9-6b3d-4bcc-b402-9efe02b6c97a/export 2026-06-25T10:48:07.916565+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "d5ce89a9-6b3d-4bcc-b402-9efe02b6c97a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/jbourdin/cde63406dfa189dc54a60baa22e3b96d", "content": "- **Trello**\n - [TVO - VOLET OUBLIE VARIANT - MOBILE](https://trello.com/c/AhXzP14f/3791-tvo-volet-oublie-variant-mobile) **\ud83e\udd13 Testing**\n - *fix(tvo): adapt quick add panel height and hide view-product link on PDP* [\\#11678](https://github.com/Wishibam/Ecommerce-sylius/pull/11678)\n - [Tvo - Desktop - Tag](https://trello.com/c/tMBF307w/3793-tvo-desktop-tag) **\ud83e\udd13 Testing**\n - *fix(tvo): hide secondary product tag when it would collide with the w\u2026* [\\#11682](https://github.com/Wishibam/Ecommerce-sylius/pull/11682)\n - [\u26a0\ufe0f Action en prod \u26a0\ufe0f Souci d'indexation cheapest variante TVO](https://trello.com/c/hOhjAn2Z/3799-%E2%9A%A0%EF%B8%8F-action-en-prod-%E2%9A%A0%EF%B8%8F-souci-dindexation-cheapest-variante-tvo) **\ud83e\udd13 Testing**\n - *fix(tvo): resolve PLP card images via fallback and prefer sellable va\u2026* [\\#11684](https://github.com/Wishibam/Ecommerce-sylius/pull/11684)\n - [TVO Refonte - Mobile - Recherche - Header sticky devient transparent au scroll down](https://trello.com/c/tsd6QFe7/3790-tvo-refonte-mobile-recherche-header-sticky-devient-transparent-au-scroll-down) **\ud83e\udd13 Testing**\n - *fix(tvo): keep mega-menu bar clipped on scroll on search results page* [\\#11688](https://github.com/Wishibam/Ecommerce-sylius/pull/11688)\n \n- **Misc**\n - *:wrench: chore: bump mtdowling/jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#11686](https://github.com/Wishibam/Ecommerce-sylius/pull/11686)\n \n- **D\u00e9j\u00e0 en production**\n - *:bug: fix: guard missing jsonProduct attribute (500 PLP/reco)* [\\#11680](https://github.com/Wishibam/Ecommerce-sylius/pull/11680)\n - *fix(tag): add secondary theme* [\\#11689](https://github.com/Wishibam/Ecommerce-sylius/pull/11689)", "creation_timestamp": "2026-06-18T09:22:36.000000Z"} 2026-06-18T09:22:36+00:00 https://vulnerability.circl.lu/sighting/c509f9fc-a3b5-4440-bf3e-6096f65e5fb2/export 2026-06-25T10:48:07.916476+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "c509f9fc-a3b5-4440-bf3e-6096f65e5fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/cd6529e40b97e630e9094633912c0a3d", "content": "## \ud83d\udd17 Companion release\n\nNo open **Marketplace-client (frontend)** release PR found yet \u2014 it will be linked automatically once it exists.\n\n- https://github.com/Wishibam/Marketplace-client/pulls?q=is%3Apr+is%3Aopen+base%3Amaster+head%3Adevelop\n\n- **Misc**\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)", "creation_timestamp": "2026-06-18T13:14:02.000000Z"} 2026-06-18T13:14:02+00:00 https://vulnerability.circl.lu/sighting/956951c5-9e4d-48de-a20c-9ed289a123d7/export 2026-06-25T10:48:07.916388+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "956951c5-9e4d-48de-a20c-9ed289a123d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/210e7bfcea49d586e96f62e2f40443f1", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Misc**\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n - *:arrow\\_up: deps: bump guzzlehttp/guzzle & psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)", "creation_timestamp": "2026-06-22T07:46:39.000000Z"} 2026-06-22T07:46:39+00:00 https://vulnerability.circl.lu/sighting/74a7f072-d0e5-4dd6-89c0-2c81d16feba3/export 2026-06-25T10:48:07.916297+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "74a7f072-d0e5-4dd6-89c0-2c81d16feba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/ab93e146cc99aae8067dd21a2f0d18da", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Misc**\n - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n - *:arrow\\_up: deps: bump guzzlehttp/guzzle & psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)", "creation_timestamp": "2026-06-23T08:08:29.000000Z"} 2026-06-23T08:08:29+00:00 https://vulnerability.circl.lu/sighting/2911f729-73bf-4f38-8436-423911bf917a/export 2026-06-25T10:48:07.916202+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "2911f729-73bf-4f38-8436-423911bf917a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/86e5c2081bd4ad466f1c6361f0315148", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Misc**\n - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n - *:arrow\\_up: deps: bump guzzlehttp/guzzle & psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)", "creation_timestamp": "2026-06-23T14:58:51.000000Z"} 2026-06-23T14:58:51+00:00 https://vulnerability.circl.lu/sighting/6ddd9185-6d79-48fb-bf07-0ca158c313a1/export 2026-06-25T10:48:07.916097+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "6ddd9185-6d79-48fb-bf07-0ca158c313a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/4864e8932f28b5252a0b20089de8151d", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Misc**\n - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n - *:arrow\\_up: deps: bump guzzlehttp/guzzle & psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)", "creation_timestamp": "2026-06-24T11:40:04.000000Z"} 2026-06-24T11:40:04+00:00 https://vulnerability.circl.lu/sighting/cc545c76-0f84-4394-b043-0a20c8a2884c/export 2026-06-25T10:48:07.915955+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "cc545c76-0f84-4394-b043-0a20c8a2884c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/4f57639ecc47b4437241e84a1fc5ab0e", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n \n- **Misc**\n - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n - *:arrow\\_up: deps: bump guzzlehttp/guzzle & psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)", "creation_timestamp": "2026-06-24T14:42:22.006334Z"} 2026-06-24T14:42:22.006334+00:00 https://vulnerability.circl.lu/sighting/19c63dbc-0001-40a2-b01d-1791583535e9/export 2026-06-25T10:48:07.913280+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "19c63dbc-0001-40a2-b01d-1791583535e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/526730327e172a1ee1ab99b5fdfb0b9b", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n - [\ud83d\udd0d WMS - PICKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-picking-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **In review WMS**\n - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **In review WMS**\n - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n \n- **Misc**\n - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n - *:arrow\\_up: deps: bump guzzlehttp/guzzle & psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)", "creation_timestamp": "2026-06-24T15:44:37.193916Z"} 2026-06-24T15:44:37.193916+00:00