<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-18T20:19:48.368461+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cb5073df-4ff9-4acc-8a22-8b5153d56d41/export</id>
    <title>cb5073df-4ff9-4acc-8a22-8b5153d56d41</title>
    <updated>2026-07-18T20:19:48.392824+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cb5073df-4ff9-4acc-8a22-8b5153d56d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56765", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqgm7kzfna2w", "content": "\ud83d\udd34 CVE-2026-56765 - Critical (9.8)\n\nVikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint expose...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-56765/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-12T07:01:31.241078Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cb5073df-4ff9-4acc-8a22-8b5153d56d41/export"/>
    <published>2026-07-12T07:01:31.241078+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/38b8e404-9ee4-4f16-a622-297c2cb06190/export</id>
    <title>38b8e404-9ee4-4f16-a622-297c2cb06190</title>
    <updated>2026-07-18T20:19:48.395742+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "38b8e404-9ee4-4f16-a622-297c2cb06190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56763", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqezy366wt2e", "content": "CVE-2026-56763 - Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option\nCVE ID : CVE-2026-56763\n \n Published : July 11, 2026, 2:16 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, per...", "creation_timestamp": "2026-07-11T16:02:32.198290Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/38b8e404-9ee4-4f16-a622-297c2cb06190/export"/>
    <published>2026-07-11T16:02:32.198290+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e14d5609-fbfb-47f4-9dc8-c7eabbe9cc17/export</id>
    <title>e14d5609-fbfb-47f4-9dc8-c7eabbe9cc17</title>
    <updated>2026-07-18T20:19:48.395877+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e14d5609-fbfb-47f4-9dc8-c7eabbe9cc17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56763", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqevjxoudi2f", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-56763 \u0432 Hono: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/12D46BBB-B2FF-4552-96D2-06EAFCD4DC2E", "creation_timestamp": "2026-07-11T14:43:03.835883Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e14d5609-fbfb-47f4-9dc8-c7eabbe9cc17/export"/>
    <published>2026-07-11T14:43:03.835883+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/56c705d5-f39b-4b69-939e-a204dcc634cb/export</id>
    <title>56c705d5-f39b-4b69-939e-a204dcc634cb</title>
    <updated>2026-07-18T20:19:48.395987+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "56c705d5-f39b-4b69-939e-a204dcc634cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56765", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqcltiwe322h", "content": "CVE-2026-56765\nVikunja, a task management software, has a security flaw that lets unauthorized users access sensitive share links and attachments. This could lead to unauthorized access to confidential files and data. To fix\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-10T16:44:06.910792Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/56c705d5-f39b-4b69-939e-a204dcc634cb/export"/>
    <published>2026-07-10T16:44:06.910792+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a6ff268e-a927-4512-a96b-cb8f3e758e4d/export</id>
    <title>a6ff268e-a927-4512-a96b-cb8f3e758e4d</title>
    <updated>2026-07-18T20:19:48.396087+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a6ff268e-a927-4512-a96b-cb8f3e758e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56768", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5m2eudfs2p", "content": "CVE-2026-56768 - Seahub\nCVE ID : CVE-2026-56768\n \n Published : June 25, 2026, 6:05 p.m. | 3\u00a0hours, 6\u00a0minutes ago\n \n Description : Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass au...", "creation_timestamp": "2026-06-25T23:39:27.379885Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a6ff268e-a927-4512-a96b-cb8f3e758e4d/export"/>
    <published>2026-06-25T23:39:27.379885+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3b72349d-419e-4104-8ccd-ff0f9fccf6ca/export</id>
    <title>3b72349d-419e-4104-8ccd-ff0f9fccf6ca</title>
    <updated>2026-07-18T20:19:48.396186+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3b72349d-419e-4104-8ccd-ff0f9fccf6ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56766", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5lrgeajq2a", "content": "CVE-2026-56766 - Hydra - Stack Buffer Overflow in NTLM Authentication Handler\nCVE ID : CVE-2026-56766\n \n Published : June 25, 2026, 6:01 p.m. | 3\u00a0hours, 10\u00a0minutes ago\n \n Description : Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authent...", "creation_timestamp": "2026-06-25T23:34:26.863909Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3b72349d-419e-4104-8ccd-ff0f9fccf6ca/export"/>
    <published>2026-06-25T23:34:26.863909+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9491a291-17cb-42e4-b639-1b25b6e9c985/export</id>
    <title>9491a291-17cb-42e4-b639-1b25b6e9c985</title>
    <updated>2026-07-18T20:19:48.396283+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9491a291-17cb-42e4-b639-1b25b6e9c985", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56767", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5kc6oyzd27", "content": "CVE-2026-56767 - Maxun\nCVE ID : CVE-2026-56767\n \n Published : June 25, 2026, 6:03 p.m. | 3\u00a0hours, 7\u00a0minutes ago\n \n Description : Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authentic...", "creation_timestamp": "2026-06-25T23:08:01.644372Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9491a291-17cb-42e4-b639-1b25b6e9c985/export"/>
    <published>2026-06-25T23:08:01.644372+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/225eb88c-ffa5-40c9-b71f-343fa60e23c4/export</id>
    <title>225eb88c-ffa5-40c9-b71f-343fa60e23c4</title>
    <updated>2026-07-18T20:19:48.396375+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "225eb88c-ffa5-40c9-b71f-343fa60e23c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56769", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5k4slih62z", "content": "CVE-2026-56769 - Huly Platform - Server-Side Request Forgery via /import Endpoint\nCVE ID : CVE-2026-56769\n \n Published : June 25, 2026, 6:05 p.m. | 3\u00a0hours, 5\u00a0minutes ago\n \n Description : Huly Platform before commit 68cbf8a contains an authenticated server-side request forgery...", "creation_timestamp": "2026-06-25T23:05:01.434525Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/225eb88c-ffa5-40c9-b71f-343fa60e23c4/export"/>
    <published>2026-06-25T23:05:01.434525+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4650687e-a8d1-4862-8ae7-b14c761853a7/export</id>
    <title>4650687e-a8d1-4862-8ae7-b14c761853a7</title>
    <updated>2026-07-18T20:19:48.396471+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4650687e-a8d1-4862-8ae7-b14c761853a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56761", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp23unyhat2i", "content": "CVE-2026-56761 - hono - HTML Injection via Improper JSX Attribute Name Handling in SSR\nCVE ID : CVE-2026-56761\n \n Published : June 24, 2026, 11:53 a.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : hono before 4.12.14 contains an html injection vulnerability in jsx server-side ren...", "creation_timestamp": "2026-06-24T14:11:56.527824Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4650687e-a8d1-4862-8ae7-b14c761853a7/export"/>
    <published>2026-06-24T14:11:56.527824+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8a9d627b-f6d5-4e34-bcd4-68de5c247e0d/export</id>
    <title>8a9d627b-f6d5-4e34-bcd4-68de5c247e0d</title>
    <updated>2026-07-18T20:19:48.396567+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8a9d627b-f6d5-4e34-bcd4-68de5c247e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5676", "type": "published-proof-of-concept", "source": "Telegram/MEpsfFR7A3mQ2dGKH0pRdtzvADr6R8o0dal6eRm_pMO8wsk", "content": "", "creation_timestamp": "2026-04-06T21:20:35.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8a9d627b-f6d5-4e34-bcd4-68de5c247e0d/export"/>
    <published>2026-04-06T21:20:35+00:00</published>
  </entry>
</feed>
