<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-11T13:03:19.744153+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d1bd056c-5392-46f5-83c9-ea2e583ec713/export</id>
    <title>d1bd056c-5392-46f5-83c9-ea2e583ec713</title>
    <updated>2026-07-11T13:03:19.766939+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d1bd056c-5392-46f5-83c9-ea2e583ec713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqdobmy6nq2d", "content": "miniOrange OAuth SSO (&amp;lt;=38.5.8) is affected by CRITICAL CVE-2026-57807: authentication bypass via password recovery. No patch \u2014 watch for updates and secure affected systems. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #OAuth #Vulner...", "creation_timestamp": "2026-07-11T03:00:28.627120Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d1bd056c-5392-46f5-83c9-ea2e583ec713/export"/>
    <published>2026-07-11T03:00:28.627120+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6520bdb9-8fcc-4cb2-a602-466bc3e9031a/export</id>
    <title>6520bdb9-8fcc-4cb2-a602-466bc3e9031a</title>
    <updated>2026-07-11T13:03:19.768760+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6520bdb9-8fcc-4cb2-a602-466bc3e9031a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116899107707038521", "content": "CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (&amp;lt;=38.5.8). Exploit via password recovery threatens full compromise. No patch yet \u2014 monitor for vendor updates. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #CVE202657807 #OAuth #Security", "creation_timestamp": "2026-07-11T03:00:26.831919Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6520bdb9-8fcc-4cb2-a602-466bc3e9031a/export"/>
    <published>2026-07-11T03:00:26.831919+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5db1ac1b-5fd3-4823-a374-673ddf3b3e25/export</id>
    <title>5db1ac1b-5fd3-4823-a374-673ddf3b3e25</title>
    <updated>2026-07-11T13:03:19.768871+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5db1ac1b-5fd3-4823-a374-673ddf3b3e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdmq2jue32e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-57807 \u0432 miniOrange: \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b\n\n\n\nhttps://kripta.biz/posts/6228B95A-3683-4D68-A0DF-456519ACB9CF", "creation_timestamp": "2026-07-11T02:32:44.578138Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5db1ac1b-5fd3-4823-a374-673ddf3b3e25/export"/>
    <published>2026-07-11T02:32:44.578138+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6ae77f09-571f-490a-89c7-0bc64d17c3be/export</id>
    <title>6ae77f09-571f-490a-89c7-0bc64d17c3be</title>
    <updated>2026-07-11T13:03:19.768964+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6ae77f09-571f-490a-89c7-0bc64d17c3be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqdbxlqail22", "content": "CVE-2026-57807 - oauth single sign on - sso (oauth client)\nA security issue in miniOrange's OAuth Single Sign On (SSO) software allows attackers to bypass authentication using an alternative method. This affects all versions\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-10T23:20:06.351104Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6ae77f09-571f-490a-89c7-0bc64d17c3be/export"/>
    <published>2026-07-10T23:20:06.351104+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2dd5ca91-708d-4575-938d-7595ebe21d36/export</id>
    <title>2dd5ca91-708d-4575-938d-7595ebe21d36</title>
    <updated>2026-07-11T13:03:19.769045+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2dd5ca91-708d-4575-938d-7595ebe21d36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqd5js45ha2w", "content": "\ud83d\udd34 CVE-2026-57807 - Critical (9.8)\n\nAuthentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Sof...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-57807/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-10T22:00:48.866242Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2dd5ca91-708d-4575-938d-7595ebe21d36/export"/>
    <published>2026-07-10T22:00:48.866242+00:00</published>
  </entry>
</feed>
