<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-05T03:28:04.683742+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c56eddc6-0d7e-470b-9314-6c6407a63f1d/export</id>
    <title>c56eddc6-0d7e-470b-9314-6c6407a63f1d</title>
    <updated>2026-07-05T03:28:04.705423+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c56eddc6-0d7e-470b-9314-6c6407a63f1d", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33107", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/49b1e07b-00ad-4157-b91b-3b1a9d9fb151", "content": "", "creation_timestamp": "2026-06-23T14:05:49.110558Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c56eddc6-0d7e-470b-9314-6c6407a63f1d/export"/>
    <published>2026-06-23T14:05:49.110558+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1f0602f2-f186-448f-80a3-fba8cfe6e70f/export</id>
    <title>1f0602f2-f186-448f-80a3-fba8cfe6e70f</title>
    <updated>2026-07-05T03:28:04.707304+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1f0602f2-f186-448f-80a3-fba8cfe6e70f", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c2dfbb1e-6360-42d7-bf27-27fd3b2186c5", "content": "", "creation_timestamp": "2026-06-23T14:05:49.046919Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1f0602f2-f186-448f-80a3-fba8cfe6e70f/export"/>
    <published>2026-06-23T14:05:49.046919+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cedeacd7-9a5e-4696-9524-51fdba8c0cc7/export</id>
    <title>cedeacd7-9a5e-4696-9524-51fdba8c0cc7</title>
    <updated>2026-07-05T03:28:04.707402+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cedeacd7-9a5e-4696-9524-51fdba8c0cc7", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/6ba97c41-084c-4362-b775-28bee55f8b8e", "content": "", "creation_timestamp": "2026-06-19T12:46:44.918299Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cedeacd7-9a5e-4696-9524-51fdba8c0cc7/export"/>
    <published>2026-06-19T12:46:44.918299+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/68853c92-9731-4a63-96df-c730cfcd90e4/export</id>
    <title>68853c92-9731-4a63-96df-c730cfcd90e4</title>
    <updated>2026-07-05T03:28:04.707479+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "68853c92-9731-4a63-96df-c730cfcd90e4", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33107", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e6dcfefd-aa04-42b5-9f9b-13fa4c4e64d6", "content": "", "creation_timestamp": "2026-06-19T12:46:44.521518Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/68853c92-9731-4a63-96df-c730cfcd90e4/export"/>
    <published>2026-06-19T12:46:44.521518+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/af016dc9-326b-4692-a1cb-0074b8075ff6/export</id>
    <title>af016dc9-326b-4692-a1cb-0074b8075ff6</title>
    <updated>2026-07-05T03:28:04.707561+00:00</updated>
    <author>
      <name>Cédric Bonhomme</name>
      <uri>https://cvepremium.circl.lu/user/cedric</uri>
    </author>
    <content>{"uuid": "af016dc9-326b-4692-a1cb-0074b8075ff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-33106", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a3cfb216-1cbc-4369-81a8-b02bcdd2e83b", "content": "", "creation_timestamp": "2026-02-02T12:26:44.908368Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/af016dc9-326b-4692-a1cb-0074b8075ff6/export"/>
    <published>2026-02-02T12:26:44.908368+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/669ece27-448d-4b00-bc0b-f85177918a3b/export</id>
    <title>669ece27-448d-4b00-bc0b-f85177918a3b</title>
    <updated>2026-07-05T03:28:04.708365+00:00</updated>
    <author>
      <name>Cédric Bonhomme</name>
      <uri>https://cvepremium.circl.lu/user/cedric</uri>
    </author>
    <content>{"uuid": "669ece27-448d-4b00-bc0b-f85177918a3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-33107", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7f50f113-4836-41dc-9d8f-009110a0f08c", "content": "", "creation_timestamp": "2026-02-02T12:26:44.802231Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/669ece27-448d-4b00-bc0b-f85177918a3b/export"/>
    <published>2026-02-02T12:26:44.802231+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bbbfb095-9003-49da-a258-14c388b2711a/export</id>
    <title>bbbfb095-9003-49da-a258-14c388b2711a</title>
    <updated>2026-07-05T03:28:04.708449+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bbbfb095-9003-49da-a258-14c388b2711a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/57682", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE  TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE  \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE  TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation  TBD\nIceWarp Mail Server Pre-auth RCE  TBD\nLinux 6.1.0, 6.8.0 LPE  TBD\nFortinet FortiSIEM RCE  TBD\nFortinet FortiWeb Authentication Bypass  TBD\nWindows 10/11/2016/2019/2022 Logic LPE  \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE  \nLinux LPE 0day (up to 6.1.81)  \n\nChrome RCE 1day (Feb 6, 2024)  \nFirefox Chain 1day (up to 126)  \nSamsung S22/23 1day LPE (CVE-2023-33106)  \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE  \nChrome Android/Windows RCE  \nChrome Android RCE  \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX  \nWindows Low to Medium LPE  \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-22T19:43:07.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bbbfb095-9003-49da-a258-14c388b2711a/export"/>
    <published>2025-08-22T19:43:07+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/50199c63-85c2-449e-825c-e54dd7953733/export</id>
    <title>50199c63-85c2-449e-825c-e54dd7953733</title>
    <updated>2026-07-05T03:28:04.708540+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "50199c63-85c2-449e-825c-e54dd7953733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/424974", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE  TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE  \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE  TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation  TBD\nIceWarp Mail Server Pre-auth RCE  TBD\nLinux 6.1.0, 6.8.0 LPE  TBD\nFortinet FortiSIEM RCE  TBD\nFortinet FortiWeb Authentication Bypass  TBD\nWindows 10/11/2016/2019/2022 Logic LPE  \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE  \nLinux LPE 0day (up to 6.1.81)  \n\nChrome RCE 1day (Feb 6, 2024)  \nFirefox Chain 1day (up to 126)  \nSamsung S22/23 1day LPE (CVE-2023-33106)  \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE  \nChrome Android/Windows RCE  \nChrome Android RCE  \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX  \nWindows Low to Medium LPE  \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-22T19:42:39.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/50199c63-85c2-449e-825c-e54dd7953733/export"/>
    <published>2025-08-22T19:42:39+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0ba96f8a-6d9c-4d5d-b6af-e89da5744f37/export</id>
    <title>0ba96f8a-6d9c-4d5d-b6af-e89da5744f37</title>
    <updated>2026-07-05T03:28:04.708638+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0ba96f8a-6d9c-4d5d-b6af-e89da5744f37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/RFrepoV1Chat/423914", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE\u00a0 TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE\u00a0 \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE\u00a0 TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation\u00a0 TBD\nIceWarp Mail Server Pre-auth RCE\u00a0 TBD\nLinux 6.1.0, 6.8.0 LPE\u00a0 TBD\nFortinet FortiSIEM RCE\u00a0 TBD\nFortinet FortiWeb Authentication Bypass\u00a0 TBD\nWindows 10/11/2016/2019/2022 Logic LPE\u00a0 \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE\u00a0 \nLinux LPE 0day (up to 6.1.81)\u00a0 \n\nChrome RCE 1day (Feb 6, 2024)\u00a0 \nFirefox Chain 1day (up to 126)\u00a0 \nSamsung S22/23 1day LPE (CVE-2023-33106)\u00a0 \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE\u00a0 \nChrome Android/Windows RCE\u00a0 \nChrome Android RCE\u00a0 \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX\u00a0 \nWindows Low to Medium LPE\u00a0 \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-14T11:20:49.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0ba96f8a-6d9c-4d5d-b6af-e89da5744f37/export"/>
    <published>2025-08-14T11:20:49+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/db55965f-6bc5-47fb-955c-2a93c82e51ef/export</id>
    <title>db55965f-6bc5-47fb-955c-2a93c82e51ef</title>
    <updated>2026-07-05T03:28:04.708731+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "db55965f-6bc5-47fb-955c-2a93c82e51ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33106", "type": "seen", "source": "https://t.me/BabukLockerGroups/56634", "content": "REMOTE/\nFirefox RCE\nWindows Low IL to SYSTEM LPE\nSafari RCE\nSamsung Exynos/QMI/QRTR Baseband RCE\niOS 17.4-17.7 Full Chain\niOS 18.0+ Zero-day Full Chain\nAndroid Chrome Full Chain\nAndroid 0-Click RCE via Samsung Messenger\n\n2024:\nFortinet NAC Pre-auth RCE\nClamAV Arbitrary File Upload\nBitdefender Safepay RCE\nRocketChat 1-click RC\nSamsung NVR Pre-auth RCE\nLacie NAS Pre-auth RCE\nSonicWall GMS Pre-auth RCE\nMeta Platforms Inc Identity Spoofing\nTrend Micro Worry Free Pre-auth RCE\nWindows 11 KASLR Bypass\nVMware Workstation VME\nJuniper Firewall/VPN (JunOS) Pre-auth RCE\nMacOS Disk Utility LPE\nMS Word RCE via SMB/WebDAV\nAdobe Reader / Acrobat Pro RCE via SMB/WebDAV\nPHP Pre-auth RCE\nMS Word RCE (via LPE)\nMS Word RCE (via indirect execution)\nMS Word RCE\nKKThai Internet Management System Pre-auth RCE\nCloudPanel Pre-auth RCE\nSonicWall SMA 1000 Series Pre-auth RCE\nFoxit Reader/Editor RCE\nLinksys LRT224/LRT214 Business Router Pre-auth RCE\nnginx RCE\u00a0 TBD\nWindows 10/2016/2019/2022 Low IL to SYSTEM LPE\u00a0 \nWindows LPE+SBX\nCloudPanel 2 Pre-auth RCE\u00a0 TBD\nWindows Medium to SYSTEM LPE\nvBulletin Pre-auth RCE\nWindows Medium to SYSTEM Logic LPE\nWindows Medium to SYSTEM Race Condition LPE\nTor Relay Node Impersonation\u00a0 TBD\nIceWarp Mail Server Pre-auth RCE\u00a0 TBD\nLinux 6.1.0, 6.8.0 LPE\u00a0 TBD\nFortinet FortiSIEM RCE\u00a0 TBD\nFortinet FortiWeb Authentication Bypass\u00a0 TBD\nWindows 10/11/2016/2019/2022 Logic LPE\u00a0 \nOracle Agile PLM Pre-auth RCE\nBusyBox Pre-auth RCE\u00a0 \nLinux LPE 0day (up to 6.1.81)\u00a0 \n\nChrome RCE 1day (Feb 6, 2024)\u00a0 \nFirefox Chain 1day (up to 126)\u00a0 \nSamsung S22/23 1day LPE (CVE-2023-33106)\u00a0 \nAndroid Linux Kernel 5.10-5.15 LPE \nOutlook RCE\u00a0 \nChrome Android/Windows RCE\u00a0 \nChrome Android RCE\u00a0 \niOS 1day Full Chain \nTor Browser/Firefox RCE+SBX\u00a0 \nWindows Low to Medium LPE\u00a0 \nFortinet FortiManager Pre-auth 1day RCE", "creation_timestamp": "2025-08-14T11:19:49.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/db55965f-6bc5-47fb-955c-2a93c82e51ef/export"/>
    <published>2025-08-14T11:19:49+00:00</published>
  </entry>
</feed>
