<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T17:06:13.345082+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/44b7dc50-b292-4e25-bf33-8a2089087527/export</id>
    <title>44b7dc50-b292-4e25-bf33-8a2089087527</title>
    <updated>2026-07-09T17:06:13.359387+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "44b7dc50-b292-4e25-bf33-8a2089087527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "seen", "source": "https://t.me/brutsecurity/2340", "content": "CVE-2025-54236: Improper Input Validation in Magento (Adobe Commerce), 9.1 rating \ud83d\udd25\n\nA critical vulnerability disclosed in a recent advisory allows attackers to perform RCE. Exploitation attempts have already been recorded!\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/Edck5\n\ud83d\udc49 Dork: tag.name:\"magento\" AND http.headers.server:\"Apache\"\n\nVendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-88.html", "creation_timestamp": "2026-07-09T03:00:06.250333Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/44b7dc50-b292-4e25-bf33-8a2089087527/export"/>
    <published>2026-07-09T03:00:06.250333+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/53746b1f-8d55-4141-b69b-a853813a6408/export</id>
    <title>53746b1f-8d55-4141-b69b-a853813a6408</title>
    <updated>2026-07-09T17:06:13.361846+00:00</updated>
    <author>
      <name>Cédric Bonhomme</name>
      <uri>https://cvepremium.circl.lu/user/cedric</uri>
    </author>
    <content>{"uuid": "53746b1f-8d55-4141-b69b-a853813a6408", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2025-54236", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ae149647-44f6-408b-9508-a0b53e79a809", "content": "", "creation_timestamp": "2026-06-30T09:23:53.664036Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/53746b1f-8d55-4141-b69b-a853813a6408/export"/>
    <published>2026-06-30T09:23:53.664036+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cc325ce1-c233-47e2-a9c6-01aced0e70b5/export</id>
    <title>cc325ce1-c233-47e2-a9c6-01aced0e70b5</title>
    <updated>2026-07-09T17:06:13.362924+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cc325ce1-c233-47e2-a9c6-01aced0e70b5", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/529db509-c992-45cb-9674-cf0ea04079f4", "content": "", "creation_timestamp": "2026-06-23T14:03:48.572839Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cc325ce1-c233-47e2-a9c6-01aced0e70b5/export"/>
    <published>2026-06-23T14:03:48.572839+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/324db1a8-5fe0-4f33-bdc3-a9f325f1b50f/export</id>
    <title>324db1a8-5fe0-4f33-bdc3-a9f325f1b50f</title>
    <updated>2026-07-09T17:06:13.363051+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "324db1a8-5fe0-4f33-bdc3-a9f325f1b50f", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7e217d80-c444-43cf-a298-ce880d13b485", "content": "", "creation_timestamp": "2026-06-19T12:45:23.154464Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/324db1a8-5fe0-4f33-bdc3-a9f325f1b50f/export"/>
    <published>2026-06-19T12:45:23.154464+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/47105baa-19bd-4344-bfbf-b2f6a0c35849/export</id>
    <title>47105baa-19bd-4344-bfbf-b2f6a0c35849</title>
    <updated>2026-07-09T17:06:13.363153+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "47105baa-19bd-4344-bfbf-b2f6a0c35849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "published-proof-of-concept", "source": "https://t.me/captainsmok3r_official/349", "content": "many people ask me:\nWhat is this vulnerability where attackers upload .txt files (like cox.txt) to websites with these paths? like:\nhttps://www.elgrantlapalero.com/media/customer_address/c/o/cox.txt\nhttps://tulip.store.oysterskin.ai/media/customer_address/a/z/azraelzeroday.txt\nhttps://zone-h.org/mirror/id/42506300\nAnswer: \nThese are two popular unauthenticated file upload vulnerabilities in Magento 2 / Adobe Commerce.\n1. SessionReaper (CVE-2025-54236)  Uses the path: /media/customer_address/c/o/cox.txt Comes from the customer address file upload feature (/customer/address_file/upload).\n2. PolyShell (newer vulnerability)  \nUses the path: /media/custom_options/quote/.../*.txt Exploited through the REST API when adding items to the cart with custom file options.\npoc:\nhttps://github.com/Baba01hacker666/cve-2025-54236", "creation_timestamp": "2026-06-04T14:09:50.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/47105baa-19bd-4344-bfbf-b2f6a0c35849/export"/>
    <published>2026-06-04T14:09:50+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2cb6cfa4-1000-4f67-ac1a-f2ce1af85faa/export</id>
    <title>2cb6cfa4-1000-4f67-ac1a-f2ce1af85faa</title>
    <updated>2026-07-09T17:06:13.363260+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2cb6cfa4-1000-4f67-ac1a-f2ce1af85faa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "seen", "source": "Telegram/Ob2oA_mupoVDMqE6Q_QCizAK8aYtg6z11DPx_SkAfocJmb0", "content": "", "creation_timestamp": "2026-05-24T21:00:04.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2cb6cfa4-1000-4f67-ac1a-f2ce1af85faa/export"/>
    <published>2026-05-24T21:00:04+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/920c4010-02a6-4db4-ae9f-7f4b1644a008/export</id>
    <title>920c4010-02a6-4db4-ae9f-7f4b1644a008</title>
    <updated>2026-07-09T17:06:13.363354+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "920c4010-02a6-4db4-ae9f-7f4b1644a008", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-54236", "type": "seen", "source": "https://bsky.app/profile/konvis.bsky.social/post/3mmetej5rtafs", "content": "Session Reaper Bug \u2013 kritischer Bug in Magento Onlineshop (CVE-2025-54236)\n\nEben kam die Info bei uns an, dass es leider wieder einen kritischen Magento Sicherheitsbug gibt. Es...\n\nhttps://www.konvis.de/neuigkeiten/magento/sessionreaper-bug-kritischer-bug-in-magento-onlineshop-cve-2025-54236/", "creation_timestamp": "2026-05-21T16:23:27.678312Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/920c4010-02a6-4db4-ae9f-7f4b1644a008/export"/>
    <published>2026-05-21T16:23:27.678312+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/205f6560-cf11-4af9-9f15-e696dd2208d3/export</id>
    <title>205f6560-cf11-4af9-9f15-e696dd2208d3</title>
    <updated>2026-07-09T17:06:13.363455+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "205f6560-cf11-4af9-9f15-e696dd2208d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "seen", "source": "Telegram/6_gD9pQtVCg_eRlU_-Eqvw6JM83wq5C4Rc0rf2uF-yzttPU", "content": "", "creation_timestamp": "2026-05-13T09:00:04.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/205f6560-cf11-4af9-9f15-e696dd2208d3/export"/>
    <published>2026-05-13T09:00:04+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a17dabec-a4a7-4283-9898-879d667f0115/export</id>
    <title>a17dabec-a4a7-4283-9898-879d667f0115</title>
    <updated>2026-07-09T17:06:13.363548+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a17dabec-a4a7-4283-9898-879d667f0115", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mj3eardusz2w", "content": "", "creation_timestamp": "2026-04-09T17:43:22.449569Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a17dabec-a4a7-4283-9898-879d667f0115/export"/>
    <published>2026-04-09T17:43:22.449569+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2b26654c-923c-435f-8300-045191803031/export</id>
    <title>2b26654c-923c-435f-8300-045191803031</title>
    <updated>2026-07-09T17:06:13.363645+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2b26654c-923c-435f-8300-045191803031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-54236", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-26)", "content": "", "creation_timestamp": "2026-03-26T00:00:00.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2b26654c-923c-435f-8300-045191803031/export"/>
    <published>2026-03-26T00:00:00+00:00</published>
  </entry>
</feed>
