<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-16T17:51:33.400700+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/56e29c63-ea45-4ab4-b144-e9b3ff70797a/export</id>
    <title>56e29c63-ea45-4ab4-b144-e9b3ff70797a</title>
    <updated>2026-07-16T17:51:33.417334+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "56e29c63-ea45-4ab4-b144-e9b3ff70797a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mqrnqiprdk2h", "content": "SonicWall urges immediate patching for two actively exploited zero-days (CVE-2026-15409, CVE-2026-15410) in SMA 1000 series appliances. Flaws are chained for unauthenticated RCE. Both added to CISA KEV. #ZeroDay #SonicWall #InfoSec\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-07-16T16:28:10.229576Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/56e29c63-ea45-4ab4-b144-e9b3ff70797a/export"/>
    <published>2026-07-16T16:28:10.229576+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9230e322-e460-4270-8c43-575d29755d33/export</id>
    <title>9230e322-e460-4270-8c43-575d29755d33</title>
    <updated>2026-07-16T17:51:33.420228+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9230e322-e460-4270-8c43-575d29755d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116930592973185421", "content": "\ud83d\udcf0 SonicWall Warns of Two Zero-Days in SMA 1000 Under Active Exploit\nSonicWall urges immediate patching for two actively exploited zero-days (CVE-2026-15409, CVE-2026-15410) in SMA 1000 series appliances. Flaws are chained for unauthenticated RCE. Both added to CISA KEV. #ZeroDay #SonicWall #InfoSec\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/sonicwall-sma-1000-zero-day-vulnerabilities-actively-exploited/?utm_source=mastodon&amp;amp;utm_medium=social&amp;amp;utm_campaign=daily", "creation_timestamp": "2026-07-16T16:27:34.266515Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9230e322-e460-4270-8c43-575d29755d33/export"/>
    <published>2026-07-16T16:27:34.266515+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7ee96456-eb24-44ba-9949-d02e19f7653a/export</id>
    <title>7ee96456-eb24-44ba-9949-d02e19f7653a</title>
    <updated>2026-07-16T17:51:33.420572+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7ee96456-eb24-44ba-9949-d02e19f7653a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/poetry365.bsky.social/post/3mqrkxva4bq26", "content": "The SonicWall SMA 1000 series, crucial for secure remote access, has been compromised by two severe zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410.", "creation_timestamp": "2026-07-16T15:38:36.780039Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7ee96456-eb24-44ba-9949-d02e19f7653a/export"/>
    <published>2026-07-16T15:38:36.780039+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c6b98bd9-9ddc-488a-8041-e502b50382de/export</id>
    <title>c6b98bd9-9ddc-488a-8041-e502b50382de</title>
    <updated>2026-07-16T17:51:33.420758+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c6b98bd9-9ddc-488a-8041-e502b50382de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mqrjhj35vj2b", "content": "Every internet-facing SonicWall SMA 1000 appliance is a live target: attackers have chained two zero-days (CVE-2026-15409, CVSS 10.0) since late June, Rapid7 reports. They stole credentials, session data and TOTP MFA seeds, so patching alone does not lock them out. CISA deadline: July 17.", "creation_timestamp": "2026-07-16T15:11:33.726667Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c6b98bd9-9ddc-488a-8041-e502b50382de/export"/>
    <published>2026-07-16T15:11:33.726667+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/957a9fe2-0aca-4f9d-b5b6-e1f1fa4628f4/export</id>
    <title>957a9fe2-0aca-4f9d-b5b6-e1f1fa4628f4</title>
    <updated>2026-07-16T17:51:33.420868+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "957a9fe2-0aca-4f9d-b5b6-e1f1fa4628f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116930262503099367", "content": "Threat actors are actively exploiting SonicWall SMA1000 appliances through a critical SSRF vulnerability (CVE-2026-15409) and a local privilege escalation flaw (CVE-2026-15410) to gain root access and compromise corporate networks. Organizations must urgently patch their systems to the latest firmware versions to mitigate this zero-day threat.https://cybersecuritynews.com/sonicwall-sma1000-0-day-vulnerability-2/", "creation_timestamp": "2026-07-16T15:03:31.141271Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/957a9fe2-0aca-4f9d-b5b6-e1f1fa4628f4/export"/>
    <published>2026-07-16T15:03:31.141271+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e94c38c5-6114-44a9-8e23-f1671e879c01/export</id>
    <title>e94c38c5-6114-44a9-8e23-f1671e879c01</title>
    <updated>2026-07-16T17:51:33.420968+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e94c38c5-6114-44a9-8e23-f1671e879c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mqrea6d42j2s", "content": "SonicWall\u306e\u6df1\u523b\u306aSSRF\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u3001\u5185\u90e8\u30b5\u30fc\u30d3\u30b9\u3078\u306eWebSocket\u30c8\u30f3\u30cd\u30eb\u3092\u958b\u653e\n\nSonicWall\u306f2026\u5e747\u670814\u65e5\u3001\u540c\u793e\u306eSMA1000\u30b7\u30ea\u30fc\u30ba \u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3059\u3001\u5b9f\u969b\u306b\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b2\u4ef6\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002 \u5bfe\u8c61\u3068\u306a\u308b\u306e\u306f\u3001\u6700\u9ad8\u6df1\u523b\u5ea6\u306e\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea(SSRF)\u8106\u5f31\u6027(CVE-2026-15409...", "creation_timestamp": "2026-07-16T13:37:58.140363Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e94c38c5-6114-44a9-8e23-f1671e879c01/export"/>
    <published>2026-07-16T13:37:58.140363+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/176f00e3-6133-4d89-8fd0-cc815e7cd2a9/export</id>
    <title>176f00e3-6133-4d89-8fd0-cc815e7cd2a9</title>
    <updated>2026-07-16T17:51:33.421067+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "176f00e3-6133-4d89-8fd0-cc815e7cd2a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mqrccyxx2427", "content": "SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities (CVE-2026-15409, CVE-2026-15410) #patchmanagement", "creation_timestamp": "2026-07-16T13:03:45.829988Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/176f00e3-6133-4d89-8fd0-cc815e7cd2a9/export"/>
    <published>2026-07-16T13:03:45.829988+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bca62bfa-b42f-4d31-bbc4-d4372af41f73/export</id>
    <title>bca62bfa-b42f-4d31-bbc4-d4372af41f73</title>
    <updated>2026-07-16T17:51:33.421157+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bca62bfa-b42f-4d31-bbc4-d4372af41f73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mqrbl5b7lr2i", "content": "SonicWall SMA1000 vulnerability CVE-2026-15409 (CVSS 10.0) is exploited in the wild. Public PoC enables remote code execution patch now.\n\n#SonicWall #SMA1000 #CVE202615409 #RCE #ZeroDay #CyberSecurity", "creation_timestamp": "2026-07-16T12:50:25.654245Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bca62bfa-b42f-4d31-bbc4-d4372af41f73/export"/>
    <published>2026-07-16T12:50:25.654245+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/87bdcefa-4d15-4a40-ba48-25b10cbccdff/export</id>
    <title>87bdcefa-4d15-4a40-ba48-25b10cbccdff</title>
    <updated>2026-07-16T17:51:33.421259+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "87bdcefa-4d15-4a40-ba48-25b10cbccdff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "MISP/84bf4892-91f2-4e0b-a9cb-9131b3dcc07c", "content": "", "creation_timestamp": "2026-07-16T12:15:13.478992Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/87bdcefa-4d15-4a40-ba48-25b10cbccdff/export"/>
    <published>2026-07-16T12:15:13.478992+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6dedbf84-67f4-444e-9970-999cf08f72a5/export</id>
    <title>6dedbf84-67f4-444e-9970-999cf08f72a5</title>
    <updated>2026-07-16T17:51:33.421357+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6dedbf84-67f4-444e-9970-999cf08f72a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://t.me/GithubRedTeam/93569", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15409\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xBlackash\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 16:59:34\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-15409\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:05.657957Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6dedbf84-67f4-444e-9970-999cf08f72a5/export"/>
    <published>2026-07-16T12:00:05.657957+00:00</published>
  </entry>
</feed>
