<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T04:16:09.620227+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/26a76cbc-705d-4ca7-8e1a-32cd153477a3/export</id>
    <title>26a76cbc-705d-4ca7-8e1a-32cd153477a3</title>
    <updated>2026-07-17T04:16:09.638978+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "26a76cbc-705d-4ca7-8e1a-32cd153477a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "seen", "source": "https://threatintel.cc/2026/07/16/hackers-actively-exploiting-sonicwall-sma.html", "content": "Hackers Actively Exploiting SonicWall SMA1000 0-Day Vulnerability in the Wild\n\nThreat actors are actively exploiting SonicWall SMA1000 appliances through a critical SSRF vulnerability (CVE-2026-15409) and a local privilege escalation flaw (CVE-2026-15410) to gain root access and compromise corporate networks. Organizations must urgently patch their systems to the latest firmware versions to mitigate this zero-day threat.", "creation_timestamp": "2026-07-17T01:00:40.462976Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/26a76cbc-705d-4ca7-8e1a-32cd153477a3/export"/>
    <published>2026-07-17T01:00:40.462976+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/dd49bacd-77cb-460b-9c52-e8c64fef377d/export</id>
    <title>dd49bacd-77cb-460b-9c52-e8c64fef377d</title>
    <updated>2026-07-17T04:16:09.641658+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "dd49bacd-77cb-460b-9c52-e8c64fef377d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "seen", "source": "MISP/84bf4892-91f2-4e0b-a9cb-9131b3dcc07c", "content": "", "creation_timestamp": "2026-07-17T00:15:02.092242Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/dd49bacd-77cb-460b-9c52-e8c64fef377d/export"/>
    <published>2026-07-17T00:15:02.092242+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c07f04da-0a54-4f02-a5b8-3d6651f9f064/export</id>
    <title>c07f04da-0a54-4f02-a5b8-3d6651f9f064</title>
    <updated>2026-07-17T04:16:09.641806+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c07f04da-0a54-4f02-a5b8-3d6651f9f064", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93482", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15410\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a HORKimhab\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 06:10:17\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-15410 - More: https://github.com/HORKimhab/poc-cve-collection\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T00:00:53.618366Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c07f04da-0a54-4f02-a5b8-3d6651f9f064/export"/>
    <published>2026-07-17T00:00:53.618366+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a0ebc421-531b-48c8-8490-8c9f81c7378a/export</id>
    <title>a0ebc421-531b-48c8-8490-8c9f81c7378a</title>
    <updated>2026-07-17T04:16:09.641923+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a0ebc421-531b-48c8-8490-8c9f81c7378a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "published-proof-of-concept", "source": "Telegram/gEg0EOaWFFZnEfHhBHmpZpiTrHvldsjFXSF402VZoO1TzNg", "content": "", "creation_timestamp": "2026-07-17T00:00:11.339945Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a0ebc421-531b-48c8-8490-8c9f81c7378a/export"/>
    <published>2026-07-17T00:00:11.339945+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6733280c-48b5-4cdc-ae56-184254a7ea20/export</id>
    <title>6733280c-48b5-4cdc-ae56-184254a7ea20</title>
    <updated>2026-07-17T04:16:09.642023+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6733280c-48b5-4cdc-ae56-184254a7ea20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "published-proof-of-concept", "source": "Telegram/K7c5CNbbPswTRSTuPJgh_t71PDUsbT0WBZTkPH1O8-oYBF8", "content": "", "creation_timestamp": "2026-07-17T00:00:10.619626Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6733280c-48b5-4cdc-ae56-184254a7ea20/export"/>
    <published>2026-07-17T00:00:10.619626+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cb400129-94f0-41ac-9f65-68a646ac55a3/export</id>
    <title>cb400129-94f0-41ac-9f65-68a646ac55a3</title>
    <updated>2026-07-17T04:16:09.642121+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cb400129-94f0-41ac-9f65-68a646ac55a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "seen", "source": "https://bsky.app/profile/kotosecurity.bsky.social/post/3mqs54435sm2k", "content": "\ud83d\udea8 SonicWall SMA 1000: 2 zero-days actively exploited \u2014 CVE-2026-15409 (CVSS 10.0 SSRF) &amp;amp; CVE-2026-15410 (CVSS 7.2 code injection \u2192 admin cmd exec). Patch to 12.4.3-03453+/12.5.0-02835+.\n\n\ud83d\udd17 https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html", "creation_timestamp": "2026-07-16T21:03:05.613146Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cb400129-94f0-41ac-9f65-68a646ac55a3/export"/>
    <published>2026-07-16T21:03:05.613146+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4d65ba48-9936-46c9-9ade-5b3a6eb64723/export</id>
    <title>4d65ba48-9936-46c9-9ade-5b3a6eb64723</title>
    <updated>2026-07-17T04:16:09.642221+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4d65ba48-9936-46c9-9ade-5b3a6eb64723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "seen", "source": "https://threatintel.cc/2026/07/16/hackers-actively-exploiting-sonicwall-sma.html", "content": "Hackers Actively Exploiting SonicWall SMA1000 0-Day Vulnerability in the Wild\n\nThreat actors are actively exploiting SonicWall SMA1000 appliances through a critical SSRF vulnerability (CVE-2026-15409) and a local privilege escalation flaw (CVE-2026-15410) to gain root access and compromise corporate networks. Organizations must urgently patch their systems to the latest firmware versions to mitigate this zero-day threat.", "creation_timestamp": "2026-07-16T19:00:40.498712Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4d65ba48-9936-46c9-9ade-5b3a6eb64723/export"/>
    <published>2026-07-16T19:00:40.498712+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a478050d-0161-46aa-bfb0-8e03b27b258b/export</id>
    <title>a478050d-0161-46aa-bfb0-8e03b27b258b</title>
    <updated>2026-07-17T04:16:09.642322+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a478050d-0161-46aa-bfb0-8e03b27b258b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "seen", "source": "Telegram/K7c5CNbbPswTRSTuPJgh_t71PDUsbT0WBZTkPH1O8-oYBF8", "content": "", "creation_timestamp": "2026-07-16T19:00:07.057098Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a478050d-0161-46aa-bfb0-8e03b27b258b/export"/>
    <published>2026-07-16T19:00:07.057098+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/13d408e4-f53b-4130-8b5e-914c93a67d09/export</id>
    <title>13d408e4-f53b-4130-8b5e-914c93a67d09</title>
    <updated>2026-07-17T04:16:09.642432+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "13d408e4-f53b-4130-8b5e-914c93a67d09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "seen", "source": "Telegram/gEg0EOaWFFZnEfHhBHmpZpiTrHvldsjFXSF402VZoO1TzNg", "content": "", "creation_timestamp": "2026-07-16T19:00:06.535326Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/13d408e4-f53b-4130-8b5e-914c93a67d09/export"/>
    <published>2026-07-16T19:00:06.535326+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c6c75f7a-6db1-4a50-8b92-be7dceae595d/export</id>
    <title>c6c75f7a-6db1-4a50-8b92-be7dceae595d</title>
    <updated>2026-07-17T04:16:09.642525+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c6c75f7a-6db1-4a50-8b92-be7dceae595d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15410", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mqrnqiprdk2h", "content": "SonicWall urges immediate patching for two actively exploited zero-days (CVE-2026-15409, CVE-2026-15410) in SMA 1000 series appliances. Flaws are chained for unauthenticated RCE. Both added to CISA KEV. #ZeroDay #SonicWall #InfoSec\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-07-16T16:28:10.266974Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c6c75f7a-6db1-4a50-8b92-be7dceae595d/export"/>
    <published>2026-07-16T16:28:10.266974+00:00</published>
  </entry>
</feed>
