<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T23:42:42.064074+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/07e98df3-6d8c-4b8e-97f8-6eec7086c666/export</id>
    <title>07e98df3-6d8c-4b8e-97f8-6eec7086c666</title>
    <updated>2026-07-17T23:42:42.100117+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "07e98df3-6d8c-4b8e-97f8-6eec7086c666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "Telegram/FdcDblJgpr4Bk1hzBo52CEMZWjwW5t7MZ6W5ZLgqcoUP2nQ", "content": "", "creation_timestamp": "2026-07-17T00:00:48.743285Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/07e98df3-6d8c-4b8e-97f8-6eec7086c666/export"/>
    <published>2026-07-17T00:00:48.743285+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d5b6785c-1b27-4a74-badb-98434b6a0c96/export</id>
    <title>d5b6785c-1b27-4a74-badb-98434b6a0c96</title>
    <updated>2026-07-17T23:42:42.102389+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d5b6785c-1b27-4a74-badb-98434b6a0c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "published-proof-of-concept", "source": "Telegram/eLMxAxOv6CPS5Cv23ai3j3OmcVBUkQSKzJA_dC_EZ3dC-w", "content": "", "creation_timestamp": "2026-07-17T00:00:10.754099Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d5b6785c-1b27-4a74-badb-98434b6a0c96/export"/>
    <published>2026-07-17T00:00:10.754099+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ac5cce1f-4186-4517-9421-359cb2633020/export</id>
    <title>ac5cce1f-4186-4517-9421-359cb2633020</title>
    <updated>2026-07-17T23:42:42.102546+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ac5cce1f-4186-4517-9421-359cb2633020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "Telegram/eLMxAxOv6CPS5Cv23ai3j3OmcVBUkQSKzJA_dC_EZ3dC-w", "content": "", "creation_timestamp": "2026-07-16T21:00:03.590199Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ac5cce1f-4186-4517-9421-359cb2633020/export"/>
    <published>2026-07-16T21:00:03.590199+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b7e03c41-c6fb-4971-b904-9c2e6a0758e4/export</id>
    <title>b7e03c41-c6fb-4971-b904-9c2e6a0758e4</title>
    <updated>2026-07-17T23:42:42.102670+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b7e03c41-c6fb-4971-b904-9c2e6a0758e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "Telegram/FdcDblJgpr4Bk1hzBo52CEMZWjwW5t7MZ6W5ZLgqcoUP2nQ", "content": "", "creation_timestamp": "2026-07-16T19:00:31.831229Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b7e03c41-c6fb-4971-b904-9c2e6a0758e4/export"/>
    <published>2026-07-16T19:00:31.831229+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1c5740e4-d791-4c3d-8e27-743501d21682/export</id>
    <title>1c5740e4-d791-4c3d-8e27-743501d21682</title>
    <updated>2026-07-17T23:42:42.102780+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1c5740e4-d791-4c3d-8e27-743501d21682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "exploited", "source": "https://t.me/thehackernews/9343", "content": "CISA just added a Cisco Unified CM flaw to its exploited bugs list.\n\nDefused Cyber says CVE-2026-20230 is being exploited from a single source using an unvetted PoC.\n\nThe bug can allow unauthenticated SSRF and file writes when WebDialer is enabled.\n\nThe technical trail is here: https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html", "creation_timestamp": "2026-07-16T00:00:10.767329Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1c5740e4-d791-4c3d-8e27-743501d21682/export"/>
    <published>2026-07-16T00:00:10.767329+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/17cc93dc-57e0-4743-a6d9-32615bf528d4/export</id>
    <title>17cc93dc-57e0-4743-a6d9-32615bf528d4</title>
    <updated>2026-07-17T23:42:42.102899+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "17cc93dc-57e0-4743-a6d9-32615bf528d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "exploited", "source": "https://t.me/thehackernews/9314", "content": "\ud83d\uded1 Cisco Unified CM admins should check WebDialer now.\n\nCVE-2026-20230 is being exploited, and vulnerable WebDialer-enabled systems can be abused by unauthenticated attackers to write files.\n\nCisco patched it in 14SU6 and 15SU5.\n\nRead: https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html", "creation_timestamp": "2026-07-16T00:00:10.568915Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/17cc93dc-57e0-4743-a6d9-32615bf528d4/export"/>
    <published>2026-07-16T00:00:10.568915+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/960b7d94-9266-44ba-a368-7d79f1b6ce6d/export</id>
    <title>960b7d94-9266-44ba-a368-7d79f1b6ce6d</title>
    <updated>2026-07-17T23:42:42.103015+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "960b7d94-9266-44ba-a368-7d79f1b6ce6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9156", "content": "\ud83d\udea8 No auth required ... a crafted web request to Cisco Unified CM can write files to the OS and open a path to root.\n\nCVE-2026-20230 patch is out, PoC exploit is public, and no attacks yet. Only bites if WebDialer is ON.\n\nFix: 14SU6 / COP / 15SU5, or kill WebDialer. \n\nRead: https://thehackernews.com/2026/06/cisco-patches-cve-2026-20230-in-unified.html", "creation_timestamp": "2026-07-16T00:00:09.138135Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/960b7d94-9266-44ba-a368-7d79f1b6ce6d/export"/>
    <published>2026-07-16T00:00:09.138135+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9e3fa9fe-9e4f-4c63-8891-89ddeec9d548/export</id>
    <title>9e3fa9fe-9e4f-4c63-8891-89ddeec9d548</title>
    <updated>2026-07-17T23:42:42.103129+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9e3fa9fe-9e4f-4c63-8891-89ddeec9d548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "exploited", "source": "https://t.me/information_security_channel/55466", "content": "Hackers Exploiting Cisco Unified CM Vulnerability\nhttps://www.securityweek.com/hackers-exploiting-cisco-unified-cm-vulnerability/\n\nCisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June.\nThe post Hackers Exploiting Cisco Unified CM Vulnerability (https://www.securityweek.com/hackers-exploiting-cisco-unified-cm-vulnerability/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2026-07-16T00:00:08.130628Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9e3fa9fe-9e4f-4c63-8891-89ddeec9d548/export"/>
    <published>2026-07-16T00:00:08.130628+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1ce49cd3-b3a7-40ec-9c62-b5733eca7fe9/export</id>
    <title>1ce49cd3-b3a7-40ec-9c62-b5733eca7fe9</title>
    <updated>2026-07-17T23:42:42.103239+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1ce49cd3-b3a7-40ec-9c62-b5733eca7fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://t.me/information_security_channel/55466", "content": "Hackers Exploiting Cisco Unified CM Vulnerability\nhttps://www.securityweek.com/hackers-exploiting-cisco-unified-cm-vulnerability/\n\nCisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June.\nThe post Hackers Exploiting Cisco Unified CM Vulnerability (https://www.securityweek.com/hackers-exploiting-cisco-unified-cm-vulnerability/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2026-07-15T12:00:06.565997Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1ce49cd3-b3a7-40ec-9c62-b5733eca7fe9/export"/>
    <published>2026-07-15T12:00:06.565997+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/74c0fb18-eed5-462a-9fbd-10470c3b5d57/export</id>
    <title>74c0fb18-eed5-462a-9fbd-10470c3b5d57</title>
    <updated>2026-07-17T23:42:42.103347+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "74c0fb18-eed5-462a-9fbd-10470c3b5d57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://t.me/thehackernews/9156", "content": "\ud83d\udea8 No auth required ... a crafted web request to Cisco Unified CM can write files to the OS and open a path to root.\n\nCVE-2026-20230 patch is out, PoC exploit is public, and no attacks yet. Only bites if WebDialer is ON.\n\nFix: 14SU6 / COP / 15SU5, or kill WebDialer. \n\nRead: https://thehackernews.com/2026/06/cisco-patches-cve-2026-20230-in-unified.html", "creation_timestamp": "2026-07-15T12:00:05.458153Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/74c0fb18-eed5-462a-9fbd-10470c3b5d57/export"/>
    <published>2026-07-15T12:00:05.458153+00:00</published>
  </entry>
</feed>
