<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-14T06:43:20.509269+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9fdce2cf-0685-4069-8d2a-7573bfbf4b97/export</id>
    <title>9fdce2cf-0685-4069-8d2a-7573bfbf4b97</title>
    <updated>2026-07-14T06:43:20.533878+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9fdce2cf-0685-4069-8d2a-7573bfbf4b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24294", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mpixq7m7rf2t", "content": "\ufffd Windows NTLM Reflection Bypass Exposes SYSTEM-Level Control on Fully Patched Systems (CVE-2025-33073 \u2192 CVE-2026-24294) +\u00a0Video\n\n\ud83e\udde0 Introduction: When \u201cFully Patched\u201d Still Means Fully Exposed A system that claims to be secure after updates should inspire confidence, not concern. Yet the discovery\u2026", "creation_timestamp": "2026-06-30T12:07:52.874869Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9fdce2cf-0685-4069-8d2a-7573bfbf4b97/export"/>
    <published>2026-06-30T12:07:52.874869+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/55277823-b9c3-4159-8f11-1f5105ea5600/export</id>
    <title>55277823-b9c3-4159-8f11-1f5105ea5600</title>
    <updated>2026-07-14T06:43:20.537497+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "55277823-b9c3-4159-8f11-1f5105ea5600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24294", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mphsjry5qw2u", "content": "NTLM\u30ea\u30d5\u30ec\u30af\u30b7\u30e7\u30f3\u30d0\u30a4\u30d1\u30b9CVE-2026-24294\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308bPoC\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u516c\u958b\u3055\u308c\u308b \n\nNTLM Reflection Bypass CVE-2026-24294 Gets Public PoC Exploit  #DailyCyberSecurity (Jun 29)\n\nsecurityonline.info/ntlm-reflect...", "creation_timestamp": "2026-06-30T01:02:04.156931Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/55277823-b9c3-4159-8f11-1f5105ea5600/export"/>
    <published>2026-06-30T01:02:04.156931+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b1140e61-bf3e-47fc-a719-832336412fde/export</id>
    <title>b1140e61-bf3e-47fc-a719-832336412fde</title>
    <updated>2026-07-14T06:43:20.537647+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b1140e61-bf3e-47fc-a719-832336412fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24294", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpg4kkkmog23", "content": "Researcher publicly disclosed an NTLM reflection bypass, CVE-2026-24294, with PoC exploit code. It gives SYSTEM on Windows Server 2025. Patch now.\n\n#NTLM #NTLMReflection #CVE202624294 #Windows #PrivEsc #Cybersecurity #Infosec", "creation_timestamp": "2026-06-29T08:56:08.774693Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b1140e61-bf3e-47fc-a719-832336412fde/export"/>
    <published>2026-06-29T08:56:08.774693+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/81cd9175-b7c7-48d9-845a-5ac991c97690/export</id>
    <title>81cd9175-b7c7-48d9-845a-5ac991c97690</title>
    <updated>2026-07-14T06:43:20.537756+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "81cd9175-b7c7-48d9-845a-5ac991c97690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24291", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mma33thltp25", "content": "Micropatches released for Windows Accessibility Infrastructure Elevation of Privilege Vulnerability (CVE-2026-24291, CVE-2026-25186, CVE-2026-25187)", "creation_timestamp": "2026-05-19T18:58:29.146853Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/81cd9175-b7c7-48d9-845a-5ac991c97690/export"/>
    <published>2026-05-19T18:58:29.146853+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/44e2b14e-9858-4392-9122-56abd92c8fc8/export</id>
    <title>44e2b14e-9858-4392-9122-56abd92c8fc8</title>
    <updated>2026-07-14T06:43:20.537873+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "44e2b14e-9858-4392-9122-56abd92c8fc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24291", "type": "seen", "source": "https://infosec.exchange/users/0patch/statuses/116601532783321868", "content": "Micropatches released  for Windows Accessibility Infrastructure Elevation of Privilege  Vulnerability (CVE-2026-24291, CVE-2026-25186, CVE-2026-25187) https://blog.0patch.com/2026/05/micropatches-released-for-windows.html", "creation_timestamp": "2026-05-19T13:43:15.281244Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/44e2b14e-9858-4392-9122-56abd92c8fc8/export"/>
    <published>2026-05-19T13:43:15.281244+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6babbed5-3900-4140-a7a5-5d847ffbecc4/export</id>
    <title>6babbed5-3900-4140-a7a5-5d847ffbecc4</title>
    <updated>2026-07-14T06:43:20.537970+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6babbed5-3900-4140-a7a5-5d847ffbecc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24299", "type": "seen", "source": "https://bsky.app/profile/warthogtk.bsky.social/post/3ml4zuqd7f22t", "content": "Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) \u00b7  Embrace The Red embracethered.com/blog/posts/2...", "creation_timestamp": "2026-05-05T20:33:24.740866Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6babbed5-3900-4140-a7a5-5d847ffbecc4/export"/>
    <published>2026-05-05T20:33:24.740866+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6e5d0977-6a7b-4022-b269-a027023ae555/export</id>
    <title>6e5d0977-6a7b-4022-b269-a027023ae555</title>
    <updated>2026-07-14T06:43:20.538067+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6e5d0977-6a7b-4022-b269-a027023ae555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24299", "type": "seen", "source": "https://bsky.app/profile/glitterbean.wehavecookies.social.ap.brid.gy/post/3mkzxscfe5bu2", "content": "Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) https://embracethered.com/blog/posts/2026/defcon-talk-copirate-365/", "creation_timestamp": "2026-05-04T15:21:52.678481Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6e5d0977-6a7b-4022-b269-a027023ae555/export"/>
    <published>2026-05-04T15:21:52.678481+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/845f17d6-8431-484f-ae1f-d4358535d16d/export</id>
    <title>845f17d6-8431-484f-ae1f-d4358535d16d</title>
    <updated>2026-07-14T06:43:20.538168+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "845f17d6-8431-484f-ae1f-d4358535d16d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24299", "type": "seen", "source": "Telegram/17cmREU9ZDSDvyz78F9oo9Lr_unjD9vL2ztNU0fhrgd68AR1", "content": "", "creation_timestamp": "2026-05-04T13:15:05.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/845f17d6-8431-484f-ae1f-d4358535d16d/export"/>
    <published>2026-05-04T13:15:05+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ca702bc5-55e5-43b5-b644-3ced397f3640/export</id>
    <title>ca702bc5-55e5-43b5-b644-3ced397f3640</title>
    <updated>2026-07-14T06:43:20.538279+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ca702bc5-55e5-43b5-b644-3ced397f3640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24294", "type": "seen", "source": "Telegram/GBpYOLFByJUZNo27RsDzztksilkUG3XAg7CrsrR5OqI_xQ", "content": "", "creation_timestamp": "2026-05-02T13:21:19.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ca702bc5-55e5-43b5-b644-3ced397f3640/export"/>
    <published>2026-05-02T13:21:19+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c31c1c7a-6598-4f24-993a-193a82eeeb99/export</id>
    <title>c31c1c7a-6598-4f24-993a-193a82eeeb99</title>
    <updated>2026-07-14T06:43:20.538374+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c31c1c7a-6598-4f24-993a-193a82eeeb99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24294", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/343", "content": "BYPASSING WINDOWS AUTHENTICATION REFLECTION MITIGATIONS FOR SYSTEM SHELLS - PART \u2461\n\nA new arbitrary Kerberos coercion technique (CVE-2026-26128) that led to a complete bypass of the patch of CVE-2025-33073. This short-lived RCE was then transformed into a universal LPE attack.\n\nBYPASSING WINDOWS AUTHENTICATION REFLECTION MITIGATIONS FOR SYSTEM SHELLS - PART 1\n\nAbuse of a new feature of recent Windows versions, namely the ability to connect to SMB shares on arbitrary TCP ports, to achieve local privilege escalation\u00a0(CVE-2026-24294) on up-to-date Windows Server 2025 machines.", "creation_timestamp": "2026-05-02T06:09:03.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c31c1c7a-6598-4f24-993a-193a82eeeb99/export"/>
    <published>2026-05-02T06:09:03+00:00</published>
  </entry>
</feed>
