<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-08T16:36:33.265873+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e6cad395-fbe7-4031-a6dc-7ea7c0c23ae6/export</id>
    <title>e6cad395-fbe7-4031-a6dc-7ea7c0c23ae6</title>
    <updated>2026-07-08T16:36:33.293082+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e6cad395-fbe7-4031-a6dc-7ea7c0c23ae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/bluehatone.bsky.social/post/3mq25rtswhb23", "content": "OpenClaw security alert. 135,000+ servers exposed, 50,000 open to remote code, 335 bad skills found. CVE-2026-25253 can steal a token with one click via a localhost WebSocket. Safer steps: don\u2019t use your main laptop, enable auth, bind to 127.0.0.1 or VPN, least privilege, audit skills.", "creation_timestamp": "2026-07-07T08:11:22.581651Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e6cad395-fbe7-4031-a6dc-7ea7c0c23ae6/export"/>
    <published>2026-07-07T08:11:22.581651+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/432755d8-badf-4d24-a5fe-f575ac222d78/export</id>
    <title>432755d8-badf-4d24-a5fe-f575ac222d78</title>
    <updated>2026-07-08T16:36:33.296190+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "432755d8-badf-4d24-a5fe-f575ac222d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/ctsd-gmbh.bsky.social/post/3mptm24sk6m2j", "content": "CVE-2026-25253 in KI-Agenten ohne Interface: Realit\u00e4t oder Roadmap?\n\nJetzt lesen: https://www.ctsd.de/insights/2026-07-ki-ki-agenten-ohne-interface-realit-t-oder-roadmap.html\n\n#ITSecurity #Compliance #KI\n\nhttps://www.ctsd.de/insights/2026-07-ki-ki-agenten-ohne-interface-realit-t-oder-roadmap.html", "creation_timestamp": "2026-07-04T17:37:53.433721Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/432755d8-badf-4d24-a5fe-f575ac222d78/export"/>
    <published>2026-07-04T17:37:53.433721+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/be6da4dc-0009-4b00-94b5-4fd88cc3661e/export</id>
    <title>be6da4dc-0009-4b00-94b5-4fd88cc3661e</title>
    <updated>2026-07-08T16:36:33.296302+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "be6da4dc-0009-4b00-94b5-4fd88cc3661e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mottrv2xxt2l", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 28 interactions\nCVE-2026-20262: 25 interactions\nCVE-2026-54420: 25 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-20253: 6 interactions\nCVE-2026-25253: 4 interactions\nCVE-2026-35469: 4 interactions\n", "creation_timestamp": "2026-06-22T02:31:16.151843Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/be6da4dc-0009-4b00-94b5-4fd88cc3661e/export"/>
    <published>2026-06-22T02:31:16.151843+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a034e306-ba17-445b-9f84-68e8150c0a5b/export</id>
    <title>a034e306-ba17-445b-9f84-68e8150c0a5b</title>
    <updated>2026-07-08T16:36:33.296380+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a034e306-ba17-445b-9f84-68e8150c0a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/phantomfills.bsky.social/post/3moruyfgaek2z", "content": "The RisksIt\u2019s not all sunshine. The recent @OpenClaw vulnerabilities (CVE-2026-25253) were a wake-up call.\n\nAs agents get more \"root\" access to our capital, security becomes the ultimate primitive. Sandbox execution is no longer optional\u2014it's mandatory.", "creation_timestamp": "2026-06-21T07:54:06.894633Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a034e306-ba17-445b-9f84-68e8150c0a5b/export"/>
    <published>2026-06-21T07:54:06.894633+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e12742da-e8fa-4069-8325-6aa10873f9d8/export</id>
    <title>e12742da-e8fa-4069-8325-6aa10873f9d8</title>
    <updated>2026-07-08T16:36:33.296453+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e12742da-e8fa-4069-8325-6aa10873f9d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/phantomfills.bsky.social/post/3moruycokpc2z", "content": "The RisksIt\u2019s not all sunshine. The recent @OpenClaw vulnerabilities (CVE-2026-25253) were a wake-up call.\n\nAs agents get more \"root\" access to our capital, security becomes the ultimate primitive. Sandbox execution is no longer optional\u2014it's mandatory.", "creation_timestamp": "2026-06-21T07:51:56.141429Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e12742da-e8fa-4069-8325-6aa10873f9d8/export"/>
    <published>2026-06-21T07:51:56.141429+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3a7ea034-93f1-4cfb-8f4c-86a45f86463c/export</id>
    <title>3a7ea034-93f1-4cfb-8f4c-86a45f86463c</title>
    <updated>2026-07-08T16:36:33.296524+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3a7ea034-93f1-4cfb-8f4c-86a45f86463c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/phantomfills.bsky.social/post/3moruy72a2c2z", "content": "The RisksIt\u2019s not all sunshine. The recent @OpenClaw vulnerabilities (CVE-2026-25253) were a wake-up call.\n\nAs agents get more \"root\" access to our capital, security becomes the ultimate primitive. Sandbox execution is no longer optional\u2014it's mandatory.", "creation_timestamp": "2026-06-21T07:51:55.617839Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3a7ea034-93f1-4cfb-8f4c-86a45f86463c/export"/>
    <published>2026-06-21T07:51:55.617839+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3a2aa5e8-e644-4359-903b-f940af07dc9a/export</id>
    <title>3a2aa5e8-e644-4359-903b-f940af07dc9a</title>
    <updated>2026-07-08T16:36:33.296601+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3a2aa5e8-e644-4359-903b-f940af07dc9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/phantomfills.bsky.social/post/3moruxymmx22z", "content": "The RisksIt\u2019s not all sunshine. The recent @OpenClaw vulnerabilities (CVE-2026-25253) were a wake-up call.\n\nAs agents get more \"root\" access to our capital, security becomes the ultimate primitive. Sandbox execution is no longer optional\u2014it's mandatory.", "creation_timestamp": "2026-06-21T07:49:43.637658Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3a2aa5e8-e644-4359-903b-f940af07dc9a/export"/>
    <published>2026-06-21T07:49:43.637658+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1cb95d5f-505d-4d06-858c-8036192ee838/export</id>
    <title>1cb95d5f-505d-4d06-858c-8036192ee838</title>
    <updated>2026-07-08T16:36:33.296688+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1cb95d5f-505d-4d06-858c-8036192ee838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/phantomfills.bsky.social/post/3moruxuwufc2z", "content": "The RisksIt\u2019s not all sunshine. The recent @OpenClaw vulnerabilities (CVE-2026-25253) were a wake-up call.\n\nAs agents get more \"root\" access to our capital, security becomes the ultimate primitive. Sandbox execution is no longer optional\u2014it's mandatory.", "creation_timestamp": "2026-06-21T07:49:42.773752Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1cb95d5f-505d-4d06-858c-8036192ee838/export"/>
    <published>2026-06-21T07:49:42.773752+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0d971797-c085-4c98-b3df-4790b24845ff/export</id>
    <title>0d971797-c085-4c98-b3df-4790b24845ff</title>
    <updated>2026-07-08T16:36:33.296756+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0d971797-c085-4c98-b3df-4790b24845ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/phantomfills.bsky.social/post/3moruxrp24s2z", "content": "The RisksIt\u2019s not all sunshine. The recent @OpenClaw vulnerabilities (CVE-2026-25253) were a wake-up call.\n\nAs agents get more \"root\" access to our capital, security becomes the ultimate primitive. Sandbox execution is no longer optional\u2014it's mandatory.", "creation_timestamp": "2026-06-21T07:49:42.108121Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0d971797-c085-4c98-b3df-4790b24845ff/export"/>
    <published>2026-06-21T07:49:42.108121+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/32b400ed-b180-4454-a78b-03dab6e34809/export</id>
    <title>32b400ed-b180-4454-a78b-03dab6e34809</title>
    <updated>2026-07-08T16:36:33.296830+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "32b400ed-b180-4454-a78b-03dab6e34809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://bsky.app/profile/bluehatone.bsky.social/post/3moket6ftvp2u", "content": "OpenClaw is not just chat. It is a robot super user with 24/7 access. Researchers found thousands of agents exposed online with weak auth and plaintext secrets. CVE-2026-25253 can steal tokens by a crafted URL, near CVSS 8.8. Use secrets manager and least privilege now.", "creation_timestamp": "2026-06-18T08:09:34.634565Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/32b400ed-b180-4454-a78b-03dab6e34809/export"/>
    <published>2026-06-18T08:09:34.634565+00:00</published>
  </entry>
</feed>
