<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-05T17:43:41.411366+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/967db019-44fa-47f0-9442-fdbee65e67ba/export</id>
    <title>967db019-44fa-47f0-9442-fdbee65e67ba</title>
    <updated>2026-07-05T17:43:41.436489+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "967db019-44fa-47f0-9442-fdbee65e67ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mps7pglzfp2z", "content": "The latest update for #Indusface includes \"CVE-2026-33017: Langflow RCE Deploys Monero Miners on AI Servers\" and \"CVE-2026-46817: Oracle EBS Payments Vulnerability Under Active Exploitation\".\n \n#cybersecurity #infosec https://opsmtrs.com/3ySs2VF", "creation_timestamp": "2026-07-04T04:24:29.501083Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/967db019-44fa-47f0-9442-fdbee65e67ba/export"/>
    <published>2026-07-04T04:24:29.501083+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5ae8b122-5f2d-481a-8251-40fe6bb01a94/export</id>
    <title>5ae8b122-5f2d-481a-8251-40fe6bb01a94</title>
    <updated>2026-07-05T17:43:41.438132+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5ae8b122-5f2d-481a-8251-40fe6bb01a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mplvhvzt2s2a", "content": "Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints\n\nThreat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017\u2026\n#hackernews #news", "creation_timestamp": "2026-07-01T16:05:22.685848Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5ae8b122-5f2d-481a-8251-40fe6bb01a94/export"/>
    <published>2026-07-01T16:05:22.685848+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6ee99a05-4459-4439-8d64-4e0f8debe091/export</id>
    <title>6ee99a05-4459-4439-8d64-4e0f8debe091</title>
    <updated>2026-07-05T17:43:41.438273+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "6ee99a05-4459-4439-8d64-4e0f8debe091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-028", "content": "", "creation_timestamp": "2026-07-01T02:45:14.539588Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6ee99a05-4459-4439-8d64-4e0f8debe091/export"/>
    <published>2026-07-01T02:45:14.539588+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fca3ae57-73b0-4fd8-a33d-674cfb9ed194/export</id>
    <title>fca3ae57-73b0-4fd8-a33d-674cfb9ed194</title>
    <updated>2026-07-05T17:43:41.439506+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fca3ae57-73b0-4fd8-a33d-674cfb9ed194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "content": "Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)", "creation_timestamp": "2026-07-01T01:00:46.406436Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fca3ae57-73b0-4fd8-a33d-674cfb9ed194/export"/>
    <published>2026-07-01T01:00:46.406436+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5ee32878-e59b-40f5-b8ec-267fb581a0ff/export</id>
    <title>5ee32878-e59b-40f5-b8ec-267fb581a0ff</title>
    <updated>2026-07-05T17:43:41.439635+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5ee32878-e59b-40f5-b8ec-267fb581a0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mpjrcloa4r26", "content": "Langflow CVE-2026-33017 is being exploited for unauthenticated RCE, deploying a Monero miner via a multi-stage chain. The lambsys binary disables defenses, persists, and spreads using reused credentials. #Langflow #CVE2026 #Monero", "creation_timestamp": "2026-06-30T19:45:29.176664Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5ee32878-e59b-40f5-b8ec-267fb581a0ff/export"/>
    <published>2026-06-30T19:45:29.176664+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/630f2fed-9a5b-4ae7-a0ed-71c67084631f/export</id>
    <title>630f2fed-9a5b-4ae7-a0ed-71c67084631f</title>
    <updated>2026-07-05T17:43:41.439736+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "630f2fed-9a5b-4ae7-a0ed-71c67084631f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mpjpjlqa3t2n", "content": "\ud83e\udd16 CVE-2026-33017 (CVSS 9.3): Unauthenticated RCE in Langflow exploited in the wild to deploy Monero miners on exposed AI endpoints.\nhttps://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "creation_timestamp": "2026-06-30T19:13:35.992308Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/630f2fed-9a5b-4ae7-a0ed-71c67084631f/export"/>
    <published>2026-06-30T19:13:35.992308+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d2d32fa0-1331-473a-8be6-c66a8f06926f/export</id>
    <title>d2d32fa0-1331-473a-8be6-c66a8f06926f</title>
    <updated>2026-07-05T17:43:41.439836+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d2d32fa0-1331-473a-8be6-c66a8f06926f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "content": "Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)", "creation_timestamp": "2026-06-30T19:00:46.161226Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d2d32fa0-1331-473a-8be6-c66a8f06926f/export"/>
    <published>2026-06-30T19:00:46.161226+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c639b959-9b8a-4f6f-9d58-f7110eb9159e/export</id>
    <title>c639b959-9b8a-4f6f-9d58-f7110eb9159e</title>
    <updated>2026-07-05T17:43:41.439949+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c639b959-9b8a-4f6f-9d58-f7110eb9159e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33017", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/116840459136103170", "content": "\u203c\ufe0f One POST to RCE: Unauthenticated Code Execution in Langflow (CVE-2026-33017)\nhttps://darkwebinformer.com/one-post-to-rce-unauthenticated-code-execution-in-langflow-cve-2026-33017/", "creation_timestamp": "2026-06-30T18:25:20.506849Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c639b959-9b8a-4f6f-9d58-f7110eb9159e/export"/>
    <published>2026-06-30T18:25:20.506849+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/07fbbb5f-9cee-4a54-b522-92909c7df64a/export</id>
    <title>07fbbb5f-9cee-4a54-b522-92909c7df64a</title>
    <updated>2026-07-05T17:43:41.440061+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "07fbbb5f-9cee-4a54-b522-92909c7df64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpjlfckjpd2l", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-33017 \u0432 Langflow: \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0435 API-\u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/5CD28AF0-2632-445B-8F6A-D8DA125521C7", "creation_timestamp": "2026-06-30T17:59:37.262913Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/07fbbb5f-9cee-4a54-b522-92909c7df64a/export"/>
    <published>2026-06-30T17:59:37.262913+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fc38d403-da01-4c6a-97df-869c3ef15800/export</id>
    <title>fc38d403-da01-4c6a-97df-869c3ef15800</title>
    <updated>2026-07-05T17:43:41.440160+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fc38d403-da01-4c6a-97df-869c3ef15800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mpjjhujmry2l", "content": "Threat actors exploit CVE-2026-33017 in exposed Langflow endpoints to deploy Monero miners, disable defenses, persist via cron, and spread through reused SSH keys.\n", "creation_timestamp": "2026-06-30T17:25:16.558402Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fc38d403-da01-4c6a-97df-869c3ef15800/export"/>
    <published>2026-06-30T17:25:16.558402+00:00</published>
  </entry>
</feed>
