<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-08T22:58:32.181285+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6cc70ec7-f1f2-4869-84e5-03afa542e848/export</id>
    <title>6cc70ec7-f1f2-4869-84e5-03afa542e848</title>
    <updated>2026-07-08T22:58:32.210524+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6cc70ec7-f1f2-4869-84e5-03afa542e848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpzrgv5c4723", "content": "CRITICAL: coollabsio coolify (=4.0.0-beta.464) has an auth bypass (CVE-2026-34037) allowing cross-tenant resource cloning. Upgrade to 4.0.0-beta.464 ASAP. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vulnerability #coolify", "creation_timestamp": "2026-07-07T04:30:29.501406Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6cc70ec7-f1f2-4869-84e5-03afa542e848/export"/>
    <published>2026-07-07T04:30:29.501406+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2b790be1-ad43-4935-9dbe-371dcaef9916/export</id>
    <title>2b790be1-ad43-4935-9dbe-371dcaef9916</title>
    <updated>2026-07-08T22:58:32.214906+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2b790be1-ad43-4935-9dbe-371dcaef9916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116876812363283069", "content": "CVE-2026-34037: CRITICAL auth bypass in coollabsio coolify (=4.0.0-beta.464). Privileged users can clone resources into other teams, risking cross-tenant data exposure. Fix: upgrade to 4.0.0-beta.464. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vuln #coolify #Infosec", "creation_timestamp": "2026-07-07T04:30:26.920257Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2b790be1-ad43-4935-9dbe-371dcaef9916/export"/>
    <published>2026-07-07T04:30:26.920257+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d1bdd787-050d-466b-afa4-dfa6dbc99ef1/export</id>
    <title>d1bdd787-050d-466b-afa4-dfa6dbc99ef1</title>
    <updated>2026-07-08T22:58:32.215082+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d1bdd787-050d-466b-afa4-dfa6dbc99ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzqxmsj2d2u", "content": "CVE-2026-34037 - Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()\nCVE ID : CVE-2026-34037\n \n Published : July 7, 2026, 3:21 a.m. | 26\u00a0minutes ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers, application...", "creation_timestamp": "2026-07-07T04:21:56.340324Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d1bdd787-050d-466b-afa4-dfa6dbc99ef1/export"/>
    <published>2026-07-07T04:21:56.340324+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e29d6eba-658f-4a52-b6d7-84848433db07/export</id>
    <title>e29d6eba-658f-4a52-b6d7-84848433db07</title>
    <updated>2026-07-08T22:58:32.215192+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e29d6eba-658f-4a52-b6d7-84848433db07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpzpxpr5wr2h", "content": "CVE-2026-34037 - coolify\nA previous version of Coolify allowed authorized users to copy resources into accounts they shouldn't have access to. This means they could potentially access or modify sensitive\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#coolify #coollabsio #CVE #infosec", "creation_timestamp": "2026-07-07T04:04:05.789820Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e29d6eba-658f-4a52-b6d7-84848433db07/export"/>
    <published>2026-07-07T04:04:05.789820+00:00</published>
  </entry>
</feed>
