<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-13T14:22:38.739732+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export</id>
    <title>b1858760-2f04-435b-b5aa-b83f1ad1aae8</title>
    <updated>2026-07-13T14:22:38.767932+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b1858760-2f04-435b-b5aa-b83f1ad1aae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mqito7op4j2u", "content": "CVE-2026-41041: Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.", "creation_timestamp": "2026-07-13T04:20:18.084410Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export"/>
    <published>2026-07-13T04:20:18.084410+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fb66ab41-8a3a-4093-824a-99b5801253f2/export</id>
    <title>fb66ab41-8a3a-4093-824a-99b5801253f2</title>
    <updated>2026-07-13T14:22:38.771075+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fb66ab41-8a3a-4093-824a-99b5801253f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5jrsw37s22", "content": "CVE-2026-41042\nApache Gravitino, a Java-based tool, has a security issue when using H2 databases for testing. An attacker can execute malicious code on the server if they know the server is using H2. To fix this, update to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-08T16:24:04.328773Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fb66ab41-8a3a-4093-824a-99b5801253f2/export"/>
    <published>2026-07-08T16:24:04.328773+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/aa03509f-f563-44cc-9c82-eb8735ba8695/export</id>
    <title>aa03509f-f563-44cc-9c82-eb8735ba8695</title>
    <updated>2026-07-13T14:22:38.771214+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "aa03509f-f563-44cc-9c82-eb8735ba8695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq5jlooecl2f", "content": "CVE-2026-41042: Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter", "creation_timestamp": "2026-07-08T16:20:38.680935Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/aa03509f-f563-44cc-9c82-eb8735ba8695/export"/>
    <published>2026-07-08T16:20:38.680935+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80/export</id>
    <title>cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80</title>
    <updated>2026-07-13T14:22:38.771306+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3movysuxn772i", "content": "CVE-2026-41045 - Privilege Escalation in Qsnapper. TOCTOU flaw in polkit auth allows local root access. CVSS 8.1. No patch available. Mitigate immediately. #CVE #infosec #Linux\n\nhttps://www.valtersit.com/cve/CVE-2026-41045/", "creation_timestamp": "2026-06-22T23:06:37.278130Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80/export"/>
    <published>2026-06-22T23:06:37.278130+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/72999106-c3a3-4006-8791-ff85c40797f2/export</id>
    <title>72999106-c3a3-4006-8791-ff85c40797f2</title>
    <updated>2026-07-13T14:22:38.771391+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "72999106-c3a3-4006-8791-ff85c40797f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movn3snyzh2m", "content": "CVE-2026-41048 - Caching of Authentication allows Authentication Bypass in qSnapper\nCVE ID : CVE-2026-41048\n \n Published : June 22, 2026, 3:31 p.m. | 3\u00a0hours, 39\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different polkit methods in qSnapper befor...", "creation_timestamp": "2026-06-22T19:36:51.968989Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/72999106-c3a3-4006-8791-ff85c40797f2/export"/>
    <published>2026-06-22T19:36:51.968989+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3d569253-e2e3-48ab-9e8f-4c8df2acf053/export</id>
    <title>3d569253-e2e3-48ab-9e8f-4c8df2acf053</title>
    <updated>2026-07-13T14:22:38.771474+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3d569253-e2e3-48ab-9e8f-4c8df2acf053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41049", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmnfwkqp2h", "content": "CVE-2026-41049 - Caching of Authentication allows Authentication Bypass between users in qSnapper\nCVE ID : CVE-2026-41049\n \n Published : June 22, 2026, 3:32 p.m. | 3\u00a0hours, 37\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different users of the\u00a0 qSna...", "creation_timestamp": "2026-06-22T19:28:48.001386Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3d569253-e2e3-48ab-9e8f-4c8df2acf053/export"/>
    <published>2026-06-22T19:28:48.001386+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2818d3b3-2d30-4abc-bd1e-c8c63699470e/export</id>
    <title>2818d3b3-2d30-4abc-bd1e-c8c63699470e</title>
    <updated>2026-07-13T14:22:38.771563+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2818d3b3-2d30-4abc-bd1e-c8c63699470e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmc2nnvc2m", "content": "CVE-2026-41045 - Weak polkit authentication check in qSnapper\nCVE ID : CVE-2026-41045\n \n Published : June 22, 2026, 3:16 p.m. | 3\u00a0hours, 53\u00a0minutes ago\n \n Description : A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attack...", "creation_timestamp": "2026-06-22T19:22:27.181397Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2818d3b3-2d30-4abc-bd1e-c8c63699470e/export"/>
    <published>2026-06-22T19:22:27.181397+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0b23d54a-a0bc-4794-841c-dded8f9b49d9/export</id>
    <title>0b23d54a-a0bc-4794-841c-dded8f9b49d9</title>
    <updated>2026-07-13T14:22:38.771636+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0b23d54a-a0bc-4794-841c-dded8f9b49d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4104", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnhsk4nu3u25", "content": "CVE-2026-4104 - Critical SQLi in TeknoPass by Akmer Informatics. Authorization bypass via user-controlled SQL primary key. CVSS 9.8. No patch available. Block access or isolate affected systems immediately. #CVE #infosec #cybersecurity\n\nhttps://www.valtersit.com/cve/CVE-2026-4104/", "creation_timestamp": "2026-06-04T14:11:52.192201Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0b23d54a-a0bc-4794-841c-dded8f9b49d9/export"/>
    <published>2026-06-04T14:11:52.192201+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fe5d819d-48cf-4ccd-b628-6ae46beb3a74/export</id>
    <title>fe5d819d-48cf-4ccd-b628-6ae46beb3a74</title>
    <updated>2026-07-13T14:22:38.771712+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fe5d819d-48cf-4ccd-b628-6ae46beb3a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41048", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqyowpr7z2z", "content": "qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048)", "creation_timestamp": "2026-05-26T12:30:42.902846Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fe5d819d-48cf-4ccd-b628-6ae46beb3a74/export"/>
    <published>2026-05-26T12:30:42.902846+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bf285631-1450-4b7e-aa93-849fd67e08e0/export</id>
    <title>bf285631-1450-4b7e-aa93-849fd67e08e0</title>
    <updated>2026-07-13T14:22:38.771789+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bf285631-1450-4b7e-aa93-849fd67e08e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqyowpr7z2z", "content": "qSnapper: Various Security Issues in Privileged D-Bus Service (CVE-2026-41045 through CVE-2026-41048)", "creation_timestamp": "2026-05-26T12:30:42.714950Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bf285631-1450-4b7e-aa93-849fd67e08e0/export"/>
    <published>2026-05-26T12:30:42.714950+00:00</published>
  </entry>
</feed>
