<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T18:33:26.190876+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/28c999b9-2dbc-406e-b1e6-65f2dc4a71ec/export</id>
    <title>28c999b9-2dbc-406e-b1e6-65f2dc4a71ec</title>
    <updated>2026-07-09T18:33:26.210040+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "28c999b9-2dbc-406e-b1e6-65f2dc4a71ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-05T07:55:59.725929Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/28c999b9-2dbc-406e-b1e6-65f2dc4a71ec/export"/>
    <published>2026-07-05T07:55:59.725929+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export</id>
    <title>da99882a-a9da-4ecf-8a20-6b8d051e6180</title>
    <updated>2026-07-09T18:33:26.211104+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "da99882a-a9da-4ecf-8a20-6b8d051e6180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-03T08:40:03.367903Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export"/>
    <published>2026-07-03T08:40:03.367903+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f588181e-64ae-4b43-9b51-da32c8f87572/export</id>
    <title>f588181e-64ae-4b43-9b51-da32c8f87572</title>
    <updated>2026-07-09T18:33:26.211205+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "f588181e-64ae-4b43-9b51-da32c8f87572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41262", "type": "published-proof-of-concept", "source": "https://github.com/fleetdm/fleet/security/advisories/GHSA-gm7f-v959-fr2g", "content": "", "creation_timestamp": "2026-06-26T22:35:37.463698Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f588181e-64ae-4b43-9b51-da32c8f87572/export"/>
    <published>2026-06-26T22:35:37.463698+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c23f149b-252d-40dc-8186-437b3e478dce/export</id>
    <title>c23f149b-252d-40dc-8186-437b3e478dce</title>
    <updated>2026-07-09T18:33:26.212001+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c23f149b-252d-40dc-8186-437b3e478dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41263", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkqpzycnet2q", "content": "CVE-2026-41263 - Traefik: BasicAuth middleware: timing side-channel vulnerability\nCVE ID : CVE-2026-41263\n \n Published : April 30, 2026, 9:16 p.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, an...", "creation_timestamp": "2026-04-30T23:05:25.891616Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c23f149b-252d-40dc-8186-437b3e478dce/export"/>
    <published>2026-04-30T23:05:25.891616+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b8e8d750-5889-4940-92b7-cf50e6fd3cc6/export</id>
    <title>b8e8d750-5889-4940-92b7-cf50e6fd3cc6</title>
    <updated>2026-07-09T18:33:26.212084+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b8e8d750-5889-4940-92b7-cf50e6fd3cc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41267", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkfcol2w4r2o", "content": "", "creation_timestamp": "2026-04-26T10:07:07.969747Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b8e8d750-5889-4940-92b7-cf50e6fd3cc6/export"/>
    <published>2026-04-26T10:07:07.969747+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f/export</id>
    <title>3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f</title>
    <updated>2026-07-09T18:33:26.212150+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41265", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke23guci32z", "content": "", "creation_timestamp": "2026-04-25T22:00:35.939148Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f/export"/>
    <published>2026-04-25T22:00:35.939148+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export</id>
    <title>bc41f443-01aa-45b1-8773-940888ab8111</title>
    <updated>2026-07-09T18:33:26.212216+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bc41f443-01aa-45b1-8773-940888ab8111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke2376l4i2t", "content": "", "creation_timestamp": "2026-04-25T22:00:28.721224Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export"/>
    <published>2026-04-25T22:00:28.721224+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b84f72ba-c5a3-440a-a094-62ee5eced554/export</id>
    <title>b84f72ba-c5a3-440a-a094-62ee5eced554</title>
    <updated>2026-07-09T18:33:26.212281+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b84f72ba-c5a3-440a-a094-62ee5eced554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41266", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkbwznomm32f", "content": "", "creation_timestamp": "2026-04-25T02:00:35.695437Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b84f72ba-c5a3-440a-a094-62ee5eced554/export"/>
    <published>2026-04-25T02:00:35.695437+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d9457267-1c7a-4d9b-9966-54b920695aa0/export</id>
    <title>d9457267-1c7a-4d9b-9966-54b920695aa0</title>
    <updated>2026-07-09T18:33:26.212344+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d9457267-1c7a-4d9b-9966-54b920695aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41263", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mkanez5th22k", "content": "", "creation_timestamp": "2026-04-24T13:35:19.535850Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d9457267-1c7a-4d9b-9966-54b920695aa0/export"/>
    <published>2026-04-24T13:35:19.535850+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9803cbc4-67ff-4afd-9e63-edbe4cf36667/export</id>
    <title>9803cbc4-67ff-4afd-9e63-edbe4cf36667</title>
    <updated>2026-07-09T18:33:26.212420+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9803cbc4-67ff-4afd-9e63-edbe4cf36667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4126", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mk7bocnbhl2s", "content": "", "creation_timestamp": "2026-04-24T00:33:06.463052Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9803cbc4-67ff-4afd-9e63-edbe4cf36667/export"/>
    <published>2026-04-24T00:33:06.463052+00:00</published>
  </entry>
</feed>
