<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-18T12:02:47.681454+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2631ad4b-a543-4ca4-a505-7acae45d0deb/export</id>
    <title>2631ad4b-a543-4ca4-a505-7acae45d0deb</title>
    <updated>2026-07-18T12:02:47.699336+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2631ad4b-a543-4ca4-a505-7acae45d0deb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44981", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqscsh5n662e", "content": "CVE-2026-44981 - CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression\nCVE ID : CVE-2026-44981\n \n Published : July 16, 2026, 8:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, ...", "creation_timestamp": "2026-07-16T22:45:06.832227Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2631ad4b-a543-4ca4-a505-7acae45d0deb/export"/>
    <published>2026-07-16T22:45:06.832227+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a8d00df6-3e1b-4d99-8fdc-fe445afc4109/export</id>
    <title>a8d00df6-3e1b-4d99-8fdc-fe445afc4109</title>
    <updated>2026-07-18T12:02:47.701511+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a8d00df6-3e1b-4d99-8fdc-fe445afc4109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44986", "type": "seen", "source": "https://mastodon.social/users/hugovalters/statuses/116928840317268735", "content": "CVE-2026-44986 - Critical Auth Bypass in Penpot. CVSS 9.9. Attackers can hijack any non-blocked account. Update to 2.14.5 immediately. #CVE #infosec #Penpot\nhttps://www.valtersit.com/cve/CVE-2026-44986/", "creation_timestamp": "2026-07-16T09:01:50.850421Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a8d00df6-3e1b-4d99-8fdc-fe445afc4109/export"/>
    <published>2026-07-16T09:01:50.850421+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/58cca795-a2ad-4e76-b332-51fb4c3cc78c/export</id>
    <title>58cca795-a2ad-4e76-b332-51fb4c3cc78c</title>
    <updated>2026-07-18T12:02:47.701730+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "58cca795-a2ad-4e76-b332-51fb4c3cc78c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44986", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqqurwh7u42e", "content": "CVE-2026-44986 - Critical Auth Bypass in Penpot. CVSS 9.9. Attackers can hijack any non-blocked account. Update to 2.14.5 immediately. #CVE #infosec #Penpot\n\nhttps://www.valtersit.com/cve/CVE-2026-44986/", "creation_timestamp": "2026-07-16T09:01:34.285999Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/58cca795-a2ad-4e76-b332-51fb4c3cc78c/export"/>
    <published>2026-07-16T09:01:34.285999+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/20ffc410-6524-4514-bd25-b88f4ff7f258/export</id>
    <title>20ffc410-6524-4514-bd25-b88f4ff7f258</title>
    <updated>2026-07-18T12:02:47.701921+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "20ffc410-6524-4514-bd25-b88f4ff7f258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44986", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqp2zwwfih2x", "content": "CVE-2026-44986 - penpot\nPenpot, a design tool, had a security weakness that allowed a registered user to take over any non-blocked account by using an invitation token. This meant that an attacker could gain access to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#penpot #CVE #infosec", "creation_timestamp": "2026-07-15T15:48:05.820266Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/20ffc410-6524-4514-bd25-b88f4ff7f258/export"/>
    <published>2026-07-15T15:48:05.820266+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5b4d8b3b-455e-46a4-9473-108b98c450f5/export</id>
    <title>5b4d8b3b-455e-46a4-9473-108b98c450f5</title>
    <updated>2026-07-18T12:02:47.702049+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5b4d8b3b-455e-46a4-9473-108b98c450f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44985", "type": "seen", "source": "https://bsky.app/profile/smit-artem.bsky.social/post/3mpwkt33ho42q", "content": "Heads up: an important security fix just landed for Amirraminfar Dozzle. Open its settings and let it update. A couple of taps now keeps your data safer. CVE-2026-44985", "creation_timestamp": "2026-07-05T21:54:02.964945Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5b4d8b3b-455e-46a4-9473-108b98c450f5/export"/>
    <published>2026-07-05T21:54:02.964945+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8b3e43f9-994b-4218-bff0-e5b62fde7880/export</id>
    <title>8b3e43f9-994b-4218-bff0-e5b62fde7880</title>
    <updated>2026-07-18T12:02:47.702132+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8b3e43f9-994b-4218-bff0-e5b62fde7880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44985", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motn5np3ny2s", "content": "\ud83d\udea8  ALERT: CVE-2026-44985\n\nCVSS 9.6/10\n\n\ud83d\udccb WHAT IT IS:\nDozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined wi", "creation_timestamp": "2026-06-22T00:32:33.320627Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8b3e43f9-994b-4218-bff0-e5b62fde7880/export"/>
    <published>2026-06-22T00:32:33.320627+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/191a15fb-5bc9-41fa-bd93-73dc0b90fb9b/export</id>
    <title>191a15fb-5bc9-41fa-bd93-73dc0b90fb9b</title>
    <updated>2026-07-18T12:02:47.702212+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "191a15fb-5bc9-41fa-bd93-73dc0b90fb9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44985", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmsd3b27g32n", "content": "CVE-2026-44985 - Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication\nCVE ID : CVE-2026-44985\n \n Published : May 26, 2026, 10:16 p.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : Dozzle is a realtime log viewer for docker containers. Pr...", "creation_timestamp": "2026-05-27T01:09:20.586775Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/191a15fb-5bc9-41fa-bd93-73dc0b90fb9b/export"/>
    <published>2026-05-27T01:09:20.586775+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1868ca50-643a-4cbc-948f-a732185a31e0/export</id>
    <title>1868ca50-643a-4cbc-948f-a732185a31e0</title>
    <updated>2026-07-18T12:02:47.702295+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1868ca50-643a-4cbc-948f-a732185a31e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44983", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmsco5lniw2k", "content": "CVE-2026-44983 - smallbitvec: Safe API Triggered Heap Buffer Overflow via Integer Overflow\nCVE ID : CVE-2026-44983\n \n Published : May 26, 2026, 10:16 p.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 t...", "creation_timestamp": "2026-05-27T01:01:52.911504Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1868ca50-643a-4cbc-948f-a732185a31e0/export"/>
    <published>2026-05-27T01:01:52.911504+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3e8c6af0-6997-4c20-906a-afd3677af690/export</id>
    <title>3e8c6af0-6997-4c20-906a-afd3677af690</title>
    <updated>2026-07-18T12:02:47.702368+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3e8c6af0-6997-4c20-906a-afd3677af690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44987", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlfb5itfpr2n", "content": "CVE-2026-44987 - SysReptor: Privilege Escalation from User Admin to Superuser\nCVE ID : CVE-2026-44987\n \n Published : May 8, 2026, 11:16 p.m. | 1\u00a0hour, 28\u00a0minutes ago\n \n Description : SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users ...", "creation_timestamp": "2026-05-09T03:04:52.527253Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3e8c6af0-6997-4c20-906a-afd3677af690/export"/>
    <published>2026-05-09T03:04:52.527253+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8e6aaddc-0db0-4458-9272-7f290ada7193/export</id>
    <title>8e6aaddc-0db0-4458-9272-7f290ada7193</title>
    <updated>2026-07-18T12:02:47.702445+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "8e6aaddc-0db0-4458-9272-7f290ada7193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44985", "type": "published-proof-of-concept", "source": "https://github.com/amir20/dozzle/security/advisories/GHSA-j643-x8pv-8m67", "content": "", "creation_timestamp": "2026-05-06T12:29:00.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8e6aaddc-0db0-4458-9272-7f290ada7193/export"/>
    <published>2026-05-06T12:29:00+00:00</published>
  </entry>
</feed>
