<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T14:10:05.318311+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c6c83474-ee35-4f6f-8161-8be4d12c6a6a/export</id>
    <title>c6c83474-ee35-4f6f-8161-8be4d12c6a6a</title>
    <updated>2026-07-17T14:10:05.339414+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c6c83474-ee35-4f6f-8161-8be4d12c6a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45368", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqsfii3i6n2h", "content": "CVE-2026-45368 - Kirby: Cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend\nCVE ID : CVE-2026-45368\n \n Published : July 16, 2026, 10:17 p.m. | 17\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. In versions pr...", "creation_timestamp": "2026-07-16T23:33:10.374346Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c6c83474-ee35-4f6f-8161-8be4d12c6a6a/export"/>
    <published>2026-07-16T23:33:10.374346+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export</id>
    <title>1068df3b-d79e-4458-a8df-0f2ff4e34dd8</title>
    <updated>2026-07-17T14:10:05.346538+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1068df3b-d79e-4458-a8df-0f2ff4e34dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnn7o72j22i", "content": "CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass\nCVE ID : CVE-2026-45363\n \n Published : July 14, 2026, 10:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT...", "creation_timestamp": "2026-07-15T02:08:06.573441Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export"/>
    <published>2026-07-15T02:08:06.573441+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export</id>
    <title>d3b923ca-2333-43ff-9e2f-a067b8fa09a6</title>
    <updated>2026-07-17T14:10:05.346713+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d3b923ca-2333-43ff-9e2f-a067b8fa09a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116921050127676424", "content": "CVE-2026-45363: CRITICAL improper authentication in ruby-jwt (&amp;lt;2.10.3, &amp;lt;3.2.0) lets attackers forge JWTs with empty HMAC keys. Immediate upgrade required to 2.10.3/3.2.0. Impact: auth bypass, high integrity risk. https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #CVE202645363 #ruby #jwt #infosec", "creation_timestamp": "2026-07-15T00:00:44.533087Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export"/>
    <published>2026-07-15T00:00:44.533087+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export</id>
    <title>26e33862-a2f7-43d5-86a9-a7e156c5e735</title>
    <updated>2026-07-17T14:10:05.346847+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "26e33862-a2f7-43d5-86a9-a7e156c5e735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqng3v7m442f", "content": "ruby-jwt CRITICAL vulnerability (CVE-2026-45363): Versions &amp;lt;2.10.3 &amp;amp; &amp;lt;3.2.0 let attackers forge JWT tokens with empty HMAC keys. Upgrade to 2.10.3/3.2.0 now. \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #rubyjwt #CVE202645363", "creation_timestamp": "2026-07-15T00:00:43.319112Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export"/>
    <published>2026-07-15T00:00:43.319112+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export</id>
    <title>af1c7d2f-fc13-4109-b787-5428399d772d</title>
    <updated>2026-07-17T14:10:05.346959+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "af1c7d2f-fc13-4109-b787-5428399d772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaypv4m2v", "content": "CVE-2026-45363 - jwt\nAn attacker can forge a valid JWT token without knowing the secret key. This is possible if the key is empty, or if the keyfinder returns an empty string or nil. To prevent this,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jwt #timrudat #Ruby #CVE #infosec", "creation_timestamp": "2026-07-14T22:16:11.854835Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export"/>
    <published>2026-07-14T22:16:11.854835+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/08bd2ae2-95b3-4537-b4cb-823ab97192ce/export</id>
    <title>08bd2ae2-95b3-4537-b4cb-823ab97192ce</title>
    <updated>2026-07-17T14:10:05.347057+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "08bd2ae2-95b3-4537-b4cb-823ab97192ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45367", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mq67w72ugf2l", "content": "\ud83d\udea8 EUVD-2026-42440\n\ud83d\udcca 7.5/10\n\ud83c\udfe2 hapifhir\n\n\ud83d\udcdd HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 inco...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42440\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-07-08T23:00:13.326567Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/08bd2ae2-95b3-4537-b4cb-823ab97192ce/export"/>
    <published>2026-07-08T23:00:13.326567+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ccadb69a-a196-4f0f-8ca4-a018ec7ffe61/export</id>
    <title>ccadb69a-a196-4f0f-8ca4-a018ec7ffe61</title>
    <updated>2026-07-17T14:10:05.347160+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ccadb69a-a196-4f0f-8ca4-a018ec7ffe61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45360", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5or2ktfg26", "content": "CVE-2026-45360: Apache Airflow: Arbitrary import in custom deadline-reference deserialization", "creation_timestamp": "2026-05-31T13:37:32.436951Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ccadb69a-a196-4f0f-8ca4-a018ec7ffe61/export"/>
    <published>2026-05-31T13:37:32.436951+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1/export</id>
    <title>2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1</title>
    <updated>2026-07-17T14:10:05.347265+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45361", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmuwrpmrwn2u", "content": "\ud83d\udccc CVE-2026-45361 - Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker... https://www.cyberhub.blog/cves/CVE-2026-45361", "creation_timestamp": "2026-05-28T02:07:07.303278Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1/export"/>
    <published>2026-05-28T02:07:07.303278+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1aa95318-5231-43fe-86cd-d41be44d2b51/export</id>
    <title>1aa95318-5231-43fe-86cd-d41be44d2b51</title>
    <updated>2026-07-17T14:10:05.347365+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1aa95318-5231-43fe-86cd-d41be44d2b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45369", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlugqvo6dx2e", "content": "\ud83d\udfe0 CVE-2026-45369 - High (8.3)\n\npython-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args metho...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45369/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-15T03:57:20.807439Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1aa95318-5231-43fe-86cd-d41be44d2b51/export"/>
    <published>2026-05-15T03:57:20.807439+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6e8d5c9c-829a-43e2-bef4-e15769e9417a/export</id>
    <title>6e8d5c9c-829a-43e2-bef4-e15769e9417a</title>
    <updated>2026-07-17T14:10:05.347466+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6e8d5c9c-829a-43e2-bef4-e15769e9417a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45369", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mluafm52ux2q", "content": "CVE-2026-45369 - python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol\nCVE ID : CVE-2026-45369\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : python-utcp is the python implementation of UTCP. Prior...", "creation_timestamp": "2026-05-15T02:01:26.588024Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6e8d5c9c-829a-43e2-bef4-e15769e9417a/export"/>
    <published>2026-05-15T02:01:26.588024+00:00</published>
  </entry>
</feed>
