<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-04T01:04:13.372404+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/61eea565-bc8e-462e-9320-2502a7d268b0/export</id>
    <title>61eea565-bc8e-462e-9320-2502a7d268b0</title>
    <updated>2026-07-04T01:04:13.397086+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "61eea565-bc8e-462e-9320-2502a7d268b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphsssv2ny2e", "content": "\ud83d\udccc CVE-2026-45408 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authentica... https://www.cyberhub.blog/cves/CVE-2026-45408", "creation_timestamp": "2026-06-30T01:07:07.269275Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/61eea565-bc8e-462e-9320-2502a7d268b0/export"/>
    <published>2026-06-30T01:07:07.269275+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cf9829ac-30d0-4c45-8dce-ddf835a46083/export</id>
    <title>cf9829ac-30d0-4c45-8dce-ddf835a46083</title>
    <updated>2026-07-04T01:04:13.399755+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cf9829ac-30d0-4c45-8dce-ddf835a46083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45406", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphr55hvyv24", "content": "\ud83d\udccc CVE-2026-45406 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository direct... https://www.cyberhub.blog/cves/CVE-2026-45406", "creation_timestamp": "2026-06-30T00:37:06.617509Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cf9829ac-30d0-4c45-8dce-ddf835a46083/export"/>
    <published>2026-06-30T00:37:06.617509+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fa09ced8-04e3-4ce3-97dc-ea66066affde/export</id>
    <title>fa09ced8-04e3-4ce3-97dc-ea66066affde</title>
    <updated>2026-07-04T01:04:13.399890+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fa09ced8-04e3-4ce3-97dc-ea66066affde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45405", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphphj2ody2g", "content": "\ud83d\udccc CVE-2026-45405 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary dir... https://www.cyberhub.blog/cves/CVE-2026-45405", "creation_timestamp": "2026-06-30T00:07:11.463990Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fa09ced8-04e3-4ce3-97dc-ea66066affde/export"/>
    <published>2026-06-30T00:07:11.463990+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/73df28a4-420b-4fff-bf90-62281a036548/export</id>
    <title>73df28a4-420b-4fff-bf90-62281a036548</title>
    <updated>2026-07-04T01:04:13.399998+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "73df28a4-420b-4fff-bf90-62281a036548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpd7btxcpw2h", "content": "CVE-2026-45408 - Critical Command Injection in Dokku. CVSS 9.0. No patch available. Mitigations required. Limit git push access and review app name validation. #CVE #Dokku #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-45408/", "creation_timestamp": "2026-06-28T05:06:57.828397Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/73df28a4-420b-4fff-bf90-62281a036548/export"/>
    <published>2026-06-28T05:06:57.828397+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620/export</id>
    <title>6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620</title>
    <updated>2026-07-04T01:04:13.400097+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45407", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7mx6ctia2i", "content": "CVE-2026-45407 - Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch\nCVE ID : CVE-2026-45407\n \n Published : June 26, 2026, 4:21 p.m. | 1\u00a0hour, 23\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command create...", "creation_timestamp": "2026-06-26T19:00:53.025222Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620/export"/>
    <published>2026-06-26T19:00:53.025222+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/37aa3000-04fa-4217-9305-7fe373284907/export</id>
    <title>37aa3000-04fa-4217-9305-7fe373284907</title>
    <updated>2026-07-04T01:04:13.400198+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "37aa3000-04fa-4217-9305-7fe373284907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45405", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7m5luydh2c", "content": "CVE-2026-45405 - Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add\nCVE ID : CVE-2026-45405\n \n Published : June 26, 2026, 4:23 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-arch...", "creation_timestamp": "2026-06-26T18:46:34.781114Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/37aa3000-04fa-4217-9305-7fe373284907/export"/>
    <published>2026-06-26T18:46:34.781114+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e21aa45b-5124-4814-b6ff-7d4397a3ae95/export</id>
    <title>e21aa45b-5124-4814-b6ff-7d4397a3ae95</title>
    <updated>2026-07-04T01:04:13.400298+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e21aa45b-5124-4814-b6ff-7d4397a3ae95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kmzy3za2c", "content": "CVE-2026-45408 - Dokku: OS Command Injection via App Name in Git Pre-Receive Hook\nCVE ID : CVE-2026-45408\n \n Published : June 26, 2026, 4:19 p.m. | 1\u00a0hour, 25\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9]...", "creation_timestamp": "2026-06-26T18:19:25.395483Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e21aa45b-5124-4814-b6ff-7d4397a3ae95/export"/>
    <published>2026-06-26T18:19:25.395483+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/68020ac8-5b93-45ea-8fce-c5e804144642/export</id>
    <title>68020ac8-5b93-45ea-8fce-c5e804144642</title>
    <updated>2026-07-04T01:04:13.400393+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "68020ac8-5b93-45ea-8fce-c5e804144642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45406", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kk7bms52n", "content": "CVE-2026-45406 - Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval\nCVE ID : CVE-2026-45406\n \n Published : June 26, 2026, 4:22 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts ...", "creation_timestamp": "2026-06-26T18:17:50.304849Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/68020ac8-5b93-45ea-8fce-c5e804144642/export"/>
    <published>2026-06-26T18:17:50.304849+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/dadb8f8e-3666-45a9-91da-30a7b279e1ba/export</id>
    <title>dadb8f8e-3666-45a9-91da-30a7b279e1ba</title>
    <updated>2026-07-04T01:04:13.400490+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "dadb8f8e-3666-45a9-91da-30a7b279e1ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45409", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnlgica57p2y", "content": "CVE-2026-45409 - Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix\nCVE ID : CVE-2026-45409\n \n Published : June 5, 2026, 11:16 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : Internationalized Domain Nam...", "creation_timestamp": "2026-06-06T00:46:44.907977Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/dadb8f8e-3666-45a9-91da-30a7b279e1ba/export"/>
    <published>2026-06-06T00:46:44.907977+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ca59684b-b952-4ea6-b8e2-7731bd938ddf/export</id>
    <title>ca59684b-b952-4ea6-b8e2-7731bd938ddf</title>
    <updated>2026-07-04T01:04:13.400597+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ca59684b-b952-4ea6-b8e2-7731bd938ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45401", "type": "seen", "source": "Telegram/IqAYll4ZzjxpeZQ_8CUvuT_fob3B5lJjEUBfv2EUXY56hck", "content": "", "creation_timestamp": "2026-05-27T21:12:27.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ca59684b-b952-4ea6-b8e2-7731bd938ddf/export"/>
    <published>2026-05-27T21:12:27+00:00</published>
  </entry>
</feed>
