<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-05T17:43:55.540341+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e0289e38-f86e-4409-833e-b3609b32d511/export</id>
    <title>e0289e38-f86e-4409-833e-b3609b32d511</title>
    <updated>2026-07-05T17:43:55.562577+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e0289e38-f86e-4409-833e-b3609b32d511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47105", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpj5j4kyvg2z", "content": "CVE-2026-47105\nCVE ID : CVE-2026-47105\n \n Published : June 30, 2026, 12:50 p.m. | 55\u00a0minutes ago\n \n Description : None\n \n Severity: 0.0 | NA\n \n Visit the link for more details, such as CVSS details, affected products, timeline, and more...\n#CVE", "creation_timestamp": "2026-06-30T13:51:12.587236Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e0289e38-f86e-4409-833e-b3609b32d511/export"/>
    <published>2026-06-30T13:51:12.587236+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3defa3f3-0fa0-4aa5-9521-eaa91d3bae80/export</id>
    <title>3defa3f3-0fa0-4aa5-9521-eaa91d3bae80</title>
    <updated>2026-07-05T17:43:55.565664+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3defa3f3-0fa0-4aa5-9521-eaa91d3bae80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47103", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mokymjnfot2q", "content": "zero-day is actively exploited in the wild. Immediate patching and access control review recommended.\n[Source: @offseq@infosec.exchange](https://infosec.exchange/@offseq/116758965574886024)\n\n## 3. \ud83d\udea8 CRITICAL: CVE-2026-47103 \u2014 python-statemachine eval() RCE (CVSS 9.3)\nAn", "creation_timestamp": "2026-06-18T14:03:46.003340Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3defa3f3-0fa0-4aa5-9521-eaa91d3bae80/export"/>
    <published>2026-06-18T14:03:46.003340+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a793c67a-64f4-4d73-b0a6-8ca4dcb3910f/export</id>
    <title>a793c67a-64f4-4d73-b0a6-8ca4dcb3910f</title>
    <updated>2026-07-05T17:43:55.566022+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a793c67a-64f4-4d73-b0a6-8ca4dcb3910f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47103", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mok45esats25", "content": "the wild. Immediate patching and access control review recommended.\n[Source: @offseq@infosec.exchange](https://infosec.exchange/@offseq/116758965574886024)\n\n## 3. \ud83d\udea8 CRITICAL: CVE-2026-47103 \u2014 python-statemachine eval() RCE (CVSS 9.3)\nAn unsanitized `eval()` in SCXML processing lets attackers", "creation_timestamp": "2026-06-18T05:34:13.540101Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a793c67a-64f4-4d73-b0a6-8ca4dcb3910f/export"/>
    <published>2026-06-18T05:34:13.540101+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/24ff4db0-7efa-4ab8-a348-68d9d9f2ea76/export</id>
    <title>24ff4db0-7efa-4ab8-a348-68d9d9f2ea76</title>
    <updated>2026-07-05T17:43:55.566242+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "24ff4db0-7efa-4ab8-a348-68d9d9f2ea76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47103", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivs7gmrq27", "content": "CVE-2026-47103 - Python StateMachine 3.0.0\nCVE ID : CVE-2026-47103\n \n Published : June 17, 2026, 2:32 p.m. | 2\u00a0hours, 36\u00a0minutes ago\n \n Description : Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute...", "creation_timestamp": "2026-06-17T18:07:59.323651Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/24ff4db0-7efa-4ab8-a348-68d9d9f2ea76/export"/>
    <published>2026-06-17T18:07:59.323651+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b6303d6e-5782-4997-b472-f294ae25ced5/export</id>
    <title>b6303d6e-5782-4997-b472-f294ae25ced5</title>
    <updated>2026-07-05T17:43:55.566352+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b6303d6e-5782-4997-b472-f294ae25ced5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-47103", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moiooixiwo2r", "content": "Critical RCE in python-statemachine (3.0.0 \u2013 &amp;lt;3.2.0): attacker-supplied SCXML can trigger unsanitized eval(). Avoid untrusted SCXML and watch for patch info: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #python #security", "creation_timestamp": "2026-06-17T16:00:40.565976Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b6303d6e-5782-4997-b472-f294ae25ced5/export"/>
    <published>2026-06-17T16:00:40.565976+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6359581d-f7b7-407c-88a8-eb59b9353d90/export</id>
    <title>6359581d-f7b7-407c-88a8-eb59b9353d90</title>
    <updated>2026-07-05T17:43:55.566476+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6359581d-f7b7-407c-88a8-eb59b9353d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-47103", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moimysp6w224", "content": "Critical RCE in fgmacedo python-statemachine (3.0.0 \u2013 &amp;lt;3.2.0)! Unsafe eval in SCXML allows code execution. Avoid untrusted SCXML, monitor for patches. Details: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #Python #Security", "creation_timestamp": "2026-06-17T15:30:34.617480Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6359581d-f7b7-407c-88a8-eb59b9353d90/export"/>
    <published>2026-06-17T15:30:34.617480+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/26490883-df7d-40e3-aa96-6fde93703e71/export</id>
    <title>26490883-df7d-40e3-aa96-6fde93703e71</title>
    <updated>2026-07-05T17:43:55.566544+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "26490883-df7d-40e3-aa96-6fde93703e71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47103", "type": "published-proof-of-concept", "source": "https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8", "content": "", "creation_timestamp": "2026-06-17T11:39:45.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/26490883-df7d-40e3-aa96-6fde93703e71/export"/>
    <published>2026-06-17T11:39:45+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4329d71c-d207-4eaa-8aac-217e422c7586/export</id>
    <title>4329d71c-d207-4eaa-8aac-217e422c7586</title>
    <updated>2026-07-05T17:43:55.567665+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4329d71c-d207-4eaa-8aac-217e422c7586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47102", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mo2bzzbyub2c", "content": "\ud83d\udccc CVE-2026-47102 - LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to up... https://www.cyberhub.blog/cves/CVE-2026-47102", "creation_timestamp": "2026-06-11T22:37:07.343881Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4329d71c-d207-4eaa-8aac-217e422c7586/export"/>
    <published>2026-06-11T22:37:07.343881+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/688f35f5-6d28-4fde-aee1-7111e84109e5/export</id>
    <title>688f35f5-6d28-4fde-aee1-7111e84109e5</title>
    <updated>2026-07-05T17:43:55.567769+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "688f35f5-6d28-4fde-aee1-7111e84109e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47101", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mo23dfxbkd2j", "content": "\ud83d\udccc CVE-2026-47101 - LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generati... https://www.cyberhub.blog/cves/CVE-2026-47101", "creation_timestamp": "2026-06-11T20:37:06.405558Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/688f35f5-6d28-4fde-aee1-7111e84109e5/export"/>
    <published>2026-06-11T20:37:06.405558+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8e54284c-80d9-4697-9c23-db2aa776eecf/export</id>
    <title>8e54284c-80d9-4697-9c23-db2aa776eecf</title>
    <updated>2026-07-05T17:43:55.567843+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8e54284c-80d9-4697-9c23-db2aa776eecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47106", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnv6u2vvte23", "content": "CVE-2026-47106 - Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API\nCVE ID : CVE-2026-47106\n \n Published : 9. Juni 2026 20:16 | 20\u00a0Minuten ago\n \n Description : Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-sit...", "creation_timestamp": "2026-06-09T21:56:49.304897Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8e54284c-80d9-4697-9c23-db2aa776eecf/export"/>
    <published>2026-06-09T21:56:49.304897+00:00</published>
  </entry>
</feed>
