<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-18T10:08:59.031983+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4961ff39-f38e-4dab-9fb3-ad58e1ddc606/export</id>
    <title>4961ff39-f38e-4dab-9fb3-ad58e1ddc606</title>
    <updated>2026-07-18T10:08:59.054720+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4961ff39-f38e-4dab-9fb3-ad58e1ddc606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47670", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/89566", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-47670\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a error-inside\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-18 22:16:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAuthenticated Remote Code Execution via loadReader functionName code injection in DbGate\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:09.288787Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4961ff39-f38e-4dab-9fb3-ad58e1ddc606/export"/>
    <published>2026-07-15T00:00:09.288787+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a6c4897d-61eb-40eb-9db7-ce361e0472da/export</id>
    <title>a6c4897d-61eb-40eb-9db7-ce361e0472da</title>
    <updated>2026-07-18T10:08:59.057201+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "a6c4897d-61eb-40eb-9db7-ce361e0472da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47677", "type": "published-proof-of-concept", "source": "https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-c67f-gmxw-mj93", "content": "", "creation_timestamp": "2026-07-14T00:35:03.210094Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a6c4897d-61eb-40eb-9db7-ce361e0472da/export"/>
    <published>2026-07-14T00:35:03.210094+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/007c162b-a5e6-4bfe-854c-ca7f53059692/export</id>
    <title>007c162b-a5e6-4bfe-854c-ca7f53059692</title>
    <updated>2026-07-18T10:08:59.058768+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "007c162b-a5e6-4bfe-854c-ca7f53059692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47670", "type": "seen", "source": "https://t.me/GithubRedTeam/89566", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-47670\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a error-inside\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-18 22:16:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAuthenticated Remote Code Execution via loadReader functionName code injection in DbGate\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:39.076425Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/007c162b-a5e6-4bfe-854c-ca7f53059692/export"/>
    <published>2026-07-14T00:00:39.076425+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a17a2644-f0cd-4ba2-b5a6-e2aea376bb2a/export</id>
    <title>a17a2644-f0cd-4ba2-b5a6-e2aea376bb2a</title>
    <updated>2026-07-18T10:08:59.058917+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a17a2644-f0cd-4ba2-b5a6-e2aea376bb2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47677", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkvb4cg3r2v", "content": "CVE-2026-47677 - facturascripts\nFacturaScripts, a web-based accounting software, has a security flaw that allows an attacker to bypass two-factor authentication (2FA) and take control of any user's\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#facturascripts #composer #CVE #infosec", "creation_timestamp": "2026-07-13T23:54:05.333299Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a17a2644-f0cd-4ba2-b5a6-e2aea376bb2a/export"/>
    <published>2026-07-13T23:54:05.333299+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/acc3a6a6-a976-4ddf-912c-9a2b866f1afa/export</id>
    <title>acc3a6a6-a976-4ddf-912c-9a2b866f1afa</title>
    <updated>2026-07-18T10:08:59.059034+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "acc3a6a6-a976-4ddf-912c-9a2b866f1afa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47670", "type": "seen", "source": "https://t.me/GithubRedTeam/89566", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-47670\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a error-inside\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-18 22:16:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAuthenticated Remote Code Execution via loadReader functionName code injection in DbGate\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:23.197730Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/acc3a6a6-a976-4ddf-912c-9a2b866f1afa/export"/>
    <published>2026-07-13T22:00:23.197730+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ac3d8681-3063-4a49-a72f-f0d6c5ff1118/export</id>
    <title>ac3d8681-3063-4a49-a72f-f0d6c5ff1118</title>
    <updated>2026-07-18T10:08:59.059129+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ac3d8681-3063-4a49-a72f-f0d6c5ff1118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4767", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mppnxov22g2i", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-4767 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 TR7 Cyber Defense: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/193DCDDE-A123-46DF-B380-58836ACD9C9A", "creation_timestamp": "2026-07-03T04:01:39.895076Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ac3d8681-3063-4a49-a72f-f0d6c5ff1118/export"/>
    <published>2026-07-03T04:01:39.895076+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3076a30f-e86e-4ed3-a51e-9ad35b47e3f1/export</id>
    <title>3076a30f-e86e-4ed3-a51e-9ad35b47e3f1</title>
    <updated>2026-07-18T10:08:59.059228+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3076a30f-e86e-4ed3-a51e-9ad35b47e3f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4767", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mpofn66j252j", "content": "\ud83d\udc1b VULNERABILITIES CVE Notify: \ud83d\udea8 [CVE-2026-4767](https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0487)\nMissing auth...\nhttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0487 #Vulnerability #CVE #ZeroDay", "creation_timestamp": "2026-07-02T15:59:57.246063Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3076a30f-e86e-4ed3-a51e-9ad35b47e3f1/export"/>
    <published>2026-07-02T15:59:57.246063+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/38d632b0-1d12-46e3-9bc1-862be9ffa82a/export</id>
    <title>38d632b0-1d12-46e3-9bc1-862be9ffa82a</title>
    <updated>2026-07-18T10:08:59.059324+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "38d632b0-1d12-46e3-9bc1-862be9ffa82a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4767", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpoe2bhq6y2a", "content": "CVE-2026-4767 - Improper Access Control in TR7's WAF-ASP\nCVE ID : CVE-2026-4767\n \n Published : July 2, 2026, 1:12 p.m. | 2\u00a0hours ago\n \n Description : Missing authentication for critical function vulnerability in TR7 Cyber \u200b\u200bDefense Inc. WAF-ASP allows Authentication Abuse.\n\nTh...", "creation_timestamp": "2026-07-02T15:31:29.483158Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/38d632b0-1d12-46e3-9bc1-862be9ffa82a/export"/>
    <published>2026-07-02T15:31:29.483158+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e4ca4499-1dd8-4b3f-b9cb-4bbbfba6cf7d/export</id>
    <title>e4ca4499-1dd8-4b3f-b9cb-4bbbfba6cf7d</title>
    <updated>2026-07-18T10:08:59.059421+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e4ca4499-1dd8-4b3f-b9cb-4bbbfba6cf7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47670", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-47670.yaml", "content": "", "creation_timestamp": "2026-06-15T06:58:24.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e4ca4499-1dd8-4b3f-b9cb-4bbbfba6cf7d/export"/>
    <published>2026-06-15T06:58:24+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/aa1a1ec5-992a-40b6-b4d0-ee5ad1945818/export</id>
    <title>aa1a1ec5-992a-40b6-b4d0-ee5ad1945818</title>
    <updated>2026-07-18T10:08:59.059514+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "aa1a1ec5-992a-40b6-b4d0-ee5ad1945818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47676", "type": "seen", "source": "https://gist.github.com/alon710/9a85ace33b5f15b6d07a68897c3ce675", "content": "# CVE-2026-47676: CVE-2026-47676: Inconsistent Path Parsing and Slicing in Hono Framework Sub-Application Mounting\n\n&amp;gt; **CVSS Score:** 5.3\n&amp;gt; **Published:** 2026-06-04\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-47676\n\n## Summary\nA path parsing and normalization inconsistency vulnerability exists in the Hono web framework prior to version 4.12.21. When hosting sub-applications via the app.mount() routing interface, Hono calculates the routing path prefix length on a percent-decoded representation of the URI but executes the path-slicing offset on the raw, percent-encoded string. This discrepancy results in malformed request paths being dispatched to mounted sub-applications, potentially leading to route bypasses, route confusion, and application-level Denial of Service.\n\n## TL;DR\nAn inconsistency between decoded prefix matching and raw path-slicing in Hono's app.mount() causes malformed path propagation and routing failures when processing percent-encoded multi-byte URI characters.\n\n## Technical Details\n\n- **CWE ID**: CWE-444 (Inconsistent Interpretation of HTTP Requests)\n- **Attack Vector**: Network (AV:N)\n- **CVSS Severity**: 5.3 Medium\n- **Exploit Status**: Proof of Concept available in test suites\n- **KEV Status**: Not listed\n- **Ransomware Use**: No known usage\n\n## Affected Systems\n\n- Hono framework web applications running on Node.js, Bun, Deno, or Cloudflare Workers\n- **hono**: &amp;lt; 4.12.21 (Fixed in: `4.12.21`)\n\n## Mitigation\n\n- Upgrade Hono dependencies to version 4.12.21 or higher\n- Ensure all mount prefixes are defined strictly using Unicode literals rather than percent-encoded strings\n- Implement a global catch-all exception handler to catch unhandled URIErrors resulting from malformed HTTP paths\n\n**Remediation Steps:**\n1. Identify all projects utilizing Hono by running 'npm ls hono' or equivalent package manager commands\n2. Update the project package.json to require 'hono': '^4.12.21' or higher\n3. Execute the package manager install command to apply the update ('npm install' or 'pnpm install')\n4. Review codebase usage of 'app.mount' to ensure prefixes do not contain hardcoded percent-encoded characters\n5. Re-deploy the application to production and run regression tests containing non-ASCII route characters\n\n## References\n\n- [Hono Security Advisory GHSA-2gcr-mfcq-wcc3](https://github.com/honojs/hono/security/advisories/GHSA-2gcr-mfcq-wcc3)\n- [Fix Commit 6cbb025](https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1)\n- [CVE-2026-47676 Record](https://www.cve.org/CVERecord?id=CVE-2026-47676)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47676) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-04T18:41:16.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/aa1a1ec5-992a-40b6-b4d0-ee5ad1945818/export"/>
    <published>2026-06-04T18:41:16+00:00</published>
  </entry>
</feed>
