<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T18:50:10.038760+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4fe64e82-4f5f-4362-9e47-d7e35299aefa/export</id>
    <title>4fe64e82-4f5f-4362-9e47-d7e35299aefa</title>
    <updated>2026-07-09T18:50:10.055390+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4fe64e82-4f5f-4362-9e47-d7e35299aefa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48588", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq2zl5oqzw2i", "content": "CVE-2026-48588 - Potential exposure of private data via cached Set-Cookie response\nCVE ID : CVE-2026-48588\n \n Published : July 7, 2026, 3:16 p.m. | 31\u00a0minutes ago\n \n Description : An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.\n`UpdateCacheMiddleware`...", "creation_timestamp": "2026-07-07T16:28:41.366063Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4fe64e82-4f5f-4362-9e47-d7e35299aefa/export"/>
    <published>2026-07-07T16:28:41.366063+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c3cde575-cd2e-4beb-bd63-29d1ee2ca344/export</id>
    <title>c3cde575-cd2e-4beb-bd63-29d1ee2ca344</title>
    <updated>2026-07-09T18:50:10.057748+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c3cde575-cd2e-4beb-bd63-29d1ee2ca344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48588", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq2uvi6mb22w", "content": "Django CVE-2026-48588, CVE-2026-53877, and CVE-2026-53878", "creation_timestamp": "2026-07-07T15:04:59.108278Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c3cde575-cd2e-4beb-bd63-29d1ee2ca344/export"/>
    <published>2026-07-07T15:04:59.108278+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/654a793c-a84d-4141-a492-0a5e043da9c0/export</id>
    <title>654a793c-a84d-4141-a492-0a5e043da9c0</title>
    <updated>2026-07-09T18:50:10.057880+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "654a793c-a84d-4141-a492-0a5e043da9c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48588", "type": "seen", "source": "https://bsky.app/profile/selfhost.directory/post/3mq2uqb2zhm2c", "content": "\ud83d\ude80 New #release \u00b7 Saleor 3.23.17\n\nWhat's Changed\n\u2022 Upgraded django to v5.2.16 by @NyanKiyoshi in #19438\nFixes:\n\u2022 CVE-2026-48588: Potential exposure of private data via cached Set-C\u2026\n\nCheck and #self-host it \u2192 selfhost.directory/project/saleor#update-3081251\n\n#selfhost #selfhosted #homelab #opensource", "creation_timestamp": "2026-07-07T15:02:03.827675Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/654a793c-a84d-4141-a492-0a5e043da9c0/export"/>
    <published>2026-07-07T15:02:03.827675+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/50db8d0a-59be-441e-a567-56854c0437b5/export</id>
    <title>50db8d0a-59be-441e-a567-56854c0437b5</title>
    <updated>2026-07-09T18:50:10.057992+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "50db8d0a-59be-441e-a567-56854c0437b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48582", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mp7qnlpxhv2k", "content": "\ud83d\udccc CVE-2026-48582 - Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. https://www.cyberhub.blog/cves/CVE-2026-48582", "creation_timestamp": "2026-06-26T20:07:13.756066Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/50db8d0a-59be-441e-a567-56854c0437b5/export"/>
    <published>2026-06-26T20:07:13.756066+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3745cffc-e297-433a-aa7b-5d86ecf55183/export</id>
    <title>3745cffc-e297-433a-aa7b-5d86ecf55183</title>
    <updated>2026-07-09T18:50:10.058095+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3745cffc-e297-433a-aa7b-5d86ecf55183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48584", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3moujlaem3q2m", "content": "CVE-2026-48584 - Critical privilege escalation in Azure Synapse. CVSS 9.9. No patch available. Mitigate immediately. #CVE #Azure #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-48584/", "creation_timestamp": "2026-06-22T09:01:14.610243Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3745cffc-e297-433a-aa7b-5d86ecf55183/export"/>
    <published>2026-06-22T09:01:14.610243+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cbb4fd2b-16e6-4b50-8403-6845163bf55b/export</id>
    <title>cbb4fd2b-16e6-4b50-8403-6845163bf55b</title>
    <updated>2026-07-09T18:50:10.058195+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cbb4fd2b-16e6-4b50-8403-6845163bf55b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48582", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnwlvi4d2s", "content": "\ud83d\udea8  ALERT: CVE-2026-48582\n\nCVSS 9.6/10\n\n\ud83d\udccb WHAT IT IS:\nMissing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.\n\n\ud83c\udfaf WHO'S AFFECTED:\n  \u2022 Microsoft Exchange Online, Microsoft, Exchange\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: NETWORK\nImpact: hig", "creation_timestamp": "2026-06-22T00:46:30.477224Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cbb4fd2b-16e6-4b50-8403-6845163bf55b/export"/>
    <published>2026-06-22T00:46:30.477224+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/50ac8212-3e76-4254-9d3a-d5496f047ebe/export</id>
    <title>50ac8212-3e76-4254-9d3a-d5496f047ebe</title>
    <updated>2026-07-09T18:50:10.058297+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "50ac8212-3e76-4254-9d3a-d5496f047ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48584", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnfcrouu2v", "content": "\ud83d\udea8  ALERT: CVE-2026-48584\n\nCVSS 9.9/10\n\n\ud83d\udccb WHAT IT IS:\nExecution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.\n\n\ud83c\udfaf WHO'S AFFECTED:\n  \u2022 Azure Synapse\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: NETWORK\nImpact: high impact on confidentiality, ", "creation_timestamp": "2026-06-22T00:36:50.428011Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/50ac8212-3e76-4254-9d3a-d5496f047ebe/export"/>
    <published>2026-06-22T00:36:50.428011+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/073fc731-ede0-4115-8a34-9394c6b55514/export</id>
    <title>073fc731-ede0-4115-8a34-9394c6b55514</title>
    <updated>2026-07-09T18:50:10.058396+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "073fc731-ede0-4115-8a34-9394c6b55514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4858", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmhez5pf2z", "content": "\ud83d\udea8  ALERT: CVE-2026-4858\n\nCVSS 8.0/10\n\n\ud83d\udccb WHAT IT IS:\nMattermost versions 11.6.x &amp;lt;= 11.6.0, 11.5.x &amp;lt;= 11.5.3, 11.4.x &amp;lt;= 11.4.4, 10.11.x &amp;lt;= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user  to call an arbitrary API via system admin Mattermost auth t", "creation_timestamp": "2026-06-22T00:20:06.134949Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/073fc731-ede0-4115-8a34-9394c6b55514/export"/>
    <published>2026-06-22T00:20:06.134949+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b18177a0-53df-42bd-9d54-b48358ac4f4c/export</id>
    <title>b18177a0-53df-42bd-9d54-b48358ac4f4c</title>
    <updated>2026-07-09T18:50:10.058498+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b18177a0-53df-42bd-9d54-b48358ac4f4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48582", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moofqsioi72o", "content": "CVE-2026-48582 - Microsoft Exchange Online Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-48582\n \n Published : June 19, 2026, 8:29 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : None\n \n Severity: 9.6 | CRITICAL\n \n Visit the link for more details, such as CVSS details, ...", "creation_timestamp": "2026-06-19T22:36:47.568545Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b18177a0-53df-42bd-9d54-b48358ac4f4c/export"/>
    <published>2026-06-19T22:36:47.568545+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cdb90164-9769-4d1c-a690-c46099143bd4/export</id>
    <title>cdb90164-9769-4d1c-a690-c46099143bd4</title>
    <updated>2026-07-09T18:50:10.058606+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cdb90164-9769-4d1c-a690-c46099143bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48584", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moofhtv2b42q", "content": "CVE-2026-48584 - Microsoft Azure Synapse Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-48584\n \n Published : June 19, 2026, 8:27 p.m. | 1\u00a0hour, 15\u00a0minutes ago\n \n Description : None\n \n Severity: 9.9 | CRITICAL\n \n Visit the link for more details, such as CVSS details, af...", "creation_timestamp": "2026-06-19T22:31:46.956965Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cdb90164-9769-4d1c-a690-c46099143bd4/export"/>
    <published>2026-06-19T22:31:46.956965+00:00</published>
  </entry>
</feed>
