<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-03T11:03:42.427477+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d276d20d-ef41-4d1b-8cbe-1fa4d6286ac1/export</id>
    <title>d276d20d-ef41-4d1b-8cbe-1fa4d6286ac1</title>
    <updated>2026-07-03T11:03:42.450510+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d276d20d-ef41-4d1b-8cbe-1fa4d6286ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4885", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motosv5ecy2v", "content": "\ud83d\udea8  ALERT: CVE-2026-4885\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplet", "creation_timestamp": "2026-06-22T01:02:19.723903Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d276d20d-ef41-4d1b-8cbe-1fa4d6286ac1/export"/>
    <published>2026-06-22T01:02:19.723903+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6e85339b-96bd-449e-ad32-0a3f16bc41b7/export</id>
    <title>6e85339b-96bd-449e-ad32-0a3f16bc41b7</title>
    <updated>2026-07-03T11:03:42.452643+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6e85339b-96bd-449e-ad32-0a3f16bc41b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48854", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moelaczwpr2p", "content": "CVE-2026-48854 - Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc\nCVE ID : CVE-2026-48854\n \n Published : June 15, 2026, 11:16 p.m. | 25\u00a0minutes ago\n \n Description : Allocation of Resources Without Limits or Throttling vulnerability in elixir-grp...", "creation_timestamp": "2026-06-16T00:48:19.419191Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6e85339b-96bd-449e-ad32-0a3f16bc41b7/export"/>
    <published>2026-06-16T00:48:19.419191+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ded17b34-a746-4f4b-b106-1cf230bf9b2c/export</id>
    <title>ded17b34-a746-4f4b-b106-1cf230bf9b2c</title>
    <updated>2026-07-03T11:03:42.452781+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ded17b34-a746-4f4b-b106-1cf230bf9b2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48853", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moejtklbs22p", "content": "CVE-2026-48853 - Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc\nCVE ID : CVE-2026-48853\n \n Published : June 15, 2026, 11:16 p.m. | 25\u00a0minutes ago\n \n Description : Deserialization of Untrusted Data and Allocation of Resour...", "creation_timestamp": "2026-06-16T00:23:17.509801Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ded17b34-a746-4f4b-b106-1cf230bf9b2c/export"/>
    <published>2026-06-16T00:23:17.509801+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/127e24ef-a0e1-4d1a-b935-d5dc3a1021fd/export</id>
    <title>127e24ef-a0e1-4d1a-b935-d5dc3a1021fd</title>
    <updated>2026-07-03T11:03:42.452889+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "127e24ef-a0e1-4d1a-b935-d5dc3a1021fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48853", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116756842721787890", "content": "\ud83d\udea8 CRITICAL: elixir-grpc grpc (0.4.0-&amp;lt;1.0.0) vulnerable to unauthenticated RCE &amp;amp; DoS via unsafe :erlang.binary_to_term/1 use. Patch status pending \u2014 restrict 'application/grpc+erlpack' inputs now! CVE-2026-48853 https://radar.offseq.com/threat/cve-2026-48853-cwe-502-deserialization-of-untruste-dc5cfe73 #OffSeq #elixir #CVE202648853 #infosec", "creation_timestamp": "2026-06-16T00:00:42.686433Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/127e24ef-a0e1-4d1a-b935-d5dc3a1021fd/export"/>
    <published>2026-06-16T00:00:42.686433+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/908ab7b0-bf69-491f-8b32-568c5d59100f/export</id>
    <title>908ab7b0-bf69-491f-8b32-568c5d59100f</title>
    <updated>2026-07-03T11:03:42.452987+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "908ab7b0-bf69-491f-8b32-568c5d59100f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48853", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moeikz22zn2e", "content": "CRITICAL: elixir-grpc grpc (&amp;lt;1.0.0) flaw lets attackers crash BEAM VM or gain RCE via unsafe deserialization. Block risky Content-Type inputs &amp;amp; await vendor patch. https://radar.offseq.com/threat/cve-2026-48853-cwe-502-deserialization-of-untruste-dc5cfe73 #OffSeq #elixir #CVE202648853", "creation_timestamp": "2026-06-16T00:00:37.182218Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/908ab7b0-bf69-491f-8b32-568c5d59100f/export"/>
    <published>2026-06-16T00:00:37.182218+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/59650e00-eecc-4980-a1f4-08c3d702ff7b/export</id>
    <title>59650e00-eecc-4980-a1f4-08c3d702ff7b</title>
    <updated>2026-07-03T11:03:42.453083+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "59650e00-eecc-4980-a1f4-08c3d702ff7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4885", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mn5g2skrze2d", "content": "\u3010\u8106\u5f31\u6027\u60c5\u5831\u3011 CVE-2026-4885 Piotnet Addons for Elementor\u00a0Pro\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\n\n\u3053\u306e\u8106\u5f31\u6027\u306f\u3001WordPress\u7528\u306ePiotnet Addons for Elementor Pro\u30d7\u30e9\u30b0\u30a4\u30f3\u306b\u5b58\u5728\u3057\u3001\u3059\u3079\u3066\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\uff087.1.70\u3092\u542b\u3080\uff09\u3067\u30d5\u30a1\u30a4\u30eb\u30bf\u30a4\u30d7\u306e\u691c\u8a3c\u304c\u6b20\u5982\u3057\u3066\u3044\u308b\u305f\u3081\u3001", "creation_timestamp": "2026-05-31T11:01:56.114414Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/59650e00-eecc-4980-a1f4-08c3d702ff7b/export"/>
    <published>2026-05-31T11:01:56.114414+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1e26f807-8e6b-41a6-911e-40335d6e6bf8/export</id>
    <title>1e26f807-8e6b-41a6-911e-40335d6e6bf8</title>
    <updated>2026-07-03T11:03:42.453182+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1e26f807-8e6b-41a6-911e-40335d6e6bf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4885", "type": "published-proof-of-concept", "source": "Telegram/ZaHXjBqHV5p0kjhml26f_2eMLQEVC_NJ4MXuG-5T_OiTVdE", "content": "", "creation_timestamp": "2026-05-23T21:00:04.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1e26f807-8e6b-41a6-911e-40335d6e6bf8/export"/>
    <published>2026-05-23T21:00:04+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/69f29bd5-796e-4833-a12c-b75bac54ad5a/export</id>
    <title>69f29bd5-796e-4833-a12c-b75bac54ad5a</title>
    <updated>2026-07-03T11:03:42.453277+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "69f29bd5-796e-4833-a12c-b75bac54ad5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4885", "type": "seen", "source": "Telegram/0JZVqbB1rKqBB9hp8lsgoqSMQmBZfJa9U3GcChkguYZyduk", "content": "", "creation_timestamp": "2026-05-23T19:00:10.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/69f29bd5-796e-4833-a12c-b75bac54ad5a/export"/>
    <published>2026-05-23T19:00:10+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6a8b968e-65c2-41ae-9cf4-8f59c9f7669c/export</id>
    <title>6a8b968e-65c2-41ae-9cf4-8f59c9f7669c</title>
    <updated>2026-07-03T11:03:42.453370+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6a8b968e-65c2-41ae-9cf4-8f59c9f7669c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4885", "type": "seen", "source": "https://t.me/GithubRedTeam/85591", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-4885\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Jenderal92\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-23 17:52:54\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPiotnet Addons for Elementor Pro &amp;lt;= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-23T18:00:04.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6a8b968e-65c2-41ae-9cf4-8f59c9f7669c/export"/>
    <published>2026-05-23T18:00:04+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/40b9b6e0-f489-4266-b207-af4707b4ec3a/export</id>
    <title>40b9b6e0-f489-4266-b207-af4707b4ec3a</title>
    <updated>2026-07-03T11:03:42.453476+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "40b9b6e0-f489-4266-b207-af4707b4ec3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4885", "type": "seen", "source": "Telegram/6gh1HJgE3RFVn7K8UtbcJPp_JwEYzEQXCykvkUTLZjGZEDc", "content": "", "creation_timestamp": "2026-05-21T21:00:05.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/40b9b6e0-f489-4266-b207-af4707b4ec3a/export"/>
    <published>2026-05-21T21:00:05+00:00</published>
  </entry>
</feed>
