<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-13T04:07:37.591274+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3518f243-35a6-47a5-b169-f6c2cb16f74a/export</id>
    <title>3518f243-35a6-47a5-b169-f6c2cb16f74a</title>
    <updated>2026-07-13T04:07:37.615253+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3518f243-35a6-47a5-b169-f6c2cb16f74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49276", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqaitinknm27", "content": "CVE-2026-49276 - Kirby: Self cross-site scripting (self-XSS) in the writer field\nCVE ID : CVE-2026-49276\n \n Published : July 9, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the ...", "creation_timestamp": "2026-07-09T20:45:07.003904Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3518f243-35a6-47a5-b169-f6c2cb16f74a/export"/>
    <published>2026-07-09T20:45:07.003904+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/aabc1808-4ce2-480e-9eb4-5b1f17cc0e07/export</id>
    <title>aabc1808-4ce2-480e-9eb4-5b1f17cc0e07</title>
    <updated>2026-07-13T04:07:37.617254+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "aabc1808-4ce2-480e-9eb4-5b1f17cc0e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49274", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqag5munyo2x", "content": "CVE-2026-49274 - Kirby: `pages.access` permission is not checked in the pages picker for parent pages\nCVE ID : CVE-2026-49274\n \n Published : July 9, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, K...", "creation_timestamp": "2026-07-09T19:57:06.707012Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/aabc1808-4ce2-480e-9eb4-5b1f17cc0e07/export"/>
    <published>2026-07-09T19:57:06.707012+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5e9a7182-2714-4ef1-a0e2-c23965917b00/export</id>
    <title>5e9a7182-2714-4ef1-a0e2-c23965917b00</title>
    <updated>2026-07-13T04:07:37.617474+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5e9a7182-2714-4ef1-a0e2-c23965917b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49270", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mphhukusr22j", "content": "CVE-2026-50750: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270", "creation_timestamp": "2026-06-29T21:51:14.668184Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5e9a7182-2714-4ef1-a0e2-c23965917b00/export"/>
    <published>2026-06-29T21:51:14.668184+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/518e9760-c061-453d-9189-49661304cb85/export</id>
    <title>518e9760-c061-453d-9189-49661304cb85</title>
    <updated>2026-07-13T04:07:37.617659+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "518e9760-c061-453d-9189-49661304cb85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49277", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2ztnvgtv22", "content": "CVE-2026-49277 - Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation\nCVE ID : CVE-2026-49277\n \n Published : June 24, 2026, 9:04 p.m. | 40\u00a0minutes ago\n \n Description : Rocket.Chat is an open-source, secure, fully customizable communications plat...", "creation_timestamp": "2026-06-24T23:08:15.567316Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/518e9760-c061-453d-9189-49661304cb85/export"/>
    <published>2026-06-24T23:08:15.567316+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/61644b6a-9311-4160-9a52-61e28bbd6837/export</id>
    <title>61644b6a-9311-4160-9a52-61e28bbd6837</title>
    <updated>2026-07-13T04:07:37.617842+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "61644b6a-9311-4160-9a52-61e28bbd6837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49278", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2xvn64o72k", "content": "CVE-2026-49278 - Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation\nCVE ID : CVE-2026-49278\n \n Published : June 24, 2026, 9:05 p.m. | 39\u00a0minutes ago\n \n Description : Rocket.Chat is an open-source, secure, fully customizable co...", "creation_timestamp": "2026-06-24T22:33:33.918767Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/61644b6a-9311-4160-9a52-61e28bbd6837/export"/>
    <published>2026-06-24T22:33:33.918767+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3e94271b-e7a9-4d3a-ae70-64737d4eeecb/export</id>
    <title>3e94271b-e7a9-4d3a-ae70-64737d4eeecb</title>
    <updated>2026-07-13T04:07:37.618011+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3e94271b-e7a9-4d3a-ae70-64737d4eeecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49270", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn652dgcga27", "content": "CVE-2026-49270: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)", "creation_timestamp": "2026-05-31T17:53:16.410663Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3e94271b-e7a9-4d3a-ae70-64737d4eeecb/export"/>
    <published>2026-05-31T17:53:16.410663+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ad121f4e-710e-49e2-87ea-4073368bfba1/export</id>
    <title>ad121f4e-710e-49e2-87ea-4073368bfba1</title>
    <updated>2026-07-13T04:07:37.618174+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "ad121f4e-710e-49e2-87ea-4073368bfba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49279", "type": "published-proof-of-concept", "source": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2fhx-q92v-5fhv", "content": "", "creation_timestamp": "2026-05-25T12:28:08.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ad121f4e-710e-49e2-87ea-4073368bfba1/export"/>
    <published>2026-05-25T12:28:08+00:00</published>
  </entry>
</feed>
