<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T01:22:40.008681+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4b9dfa83-27a8-4736-98a1-5d9a1eb49c39/export</id>
    <title>4b9dfa83-27a8-4736-98a1-5d9a1eb49c39</title>
    <updated>2026-07-17T01:22:40.028930+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4b9dfa83-27a8-4736-98a1-5d9a1eb49c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49988", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqpo5tfq562s", "content": "CVE-2026-49988 - Repomix: attach_packed_output can bypass file-read secret scanning for supported local files\nCVE ID : CVE-2026-49988\n \n Published : July 15, 2026, 7:17 p.m. | 17\u00a0minutes ago\n \n Description : Repomix is a tool that packs repositories into AI-friendly files. Pri...", "creation_timestamp": "2026-07-15T21:30:17.722704Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4b9dfa83-27a8-4736-98a1-5d9a1eb49c39/export"/>
    <published>2026-07-15T21:30:17.722704+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b2d48230-66f0-4706-a478-fba59ca8f03b/export</id>
    <title>b2d48230-66f0-4706-a478-fba59ca8f03b</title>
    <updated>2026-07-17T01:22:40.031365+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b2d48230-66f0-4706-a478-fba59ca8f03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49987", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqpmqxdh3a22", "content": "CVE-2026-49987 - Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection\nCVE ID : CVE-2026-49987\n \n Published : July 15, 2026, 7:17 p.m. | 17\u00a0minutes ago\n \n Description : Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/c...", "creation_timestamp": "2026-07-15T21:05:14.149196Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b2d48230-66f0-4706-a478-fba59ca8f03b/export"/>
    <published>2026-07-15T21:05:14.149196+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c014f0c4-4164-44ed-a9a8-1a5cf6c1be80/export</id>
    <title>c014f0c4-4164-44ed-a9a8-1a5cf6c1be80</title>
    <updated>2026-07-17T01:22:40.031463+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c014f0c4-4164-44ed-a9a8-1a5cf6c1be80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49981", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnik3mtql27", "content": "CVE-2026-49981 - Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`\nCVE ID : CVE-2026-49981\n \n Published : July 14, 2026, 10:17 p.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : Twig is a template language f...", "creation_timestamp": "2026-07-15T00:44:27.048136Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c014f0c4-4164-44ed-a9a8-1a5cf6c1be80/export"/>
    <published>2026-07-15T00:44:27.048136+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b4205b63-3ac1-4b68-95e5-f6595ead29c3/export</id>
    <title>b4205b63-3ac1-4b68-95e5-f6595ead29c3</title>
    <updated>2026-07-17T01:22:40.031539+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b4205b63-3ac1-4b68-95e5-f6595ead29c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49980", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mps7iz5uow23", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-49980 \u0432 Rclone: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/1B6CE41D-A8D0-4D6B-894F-6B2211C56CB8", "creation_timestamp": "2026-07-04T04:20:54.146464Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b4205b63-3ac1-4b68-95e5-f6595ead29c3/export"/>
    <published>2026-07-04T04:20:54.146464+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/939fdd09-3c2a-41e7-b363-9da35b5a9e58/export</id>
    <title>939fdd09-3c2a-41e7-b363-9da35b5a9e58</title>
    <updated>2026-07-17T01:22:40.031612+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "939fdd09-3c2a-41e7-b363-9da35b5a9e58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49986", "type": "published-proof-of-concept", "source": "https://github.com/cdeust/Cortex/security/advisories/GHSA-gvpp-v77h-5w8g", "content": "", "creation_timestamp": "2026-07-01T20:35:11.679535Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/939fdd09-3c2a-41e7-b363-9da35b5a9e58/export"/>
    <published>2026-07-01T20:35:11.679535+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/539f7c93-54cd-40b9-a683-aabdfed64ed5/export</id>
    <title>539f7c93-54cd-40b9-a683-aabdfed64ed5</title>
    <updated>2026-07-17T01:22:40.032429+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "539f7c93-54cd-40b9-a683-aabdfed64ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49987", "type": "published-proof-of-concept", "source": "https://github.com/yamadashy/repomix/security/advisories/GHSA-9mm9-rqhj-j5mx", "content": "", "creation_timestamp": "2026-07-01T20:35:09.517613Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/539f7c93-54cd-40b9-a683-aabdfed64ed5/export"/>
    <published>2026-07-01T20:35:09.517613+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b5c2d651-60dd-4bf2-b166-43ec2d0359df/export</id>
    <title>b5c2d651-60dd-4bf2-b166-43ec2d0359df</title>
    <updated>2026-07-17T01:22:40.032517+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "b5c2d651-60dd-4bf2-b166-43ec2d0359df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49989", "type": "published-proof-of-concept", "source": "https://github.com/crate/crate/security/advisories/GHSA-2xv8-gjwh-fv8p", "content": "", "creation_timestamp": "2026-07-01T20:35:07.371743Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b5c2d651-60dd-4bf2-b166-43ec2d0359df/export"/>
    <published>2026-07-01T20:35:07.371743+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f18681de-4411-4332-b946-d69bb800366c/export</id>
    <title>f18681de-4411-4332-b946-d69bb800366c</title>
    <updated>2026-07-17T01:22:40.032590+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f18681de-4411-4332-b946-d69bb800366c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49984", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mplmfdagoy2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-49984 \u0432 Kestra: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/AF3C7B1E-D9A9-4D34-B924-C4CE6748BF24", "creation_timestamp": "2026-07-01T13:22:51.397830Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f18681de-4411-4332-b946-d69bb800366c/export"/>
    <published>2026-07-01T13:22:51.397830+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ee78f8fa-a397-4f18-8310-8f5614e7c26a/export</id>
    <title>ee78f8fa-a397-4f18-8310-8f5614e7c26a</title>
    <updated>2026-07-17T01:22:40.032658+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ee78f8fa-a397-4f18-8310-8f5614e7c26a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49980", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphw63pkjn2e", "content": "\ud83d\udccc CVE-2026-49980 - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --r... https://www.cyberhub.blog/cves/CVE-2026-49980", "creation_timestamp": "2026-06-30T02:07:07.398394Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ee78f8fa-a397-4f18-8310-8f5614e7c26a/export"/>
    <published>2026-06-30T02:07:07.398394+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/91fe9531-304c-4c3f-b733-81ef8a7dc702/export</id>
    <title>91fe9531-304c-4c3f-b733-81ef8a7dc702</title>
    <updated>2026-07-17T01:22:40.032729+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "91fe9531-304c-4c3f-b733-81ef8a7dc702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49984", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mph7b5jj2w2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-49984 \u0432 Kestra: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/785221D3-8475-46E9-B85D-8063FA40B9AD", "creation_timestamp": "2026-06-29T19:17:13.467505Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/91fe9531-304c-4c3f-b733-81ef8a7dc702/export"/>
    <published>2026-06-29T19:17:13.467505+00:00</published>
  </entry>
</feed>
