<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-10T13:10:36.066356+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/85818079-36f4-4820-8784-d19edb3c72b5/export</id>
    <title>85818079-36f4-4820-8784-d19edb3c72b5</title>
    <updated>2026-07-10T13:10:36.095656+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "85818079-36f4-4820-8784-d19edb3c72b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53877", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq2yqc7v5w2x", "content": "CVE-2026-53877 - Heap buffer over-read in GDALRaster\nCVE ID : CVE-2026-53877\n \n Published : July 7, 2026, 3:16 p.m. | 31\u00a0minutes ago\n \n Description : An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.\n`django.contrib.gis.gdal.GDALRaster` over-reads its i...", "creation_timestamp": "2026-07-07T16:13:40.107356Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/85818079-36f4-4820-8784-d19edb3c72b5/export"/>
    <published>2026-07-07T16:13:40.107356+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/35c22823-e725-4baa-b362-4c64475beedf/export</id>
    <title>35c22823-e725-4baa-b362-4c64475beedf</title>
    <updated>2026-07-10T13:10:36.102835+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "35c22823-e725-4baa-b362-4c64475beedf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53878", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq2y6fbxvq23", "content": "CVE-2026-53878 - Header injection possibility since DomainNameValidator accepted newlines in input\nCVE ID : CVE-2026-53878\n \n Published : July 7, 2026, 3:16 p.m. | 31\u00a0minutes ago\n \n Description : An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.\n`Domain...", "creation_timestamp": "2026-07-07T16:03:39.183279Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/35c22823-e725-4baa-b362-4c64475beedf/export"/>
    <published>2026-07-07T16:03:39.183279+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/34883cea-f33f-42e1-b718-3bd8c8e20c2a/export</id>
    <title>34883cea-f33f-42e1-b718-3bd8c8e20c2a</title>
    <updated>2026-07-10T13:10:36.103050+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "34883cea-f33f-42e1-b718-3bd8c8e20c2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53878", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq2uvi6mb22w", "content": "Django CVE-2026-48588, CVE-2026-53877, and CVE-2026-53878", "creation_timestamp": "2026-07-07T15:04:59.220724Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/34883cea-f33f-42e1-b718-3bd8c8e20c2a/export"/>
    <published>2026-07-07T15:04:59.220724+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5155a4bb-0af1-43a5-8819-476be382d37d/export</id>
    <title>5155a4bb-0af1-43a5-8819-476be382d37d</title>
    <updated>2026-07-10T13:10:36.103220+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5155a4bb-0af1-43a5-8819-476be382d37d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53877", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq2uvi6mb22w", "content": "Django CVE-2026-48588, CVE-2026-53877, and CVE-2026-53878", "creation_timestamp": "2026-07-07T15:04:59.176088Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5155a4bb-0af1-43a5-8819-476be382d37d/export"/>
    <published>2026-07-07T15:04:59.176088+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/12166cd3-f696-4adb-bbda-fda1f675cdc1/export</id>
    <title>12166cd3-f696-4adb-bbda-fda1f675cdc1</title>
    <updated>2026-07-10T13:10:36.103401+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "12166cd3-f696-4adb-bbda-fda1f675cdc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53874", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnkutt5o2l", "content": "\ud83d\udea8  ALERT: CVE-2026-53874\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\npicklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files th", "creation_timestamp": "2026-06-22T00:39:57.216188Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/12166cd3-f696-4adb-bbda-fda1f675cdc1/export"/>
    <published>2026-06-22T00:39:57.216188+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/54a8040e-e90a-420a-8736-ca62d37f10f3/export</id>
    <title>54a8040e-e90a-420a-8736-ca62d37f10f3</title>
    <updated>2026-07-10T13:10:36.103588+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "54a8040e-e90a-420a-8736-ca62d37f10f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53871", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojayqynw62f", "content": "CVE-2026-53871 - Hermes WebUI\nCVE ID : CVE-2026-53871\n \n Published : June 17, 2026, 5:58 p.m. | 1\u00a0hour, 31\u00a0minutes ago\n \n Description : Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated...", "creation_timestamp": "2026-06-17T21:28:26.907341Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/54a8040e-e90a-420a-8736-ca62d37f10f3/export"/>
    <published>2026-06-17T21:28:26.907341+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e87b79a1-92d2-4578-83f4-27477dd1a399/export</id>
    <title>e87b79a1-92d2-4578-83f4-27477dd1a399</title>
    <updated>2026-07-10T13:10:36.103764+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e87b79a1-92d2-4578-83f4-27477dd1a399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53875", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moixw6tkdm2z", "content": "CVE-2026-53875 - picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch\nCVE ID : CVE-2026-53875\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 37\u00a0minutes ago\n \n Description : picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch functi...", "creation_timestamp": "2026-06-17T18:45:57.086171Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e87b79a1-92d2-4578-83f4-27477dd1a399/export"/>
    <published>2026-06-17T18:45:57.086171+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7fdd1853-7580-4bd5-a043-86697c163622/export</id>
    <title>7fdd1853-7580-4bd5-a043-86697c163622</title>
    <updated>2026-07-10T13:10:36.103918+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7fdd1853-7580-4bd5-a043-86697c163622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53874", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivozupwr2f", "content": "CVE-2026-53874 - picklescan - Arbitrary Code Execution via Obfuscated eval Call\nCVE ID : CVE-2026-53874\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthent...", "creation_timestamp": "2026-06-17T18:06:09.615269Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7fdd1853-7580-4bd5-a043-86697c163622/export"/>
    <published>2026-06-17T18:06:09.615269+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3b4fe301-22d2-4a25-a468-676eac2ff04b/export</id>
    <title>3b4fe301-22d2-4a25-a468-676eac2ff04b</title>
    <updated>2026-07-10T13:10:36.104049+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3b4fe301-22d2-4a25-a468-676eac2ff04b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53872", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivlzrdyp2b", "content": "CVE-2026-53872 - picklescan - Arbitrary File Read via Unsafe Pickle Deserialization\nCVE ID : CVE-2026-53872\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowi...", "creation_timestamp": "2026-06-17T18:04:28.771437Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3b4fe301-22d2-4a25-a468-676eac2ff04b/export"/>
    <published>2026-06-17T18:04:28.771437+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3b471525-c891-4820-bf84-b8417a94f0cd/export</id>
    <title>3b471525-c891-4820-bf84-b8417a94f0cd</title>
    <updated>2026-07-10T13:10:36.104211+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3b471525-c891-4820-bf84-b8417a94f0cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53873", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivgiq3wx2h", "content": "CVE-2026-53873 - picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass\nCVE ID : CVE-2026-53873\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 1.0.4 contains an incomplete blocklist for the profile module t...", "creation_timestamp": "2026-06-17T18:01:23.193148Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3b471525-c891-4820-bf84-b8417a94f0cd/export"/>
    <published>2026-06-17T18:01:23.193148+00:00</published>
  </entry>
</feed>
