<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-03T15:59:28.629758+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0ba543d1-6115-4070-ada0-8b7271240066/export</id>
    <title>0ba543d1-6115-4070-ada0-8b7271240066</title>
    <updated>2026-07-03T15:59:28.653271+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0ba543d1-6115-4070-ada0-8b7271240066", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54477", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mppjau64lu2s", "content": "CVE-2026-54477 - Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax\nCVE ID : CVE-2026-54477\n \n Published : July 2, 2026, 11:52 p.m. | 1\u00a0hour, 54\u00a0minutes ago\n \n Description : The admin panel lacks standard security headers, enabling clickjacking and cro...", "creation_timestamp": "2026-07-03T02:37:18.594114Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0ba543d1-6115-4070-ada0-8b7271240066/export"/>
    <published>2026-07-03T02:37:18.594114+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2c61ae2e-b7a1-453e-83d2-fc611758197a/export</id>
    <title>2c61ae2e-b7a1-453e-83d2-fc611758197a</title>
    <updated>2026-07-03T15:59:28.654910+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2c61ae2e-b7a1-453e-83d2-fc611758197a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54475", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpph6qinrz2a", "content": "Nine Apache ActiveMQ vulnerabilities allow denial of service and a temporary destination takeover (CVE-2026-54475). Upgrade to 6.2.7 now.\n\n#ApacheActiveMQ #ActiveMQ #CVE202654475 #DenialOfService #OpenWire #STOMP #MessageBroker #Vulnerability", "creation_timestamp": "2026-07-03T02:00:20.869129Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2c61ae2e-b7a1-453e-83d2-fc611758197a/export"/>
    <published>2026-07-03T02:00:20.869129+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/26b6f59d-c1f0-4792-8fec-d80cfeac1c95/export</id>
    <title>26b6f59d-c1f0-4792-8fec-d80cfeac1c95</title>
    <updated>2026-07-03T15:59:28.655051+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "26b6f59d-c1f0-4792-8fec-d80cfeac1c95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54477", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03", "content": "", "creation_timestamp": "2026-07-02T17:15:07.407219Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/26b6f59d-c1f0-4792-8fec-d80cfeac1c95/export"/>
    <published>2026-07-02T17:15:07.407219+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b6830918-4c71-4a0d-a6da-26fba95689b2/export</id>
    <title>b6830918-4c71-4a0d-a6da-26fba95689b2</title>
    <updated>2026-07-03T15:59:28.656077+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b6830918-4c71-4a0d-a6da-26fba95689b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54475", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mphhdvij522x", "content": "CVE-2026-54475: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover", "creation_timestamp": "2026-06-29T21:41:55.247083Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b6830918-4c71-4a0d-a6da-26fba95689b2/export"/>
    <published>2026-06-29T21:41:55.247083+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/95e69e68-475f-40a9-afcd-5d319ce1be1e/export</id>
    <title>95e69e68-475f-40a9-afcd-5d319ce1be1e</title>
    <updated>2026-07-03T15:59:28.656196+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "95e69e68-475f-40a9-afcd-5d319ce1be1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54479", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mp5kgsxaoa2v", "content": "CVE-2026-54479 - DoS in Websocket backend. Predictable session IDs allow auth bypass or resource exhaustion. CVSS 7.3. No patch yet. Monitor systems closely. #CVE #infosec #cybersecurity\n\nhttps://www.valtersit.com/cve/CVE-2026-54479/", "creation_timestamp": "2026-06-25T23:10:37.156004Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/95e69e68-475f-40a9-afcd-5d319ce1be1e/export"/>
    <published>2026-06-25T23:10:37.156004+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bf420a33-3fef-43f6-91ad-f699e6c4e018/export</id>
    <title>bf420a33-3fef-43f6-91ad-f699e6c4e018</title>
    <updated>2026-07-03T15:59:28.656308+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bf420a33-3fef-43f6-91ad-f699e6c4e018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54479", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5hbievx22w", "content": "CVE-2026-54479 - EVoke Systems EVoke CSMS Insufficient Session Expiration\nCVE ID : CVE-2026-54479\n \n Published : June 25, 2026, 8:56 p.m. | 48\u00a0minutes ago\n \n Description : The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multipl...", "creation_timestamp": "2026-06-25T22:13:57.262584Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bf420a33-3fef-43f6-91ad-f699e6c4e018/export"/>
    <published>2026-06-25T22:13:57.262584+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c7e73d92-65fd-430a-91ff-7424b23fb2a3/export</id>
    <title>c7e73d92-65fd-430a-91ff-7424b23fb2a3</title>
    <updated>2026-07-03T15:59:28.656412+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "c7e73d92-65fd-430a-91ff-7424b23fb2a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54479", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-02", "content": "", "creation_timestamp": "2026-06-25T17:15:19.508709Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c7e73d92-65fd-430a-91ff-7424b23fb2a3/export"/>
    <published>2026-06-25T17:15:19.508709+00:00</published>
  </entry>
</feed>
