<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-16T15:08:09.583104+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/424e54ab-91f8-492c-888e-86af4a8bdd60/export</id>
    <title>424e54ab-91f8-492c-888e-86af4a8bdd60</title>
    <updated>2026-07-16T15:08:09.602322+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "424e54ab-91f8-492c-888e-86af4a8bdd60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqqofao77726", "content": "\ud83d\udccc CVE-2026-54527 - JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader() method passes Git filenames directl... https://www.cyberhub.blog/cves/CVE-2026-54527", "creation_timestamp": "2026-07-16T07:07:06.949705Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/424e54ab-91f8-492c-888e-86af4a8bdd60/export"/>
    <published>2026-07-16T07:07:06.949705+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5aef48d2-9250-42e9-bb3d-80e4876deb33/export</id>
    <title>5aef48d2-9250-42e9-bb3d-80e4876deb33</title>
    <updated>2026-07-16T15:08:09.605005+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5aef48d2-9250-42e9-bb3d-80e4876deb33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mqnvcdm2qd2u", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43499: 26 interactions\nCVE-2026-20262: 14 interactions\nCVE-2026-44747: 14 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-44747: 14 interactions\nCVE-2026-47295: 6 interactions\nCVE-2026-54527: 6 interactions\n", "creation_timestamp": "2026-07-15T04:32:45.656082Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5aef48d2-9250-42e9-bb3d-80e4876deb33/export"/>
    <published>2026-07-15T04:32:45.656082+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2864ce71-8d8c-44bb-a5d4-c7df9062d125/export</id>
    <title>2864ce71-8d8c-44bb-a5d4-c7df9062d125</title>
    <updated>2026-07-16T15:08:09.605172+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2864ce71-8d8c-44bb-a5d4-c7df9062d125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqlgjy4pgm23", "content": "Daily IT Security Digest \u2014 2026-07-14\nScripting (CVE-2026-54527)\nA critical XSS vulnerability in jupyterlab-git (versions below 0.54.0) allows malicious Git filenames to execute JavaScript when viewed in the Git History tab, risking session hijacking and data theft. Users should upgrade to version", "creation_timestamp": "2026-07-14T05:03:16.347146Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2864ce71-8d8c-44bb-a5d4-c7df9062d125/export"/>
    <published>2026-07-14T05:03:16.347146+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ce0d9272-2325-4415-b7c2-de9b7bcdda90/export</id>
    <title>ce0d9272-2325-4415-b7c2-de9b7bcdda90</title>
    <updated>2026-07-16T15:08:09.605320+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ce0d9272-2325-4415-b7c2-de9b7bcdda90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mq6u6q5sii2e", "content": "Daily IT Security Digest \u2014 2026-07-09\nnot yet patched. Security teams should audit their environments against these disclosed exploit chains.\nSource: https://infosec.exchange/@AAKL/116851105666469635\n\n## 4. CRITICAL XSS in jupyterlab-git (CVE-2026-54527)", "creation_timestamp": "2026-07-09T05:02:54.480939Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ce0d9272-2325-4415-b7c2-de9b7bcdda90/export"/>
    <published>2026-07-09T05:02:54.480939+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c6bafa97-033b-468a-a3fa-0d822a286eb6/export</id>
    <title>c6bafa97-033b-468a-a3fa-0d822a286eb6</title>
    <updated>2026-07-16T15:08:09.605470+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c6bafa97-033b-468a-a3fa-0d822a286eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54527", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq6ndtyssy2f", "content": "jupyterlab-git &amp;lt;0.54.0 is vulnerable to CRITICAL XSS (CVE-2026-54527). Malicious filenames can run code in users\u2019 browsers. Upgrade to 0.54.0+ now! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-54527-cwe-79-improper-neutralization-of-i-859af0d357310c79 #OffSeq #security #jupyterlab", "creation_timestamp": "2026-07-09T03:00:31.123766Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c6bafa97-033b-468a-a3fa-0d822a286eb6/export"/>
    <published>2026-07-09T03:00:31.123766+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4d4e0cce-0bee-4189-b8f1-a5cc594250e4/export</id>
    <title>4d4e0cce-0bee-4189-b8f1-a5cc594250e4</title>
    <updated>2026-07-16T15:08:09.605618+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4d4e0cce-0bee-4189-b8f1-a5cc594250e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54527", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116887783224020082", "content": "CVE-2026-54527: CRITICAL XSS in jupyterlab-git (&amp;lt;0.54.0). Malicious Git filenames can execute JavaScript when viewed in the Git History tab \u2014 risking session hijack &amp;amp; data theft. Upgrade to 0.54.0+ ASAP. https://radar.offseq.com/threat/cve-2026-54527-cwe-79-improper-neutralization-of-i-859af0d357310c79 #OffSeq #XSS #jupyterlab #security", "creation_timestamp": "2026-07-09T03:00:29.149648Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4d4e0cce-0bee-4189-b8f1-a5cc594250e4/export"/>
    <published>2026-07-09T03:00:29.149648+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/05544ba6-0d5b-41e9-8b27-2b32c0500380/export</id>
    <title>05544ba6-0d5b-41e9-8b27-2b32c0500380</title>
    <updated>2026-07-16T15:08:09.605769+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "05544ba6-0d5b-41e9-8b27-2b32c0500380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq64oaqtfb24", "content": "CVE-2026-54527 - jupyterlab-git\nThe JupyterLab Git extension allows attackers to create malicious file names that can execute code when viewed by others. This can lead to unauthorized access to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jupyterlabgit #jupyterlab #pip #CVE #infosec", "creation_timestamp": "2026-07-08T22:02:05.569243Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/05544ba6-0d5b-41e9-8b27-2b32c0500380/export"/>
    <published>2026-07-08T22:02:05.569243+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1ed82d99-4939-479c-ab10-74557af23a73/export</id>
    <title>1ed82d99-4939-479c-ab10-74557af23a73</title>
    <updated>2026-07-16T15:08:09.605909+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "1ed82d99-4939-479c-ab10-74557af23a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54527", "type": "published-proof-of-concept", "source": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-f962-v9hr-pfg5", "content": "", "creation_timestamp": "2026-06-18T07:12:58.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1ed82d99-4939-479c-ab10-74557af23a73/export"/>
    <published>2026-06-18T07:12:58+00:00</published>
  </entry>
</feed>
