<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-14T06:11:28.750765+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2053d048-32e2-4198-aa4e-018cb5ac49d1/export</id>
    <title>2053d048-32e2-4198-aa4e-018cb5ac49d1</title>
    <updated>2026-07-14T06:11:28.770994+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2053d048-32e2-4198-aa4e-018cb5ac49d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55441", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpfzi2vvym2n", "content": "\ud83d\udfe0 CVE-2026-55441 - High (8.6)\n\nmise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust f...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-55441/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-29T08:01:03.532007Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2053d048-32e2-4198-aa4e-018cb5ac49d1/export"/>
    <published>2026-06-29T08:01:03.532007+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9df87b07-8569-485e-87cd-93963c3dd87c/export</id>
    <title>9df87b07-8569-485e-87cd-93963c3dd87c</title>
    <updated>2026-07-14T06:11:28.773879+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9df87b07-8569-485e-87cd-93963c3dd87c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55441", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpdx3k2zqp2y", "content": "CVE-2026-55441 - Critical RCE in Mise. Trust bypass via task-include files allows tera exec() before trust_check. CVSS 8.6. No patch yet. Disable task-includes or block untrusted dirs. #CVE #Mise #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-55441/", "creation_timestamp": "2026-06-28T12:12:56.211843Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9df87b07-8569-485e-87cd-93963c3dd87c/export"/>
    <published>2026-06-28T12:12:56.211843+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5e029218-09f1-4165-894b-35437c86b450/export</id>
    <title>5e029218-09f1-4165-894b-35437c86b450</title>
    <updated>2026-07-14T06:11:28.773973+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5e029218-09f1-4165-894b-35437c86b450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55441", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7nj3eykd2n", "content": "CVE-2026-55441 - mise: Arbitrary command execution via task-include files in an untrusted, config-less repository\nCVE ID : CVE-2026-55441\n \n Published : June 26, 2026, 4:48 p.m. | 56\u00a0minutes ago\n \n Description : mise manages dev tools like node, python, cmake, and terraform. P...", "creation_timestamp": "2026-06-26T19:10:55.166477Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5e029218-09f1-4165-894b-35437c86b450/export"/>
    <published>2026-06-26T19:10:55.166477+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e60d2f11-a7bb-412c-8590-5951d5a9b32a/export</id>
    <title>e60d2f11-a7bb-412c-8590-5951d5a9b32a</title>
    <updated>2026-07-14T06:11:28.774050+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e60d2f11-a7bb-412c-8590-5951d5a9b32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55447", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mp7nccqsap2n", "content": "\ud83d\udccc CVE-2026-55447 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, ... https://www.cyberhub.blog/cves/CVE-2026-55447", "creation_timestamp": "2026-06-26T19:07:07.485968Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e60d2f11-a7bb-412c-8590-5951d5a9b32a/export"/>
    <published>2026-06-26T19:07:07.485968+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d2c0902b-6b8e-4828-b1f6-ac63e785179e/export</id>
    <title>d2c0902b-6b8e-4828-b1f6-ac63e785179e</title>
    <updated>2026-07-14T06:11:28.774123+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d2c0902b-6b8e-4828-b1f6-ac63e785179e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55448", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7lljtyfl2l", "content": "CVE-2026-55448 - mise: Local credential_command executes untrusted config\nCVE ID : CVE-2026-55448\n \n Published : June 26, 2026, 4:46 p.m. | 58\u00a0minutes ago\n \n Description : mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads...", "creation_timestamp": "2026-06-26T18:36:29.110645Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d2c0902b-6b8e-4828-b1f6-ac63e785179e/export"/>
    <published>2026-06-26T18:36:29.110645+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/18f0da16-54e6-48c9-aff8-b932eb7cb389/export</id>
    <title>18f0da16-54e6-48c9-aff8-b932eb7cb389</title>
    <updated>2026-07-14T06:11:28.774208+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "18f0da16-54e6-48c9-aff8-b932eb7cb389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55447", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moopuvtpix24", "content": "A single poisoned document dropped into a Langflow RAG pipeline reads any file on the box, forges a login token, then runs code. CVE-2026-55447, CVSS 9.6. Patched in 1.9.2.\n\n#CVE #infosec #cybersecurity", "creation_timestamp": "2026-06-20T01:38:03.201863Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/18f0da16-54e6-48c9-aff8-b932eb7cb389/export"/>
    <published>2026-06-20T01:38:03.201863+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5ee9e7b4-e210-4096-9f7e-bc7c9bff1a5a/export</id>
    <title>5ee9e7b4-e210-4096-9f7e-bc7c9bff1a5a</title>
    <updated>2026-07-14T06:11:28.774275+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "5ee9e7b4-e210-4096-9f7e-bc7c9bff1a5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55447", "type": "published-proof-of-concept", "source": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75", "content": "", "creation_timestamp": "2026-06-19T13:25:18.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5ee9e7b4-e210-4096-9f7e-bc7c9bff1a5a/export"/>
    <published>2026-06-19T13:25:18+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/98e3bfb8-8018-4339-96d1-78d3e44eeb0b/export</id>
    <title>98e3bfb8-8018-4339-96d1-78d3e44eeb0b</title>
    <updated>2026-07-14T06:11:28.775082+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "98e3bfb8-8018-4339-96d1-78d3e44eeb0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55446", "type": "published-proof-of-concept", "source": "https://github.com/langflow-ai/langflow/security/advisories/GHSA-qwqc-p3q8-wcg9", "content": "", "creation_timestamp": "2026-06-19T13:09:48.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/98e3bfb8-8018-4339-96d1-78d3e44eeb0b/export"/>
    <published>2026-06-19T13:09:48+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/43e9e6b9-2666-4fdc-b7b8-135a1b97405d/export</id>
    <title>43e9e6b9-2666-4fdc-b7b8-135a1b97405d</title>
    <updated>2026-07-14T06:11:28.775166+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "43e9e6b9-2666-4fdc-b7b8-135a1b97405d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55448", "type": "published-proof-of-concept", "source": "https://github.com/jdx/mise/security/advisories/GHSA-29hf-rm4x-xxph", "content": "", "creation_timestamp": "2026-06-12T17:40:16.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/43e9e6b9-2666-4fdc-b7b8-135a1b97405d/export"/>
    <published>2026-06-12T17:40:16+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/64832c6d-d30d-4e70-a34f-cad1cb5dde0b/export</id>
    <title>64832c6d-d30d-4e70-a34f-cad1cb5dde0b</title>
    <updated>2026-07-14T06:11:28.775243+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "64832c6d-d30d-4e70-a34f-cad1cb5dde0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55441", "type": "published-proof-of-concept", "source": "https://github.com/jdx/mise/security/advisories/GHSA-77g9-363w-rccq", "content": "", "creation_timestamp": "2026-06-12T15:56:47.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/64832c6d-d30d-4e70-a34f-cad1cb5dde0b/export"/>
    <published>2026-06-12T15:56:47+00:00</published>
  </entry>
</feed>
