<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-13T21:59:11.620005+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/32110028-52fd-48a3-a687-956e95b732ab/export</id>
    <title>32110028-52fd-48a3-a687-956e95b732ab</title>
    <updated>2026-07-13T21:59:11.645229+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "32110028-52fd-48a3-a687-956e95b732ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56271", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqivyyahck2h", "content": "CVE-2026-56271 - flowise\nFlowise has weak default JWT secrets that can be used by attackers to impersonate any user, potentially leading to complete authentication bypass and unauthorized access to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#flowise #henryheng #npm #CVE #infosec", "creation_timestamp": "2026-07-13T05:02:06.599023Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/32110028-52fd-48a3-a687-956e95b732ab/export"/>
    <published>2026-07-13T05:02:06.599023+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/33d5488c-b96e-4ffd-8de5-92a19cc9a533/export</id>
    <title>33d5488c-b96e-4ffd-8de5-92a19cc9a533</title>
    <updated>2026-07-13T21:59:11.647833+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "33d5488c-b96e-4ffd-8de5-92a19cc9a533", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56271", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqhacgw2kj2c", "content": "\ud83d\udd34 CVE-2026-56271 - Critical (9.8)\n\nFlowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secre...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-56271/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-12T13:01:03.545973Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/33d5488c-b96e-4ffd-8de5-92a19cc9a533/export"/>
    <published>2026-07-12T13:01:03.545973+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/50a58aa2-fe29-4106-8cfb-fbdb7c321937/export</id>
    <title>50a58aa2-fe29-4106-8cfb-fbdb7c321937</title>
    <updated>2026-07-13T21:59:11.647968+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "50a58aa2-fe29-4106-8cfb-fbdb7c321937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56271", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqh7wndsdd2w", "content": "CVE-2026-56271 - Flowise - Weak Default JWT Secrets in Authentication Middleware\nCVE ID : CVE-2026-56271\n \n Published : July 12, 2026, 12:16 p.m. | 16\u00a0minutes ago\n \n Description : Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secre...", "creation_timestamp": "2026-07-12T12:54:26.276247Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/50a58aa2-fe29-4106-8cfb-fbdb7c321937/export"/>
    <published>2026-07-12T12:54:26.276247+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c6f165cc-2945-45ec-aac7-627c7a0c21cc/export</id>
    <title>c6f165cc-2945-45ec-aac7-627c7a0c21cc</title>
    <updated>2026-07-13T21:59:11.648072+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c6f165cc-2945-45ec-aac7-627c7a0c21cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56271", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hpkdws2f", "content": "CVE-2026-56271 - flowise\nFlowise versions 3.0.13 and earlier use weak default secrets in its JWT authentication system. This allows attackers to create fake authentication tokens, potentially impersonating\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#flowise #CVE #infosec", "creation_timestamp": "2026-07-12T12:46:05.288356Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c6f165cc-2945-45ec-aac7-627c7a0c21cc/export"/>
    <published>2026-07-12T12:46:05.288356+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0acbb9a3-7d56-4ba8-9f77-70938c87ba78/export</id>
    <title>0acbb9a3-7d56-4ba8-9f77-70938c87ba78</title>
    <updated>2026-07-13T21:59:11.648171+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0acbb9a3-7d56-4ba8-9f77-70938c87ba78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56271", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6qvmwwo2y", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-56271 \u0432 Flowise: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/CC8F73D0-809A-4082-AF00-34E8DF898442", "creation_timestamp": "2026-07-12T12:33:19.767402Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0acbb9a3-7d56-4ba8-9f77-70938c87ba78/export"/>
    <published>2026-07-12T12:33:19.767402+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/702f9e63-0001-4953-b1d0-cbe92f011f8a/export</id>
    <title>702f9e63-0001-4953-b1d0-cbe92f011f8a</title>
    <updated>2026-07-13T21:59:11.648270+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "702f9e63-0001-4953-b1d0-cbe92f011f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56279", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqgm7y2z7525", "content": "\ud83d\udfe0 CVE-2026-56279 - High (7.5)\n\nCapgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid)...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-56279/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-12T07:01:44.848589Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/702f9e63-0001-4953-b1d0-cbe92f011f8a/export"/>
    <published>2026-07-12T07:01:44.848589+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0ea0207e-cc24-4fba-bcdb-5030d89d9174/export</id>
    <title>0ea0207e-cc24-4fba-bcdb-5030d89d9174</title>
    <updated>2026-07-13T21:59:11.648370+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0ea0207e-cc24-4fba-bcdb-5030d89d9174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56279", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd3frisgd2x", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-56279 \u0432 Capgo: \u0443\u0433\u0440\u043e\u0437\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\n\nhttps://kripta.biz/posts/C5610CAA-17E5-4191-A45C-E7E8825E9C3E", "creation_timestamp": "2026-07-10T21:22:45.871488Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0ea0207e-cc24-4fba-bcdb-5030d89d9174/export"/>
    <published>2026-07-10T21:22:45.871488+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/97d9f883-fce1-427e-bd1e-1a54d2d207c7/export</id>
    <title>97d9f883-fce1-427e-bd1e-1a54d2d207c7</title>
    <updated>2026-07-13T21:59:11.648465+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "97d9f883-fce1-427e-bd1e-1a54d2d207c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56274", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqc2ojfhn72n", "content": "\ud83d\udccc CVE-2026-56274 - Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation... https://www.cyberhub.blog/cves/CVE-2026-56274", "creation_timestamp": "2026-07-10T11:37:06.590194Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/97d9f883-fce1-427e-bd1e-1a54d2d207c7/export"/>
    <published>2026-07-10T11:37:06.590194+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/592fde26-fb75-4cae-aa25-259a0ccd2f50/export</id>
    <title>592fde26-fb75-4cae-aa25-259a0ccd2f50</title>
    <updated>2026-07-13T21:59:11.648565+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "592fde26-fb75-4cae-aa25-259a0ccd2f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56270", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqbxdatcfq26", "content": "\ud83d\udccc CVE-2026-56270 - Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows una... https://www.cyberhub.blog/cves/CVE-2026-56270", "creation_timestamp": "2026-07-10T10:37:06.906695Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/592fde26-fb75-4cae-aa25-259a0ccd2f50/export"/>
    <published>2026-07-10T10:37:06.906695+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a7713221-4f5a-4b75-ba1f-82cb694d1682/export</id>
    <title>a7713221-4f5a-4b75-ba1f-82cb694d1682</title>
    <updated>2026-07-13T21:59:11.648662+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a7713221-4f5a-4b75-ba1f-82cb694d1682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56278", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpzl46bhfg2b", "content": "\ud83d\udccc CVE-2026-56278 - Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when t... https://www.cyberhub.blog/cves/CVE-2026-56278", "creation_timestamp": "2026-07-07T02:37:06.497953Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a7713221-4f5a-4b75-ba1f-82cb694d1682/export"/>
    <published>2026-07-07T02:37:06.497953+00:00</published>
  </entry>
</feed>
