<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-13T20:54:44.118620+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7bfc25ab-a380-4714-ad92-b3fa2853306e/export</id>
    <title>7bfc25ab-a380-4714-ad92-b3fa2853306e</title>
    <updated>2026-07-13T20:54:44.144016+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7bfc25ab-a380-4714-ad92-b3fa2853306e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mqkf637sbx2u", "content": "\ud83d\udce2 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) &amp;amp; CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-07-13T19:06:04.025687Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7bfc25ab-a380-4714-ad92-b3fa2853306e/export"/>
    <published>2026-07-13T19:06:04.025687+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/43229547-37fc-4054-bd9c-dd96d2bfb5eb/export</id>
    <title>43229547-37fc-4054-bd9c-dd96d2bfb5eb</title>
    <updated>2026-07-13T20:54:44.147720+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "43229547-37fc-4054-bd9c-dd96d2bfb5eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116914226485690947", "content": "\ud83d\udcf0 CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog\n\ud83d\udce2 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) &amp;amp; CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/cisa-adds-joomla-icagenda-balbooa-flaws-to-kev-catalog/?utm_source=mastodon&amp;amp;utm_medium=social&amp;amp;utm_campaign=daily", "creation_timestamp": "2026-07-13T19:05:21.682789Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/43229547-37fc-4054-bd9c-dd96d2bfb5eb/export"/>
    <published>2026-07-13T19:05:21.682789+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1e914f60-e901-46d8-be56-9a049ed32d1a/export</id>
    <title>1e914f60-e901-46d8-be56-9a049ed32d1a</title>
    <updated>2026-07-13T20:54:44.147909+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1e914f60-e901-46d8-be56-9a049ed32d1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mqkdz6s6c22d", "content": "CISA flags active RCE exploitation in Joomla extensions iCagenda and Balbooa Forms. Arbitrary file upload flaws in CVE-2026-48939 and CVE-2026-56291 can lead to full site compromise. #Joomla #iCagenda #BalbooaForms", "creation_timestamp": "2026-07-13T18:45:25.954014Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1e914f60-e901-46d8-be56-9a049ed32d1a/export"/>
    <published>2026-07-13T18:45:25.954014+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5ec233c5-7fda-45da-8f70-dbfddfee2e08/export</id>
    <title>5ec233c5-7fda-45da-8f70-dbfddfee2e08</title>
    <updated>2026-07-13T20:54:44.148037+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5ec233c5-7fda-45da-8f70-dbfddfee2e08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjzbgc4ui2h", "content": "CVE-2026-48939 and CVE-2026-56291 Expose Joomla Sites to RCE \u2014 Immediate Action Required #Joomla #CyberSecurity #RCE", "creation_timestamp": "2026-07-13T15:33:11.195698Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5ec233c5-7fda-45da-8f70-dbfddfee2e08/export"/>
    <published>2026-07-13T15:33:11.195698+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b738bc9c-07f1-4653-90fe-b6b4d706bf15/export</id>
    <title>b738bc9c-07f1-4653-90fe-b6b4d706bf15</title>
    <updated>2026-07-13T20:54:44.148157+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b738bc9c-07f1-4653-90fe-b6b4d706bf15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjzbegj7q27", "content": "CVE-2026-48939 and CVE-2026-56291: Joomla Extensions Are Under Siege #Joomla #CyberSecurity #Vulnerability", "creation_timestamp": "2026-07-13T15:33:09.628461Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b738bc9c-07f1-4653-90fe-b6b4d706bf15/export"/>
    <published>2026-07-13T15:33:09.628461+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4884fb6c-eac2-425b-8dc3-cba9fb9b7c31/export</id>
    <title>4884fb6c-eac2-425b-8dc3-cba9fb9b7c31</title>
    <updated>2026-07-13T20:54:44.148262+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4884fb6c-eac2-425b-8dc3-cba9fb9b7c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mqjplozg4p2v", "content": "U.S. CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms). CVE-2026-48939, with a CVSS score of 10.0, allows arbitrary file uploads leading to PHP code execution.", "creation_timestamp": "2026-07-13T12:39:58.007689Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4884fb6c-eac2-425b-8dc3-cba9fb9b7c31/export"/>
    <published>2026-07-13T12:39:58.007689+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/02fb9d69-1617-4fb6-bc61-a7feb75129cb/export</id>
    <title>02fb9d69-1617-4fb6-bc61-a7feb75129cb</title>
    <updated>2026-07-13T20:54:44.148324+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "02fb9d69-1617-4fb6-bc61-a7feb75129cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://dnsc.ro/citeste/alerta-vulnerabilitati-exploatate-activ-in-joomla", "content": "", "creation_timestamp": "2026-07-13T12:15:13.403685Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/02fb9d69-1617-4fb6-bc61-a7feb75129cb/export"/>
    <published>2026-07-13T12:15:13.403685+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4bb161de-6a20-457f-bc44-7c4cee034f09/export</id>
    <title>4bb161de-6a20-457f-bc44-7c4cee034f09</title>
    <updated>2026-07-13T20:54:44.149184+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4bb161de-6a20-457f-bc44-7c4cee034f09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56291", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3mqkmnbpmtc2n", "content": "Monday\u2019s fuck up - this Time - Joomla - \u200aCISA Warns of Actively Exploited Joomla Zero-Day Vulnerabilities. CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Actively Exploited!\nthecyberexpress.com/cisa-cve-202... #joomla #exploit #0day #CISA #cve-2026-48939 #cve-2026-56291 #iCagenda #Balbooa", "creation_timestamp": "2026-07-13T11:20:07.814963Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4bb161de-6a20-457f-bc44-7c4cee034f09/export"/>
    <published>2026-07-13T11:20:07.814963+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d7402c10-1fc9-4e3a-a416-8d35667f7021/export</id>
    <title>d7402c10-1fc9-4e3a-a416-8d35667f7021</title>
    <updated>2026-07-13T20:54:44.149267+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d7402c10-1fc9-4e3a-a416-8d35667f7021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfm3n2vp2f", "content": "CVE-2026-56291 and CVE-2026-48939: Urgency or Overreaction in Joomla's Security Response? #Joomla #CyberSecurity #VulnerabilityManagement", "creation_timestamp": "2026-07-13T09:41:14.678841Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d7402c10-1fc9-4e3a-a416-8d35667f7021/export"/>
    <published>2026-07-13T09:41:14.678841+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ef73c266-e367-4cdb-aa46-ab92b208fa44/export</id>
    <title>ef73c266-e367-4cdb-aa46-ab92b208fa44</title>
    <updated>2026-07-13T20:54:44.149335+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ef73c266-e367-4cdb-aa46-ab92b208fa44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56291", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqjfi57zv32j", "content": "CVE-2026-56291: Joomla Extensions Vulnerabilities Don't Justify Alarmist Hype #CyberSecurity #Joomla #Vulnerabilities", "creation_timestamp": "2026-07-13T09:39:01.867290Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ef73c266-e367-4cdb-aa46-ab92b208fa44/export"/>
    <published>2026-07-13T09:39:01.867290+00:00</published>
  </entry>
</feed>
