<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-12T06:31:50.950969+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/646601be-33eb-4328-badc-aae997ed6dbf/export</id>
    <title>646601be-33eb-4328-badc-aae997ed6dbf</title>
    <updated>2026-07-12T06:31:50.972286+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "646601be-33eb-4328-badc-aae997ed6dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58174", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnei2e2a52k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58174 \u0432 Hermes WebUI: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/21857AA1-2B64-4265-8B64-8D977B904A3A", "creation_timestamp": "2026-07-02T06:06:31.772067Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/646601be-33eb-4328-badc-aae997ed6dbf/export"/>
    <published>2026-07-02T06:06:31.772067+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a0defd4f-bf95-465a-a13a-d62bc569a533/export</id>
    <title>a0defd4f-bf95-465a-a13a-d62bc569a533</title>
    <updated>2026-07-12T06:31:50.974932+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a0defd4f-bf95-465a-a13a-d62bc569a533", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58170", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpne2eai7z2m", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58170 \u0432 Vibe-Trading: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D108DB9F-B230-4BF8-AFB7-8C47416BA31E", "creation_timestamp": "2026-07-02T05:58:52.399011Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a0defd4f-bf95-465a-a13a-d62bc569a533/export"/>
    <published>2026-07-02T05:58:52.399011+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881/export</id>
    <title>5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881</title>
    <updated>2026-07-12T06:31:50.975058+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58171", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpndtlgxfx26", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58171 \u0432 Vibe-Trading: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/5FC78C91-FE38-49B5-A89D-D13044CF2710", "creation_timestamp": "2026-07-02T05:55:05.120569Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881/export"/>
    <published>2026-07-02T05:55:05.120569+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/32952501-6e3b-4775-b87c-fc115cb2c530/export</id>
    <title>32952501-6e3b-4775-b87c-fc115cb2c530</title>
    <updated>2026-07-12T06:31:50.975138+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "32952501-6e3b-4775-b87c-fc115cb2c530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58172", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpk4daew322l", "content": "CVE-2026-58172 - Critical security bypass in Ocelot \u226424.1.0. Denied clients exploit WebSocket upgrades to bypass IP restrictions, reaching downstream services. CVSS 9.1. No patch available; apply commit f156fd4 or restrict WebSocket access....\n\nhttps://www.valtersit.com/cve/CVE-2026-58172/", "creation_timestamp": "2026-06-30T23:02:41.412840Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/32952501-6e3b-4775-b87c-fc115cb2c530/export"/>
    <published>2026-06-30T23:02:41.412840+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9896f158-57bc-4c99-8ec5-8e6f7b3745c0/export</id>
    <title>9896f158-57bc-4c99-8ec5-8e6f7b3745c0</title>
    <updated>2026-07-12T06:31:50.975236+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9896f158-57bc-4c99-8ec5-8e6f7b3745c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58172", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjob4rvau2u", "content": "CVE-2026-58172 - Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests\nCVE ID : CVE-2026-58172\n \n Published : June 30, 2026, 3:54 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vuln...", "creation_timestamp": "2026-06-30T18:50:58.071448Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9896f158-57bc-4c99-8ec5-8e6f7b3745c0/export"/>
    <published>2026-06-30T18:50:58.071448+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b/export</id>
    <title>1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b</title>
    <updated>2026-07-12T06:31:50.975315+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58173", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjny6diht2p", "content": "CVE-2026-58173 - Vibe-Trading\nCVE ID : CVE-2026-58173\n \n Published : June 30, 2026, 3:55 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root dire...", "creation_timestamp": "2026-06-30T18:45:57.644244Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b/export"/>
    <published>2026-06-30T18:45:57.644244+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/11d29c5b-c860-4ecb-af38-f9628a09d71f/export</id>
    <title>11d29c5b-c860-4ecb-af38-f9628a09d71f</title>
    <updated>2026-07-12T06:31:50.975389+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "11d29c5b-c860-4ecb-af38-f9628a09d71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58170", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjmmnwag72v", "content": "CVE-2026-58170 - Vibe-Trading\nCVE ID : CVE-2026-58170\n \n Published : June 30, 2026, 3:53 p.m. | 1\u00a0hour, 53\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory...", "creation_timestamp": "2026-06-30T18:21:37.650493Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/11d29c5b-c860-4ecb-af38-f9628a09d71f/export"/>
    <published>2026-06-30T18:21:37.650493+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/182eb997-aebf-483e-a83d-d781b052400d/export</id>
    <title>182eb997-aebf-483e-a83d-d781b052400d</title>
    <updated>2026-07-12T06:31:50.975460+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "182eb997-aebf-483e-a83d-d781b052400d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58174", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjln3piyx2z", "content": "CVE-2026-58174 - Hermes WebUI\nCVE ID : CVE-2026-58174\n \n Published : June 30, 2026, 3:55 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object ...", "creation_timestamp": "2026-06-30T18:03:58.463690Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/182eb997-aebf-483e-a83d-d781b052400d/export"/>
    <published>2026-06-30T18:03:58.463690+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/983187d6-b43e-4dc2-a848-683f68ff04b7/export</id>
    <title>983187d6-b43e-4dc2-a848-683f68ff04b7</title>
    <updated>2026-07-12T06:31:50.975534+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "983187d6-b43e-4dc2-a848-683f68ff04b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58176", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjlccebvu23", "content": "CVE-2026-58176 - RuoYi-Vue-Plus - Missing Authorization on Workflow Task Management Endpoints\nCVE ID : CVE-2026-58176\n \n Published : June 30, 2026, 3:56 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task ...", "creation_timestamp": "2026-06-30T17:57:56.292941Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/983187d6-b43e-4dc2-a848-683f68ff04b7/export"/>
    <published>2026-06-30T17:57:56.292941+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d040322c-9962-46f4-9019-4156d2c55b2b/export</id>
    <title>d040322c-9962-46f4-9019-4156d2c55b2b</title>
    <updated>2026-07-12T06:31:50.975608+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d040322c-9962-46f4-9019-4156d2c55b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58171", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjkzcp3tf2u", "content": "CVE-2026-58171 - Vibe-Trading\nCVE ID : CVE-2026-58171\n \n Published : June 30, 2026, 3:54 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory withou...", "creation_timestamp": "2026-06-30T17:52:54.540048Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d040322c-9962-46f4-9019-4156d2c55b2b/export"/>
    <published>2026-06-30T17:52:54.540048+00:00</published>
  </entry>
</feed>
