<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T15:22:19.311907+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/20eda4e3-b8c4-4066-8d02-2aaec652e014/export</id>
    <title>20eda4e3-b8c4-4066-8d02-2aaec652e014</title>
    <updated>2026-07-17T15:22:19.620955+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "20eda4e3-b8c4-4066-8d02-2aaec652e014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58447", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqcc3wwhe27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58447 \u0432 Invidious: \u0447\u0442\u043e \u044d\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0438 \u043a\u0430\u043a \u043e\u043d\u0430 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439\n\n\n\nhttps://kripta.biz/posts/9B8169B5-3F0F-4740-9103-1FFD6415511B", "creation_timestamp": "2026-07-03T10:05:23.807277Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/20eda4e3-b8c4-4066-8d02-2aaec652e014/export"/>
    <published>2026-07-03T10:05:23.807277+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9a000047-69b7-4511-ab84-009502628ccd/export</id>
    <title>9a000047-69b7-4511-ab84-009502628ccd</title>
    <updated>2026-07-17T15:22:19.623282+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9a000047-69b7-4511-ab84-009502628ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58449", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpovld6x432e", "content": "CVE-2026-58449\ntxtai versions 9.10.0 and earlier have a security risk if you're using an unauthenticated API and allowing remote index updates. A malicious user could potentially execute code on your server when reindexing.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-02T20:45:15.884455Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9a000047-69b7-4511-ab84-009502628ccd/export"/>
    <published>2026-07-02T20:45:15.884455+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ec86706b-3929-48c4-9ae4-421efea579f9/export</id>
    <title>ec86706b-3929-48c4-9ae4-421efea579f9</title>
    <updated>2026-07-17T15:22:19.623479+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ec86706b-3929-48c4-9ae4-421efea579f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58448", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmuxtxbit2o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58448 \u0432 Yudao-Cloud: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/F422B707-FAA7-4574-B464-319BFD44F9B2", "creation_timestamp": "2026-07-02T01:29:02.698038Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ec86706b-3929-48c4-9ae4-421efea579f9/export"/>
    <published>2026-07-02T01:29:02.698038+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6a3e8744-7daa-48a5-8edc-f502224e4bed/export</id>
    <title>6a3e8744-7daa-48a5-8edc-f502224e4bed</title>
    <updated>2026-07-17T15:22:19.623637+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6a3e8744-7daa-48a5-8edc-f502224e4bed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58448", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpk2ttlbxv2h", "content": "CVE-2026-58448 - yudao-cloud\nCVE ID : CVE-2026-58448\n \n Published : June 30, 2026, 9:06 p.m. | 40\u00a0minutes ago\n \n Description : yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary pro...", "creation_timestamp": "2026-06-30T22:36:10.907658Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6a3e8744-7daa-48a5-8edc-f502224e4bed/export"/>
    <published>2026-06-30T22:36:10.907658+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f232b7ac-9f5c-462f-a6e9-2d3cdb668679/export</id>
    <title>f232b7ac-9f5c-462f-a6e9-2d3cdb668679</title>
    <updated>2026-07-17T15:22:19.623783+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f232b7ac-9f5c-462f-a6e9-2d3cdb668679", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58449", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpk2bvcfe326", "content": "CVE-2026-58449 - txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter\nCVE ID : CVE-2026-58449\n \n Published : June 30, 2026, 9:06 p.m. | 39\u00a0minutes ago\n \n Description : txtai through 9.10.0, fixed in commit 11b32da, exposes an A...", "creation_timestamp": "2026-06-30T22:26:10.716143Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f232b7ac-9f5c-462f-a6e9-2d3cdb668679/export"/>
    <published>2026-06-30T22:26:10.716143+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/11f3617e-b995-47fe-b0a5-91d9343f6a2a/export</id>
    <title>11f3617e-b995-47fe-b0a5-91d9343f6a2a</title>
    <updated>2026-07-17T15:22:19.623923+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "11f3617e-b995-47fe-b0a5-91d9343f6a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58446", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpk227pixu2k", "content": "CVE-2026-58446 - Presenton\nCVE ID : CVE-2026-58446\n \n Published : June 30, 2026, 9:05 p.m. | 41\u00a0minutes ago\n \n Description : Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PASSWORD...", "creation_timestamp": "2026-06-30T22:21:57.271344Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/11f3617e-b995-47fe-b0a5-91d9343f6a2a/export"/>
    <published>2026-06-30T22:21:57.271344+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/acba2688-e924-468d-9302-33e2fafebcf6/export</id>
    <title>acba2688-e924-468d-9302-33e2fafebcf6</title>
    <updated>2026-07-17T15:22:19.624059+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "acba2688-e924-468d-9302-33e2fafebcf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58447", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjz2m5zsw2s", "content": "CVE-2026-58447 - Invidious - Cross-User Playlist Video Deletion via Missing Ownership Check\nCVE ID : CVE-2026-58447\n \n Published : June 30, 2026, 9:05 p.m. | 40\u00a0minutes ago\n \n Description : Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level...", "creation_timestamp": "2026-06-30T22:04:10.647150Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/acba2688-e924-468d-9302-33e2fafebcf6/export"/>
    <published>2026-06-30T22:04:10.647150+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4c0ef62a-af82-483a-8114-f741ec4e4e71/export</id>
    <title>4c0ef62a-af82-483a-8114-f741ec4e4e71</title>
    <updated>2026-07-17T15:22:19.624203+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4c0ef62a-af82-483a-8114-f741ec4e4e71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5844", "type": "published-proof-of-concept", "source": "Telegram/PMg85ruQxGJV3fewnx4iF85fyDu3eKOw9onWzzjaoGbfReM", "content": "", "creation_timestamp": "2026-04-09T07:17:08.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4c0ef62a-af82-483a-8114-f741ec4e4e71/export"/>
    <published>2026-04-09T07:17:08+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c8b62ea3-6cb6-4a85-9b29-f16895067d91/export</id>
    <title>c8b62ea3-6cb6-4a85-9b29-f16895067d91</title>
    <updated>2026-07-17T15:22:19.624334+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c8b62ea3-6cb6-4a85-9b29-f16895067d91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5844", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj2apnrpfg25", "content": "", "creation_timestamp": "2026-04-09T07:07:27.628254Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c8b62ea3-6cb6-4a85-9b29-f16895067d91/export"/>
    <published>2026-04-09T07:07:27.628254+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1a7c085b-dc4d-419b-8136-8c92f16be750/export</id>
    <title>1a7c085b-dc4d-419b-8136-8c92f16be750</title>
    <updated>2026-07-17T15:22:19.624470+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1a7c085b-dc4d-419b-8136-8c92f16be750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5844", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mj24xwfqqm2y", "content": "", "creation_timestamp": "2026-04-09T06:00:30.250830Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1a7c085b-dc4d-419b-8136-8c92f16be750/export"/>
    <published>2026-04-09T06:00:30.250830+00:00</published>
  </entry>
</feed>
