<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-19T12:04:22.981008+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6d503815-ba92-40a0-9dbc-da1c122896f4/export</id>
    <title>6d503815-ba92-40a0-9dbc-da1c122896f4</title>
    <updated>2026-07-19T12:04:23.004164+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6d503815-ba92-40a0-9dbc-da1c122896f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mquxoxe52g2e", "content": "Critical CVE landed today in WireGuard:\n\nCVE-2026-63089. WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-63089", "creation_timestamp": "2026-07-18T00:04:14.641843Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6d503815-ba92-40a0-9dbc-da1c122896f4/export"/>
    <published>2026-07-18T00:04:14.641843+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ee756506-6b5a-4033-9a2b-47f884873ae7/export</id>
    <title>ee756506-6b5a-4033-9a2b-47f884873ae7</title>
    <updated>2026-07-19T12:04:23.006651+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ee756506-6b5a-4033-9a2b-47f884873ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3320", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Grafana OnCall \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-09904\nCVE-2026-63087\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.vulncheck.com/advisories/grafana-oncall-unauthenticated-token-hijack-via-plugin-install-endpoint", "creation_timestamp": "2026-07-18T00:00:29.489617Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ee756506-6b5a-4033-9a2b-47f884873ae7/export"/>
    <published>2026-07-18T00:00:29.489617+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/83b24616-bb5e-4152-bcee-c8509e62a556/export</id>
    <title>83b24616-bb5e-4152-bcee-c8509e62a556</title>
    <updated>2026-07-19T12:04:23.006796+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "83b24616-bb5e-4152-bcee-c8509e62a556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3320", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Grafana OnCall \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-09904\nCVE-2026-63087\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.vulncheck.com/advisories/grafana-oncall-unauthenticated-token-hijack-via-plugin-install-endpoint", "creation_timestamp": "2026-07-17T14:00:05.991296Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/83b24616-bb5e-4152-bcee-c8509e62a556/export"/>
    <published>2026-07-17T14:00:05.991296+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8304f7a7-56e1-430a-9594-a00b6fd8102b/export</id>
    <title>8304f7a7-56e1-430a-9594-a00b6fd8102b</title>
    <updated>2026-07-19T12:04:23.006917+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8304f7a7-56e1-430a-9594-a00b6fd8102b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqsdq7xadj2u", "content": "CVE-2026-63089 - WireGuard Easy Weak Token Generation Information Disclosure via OTL Route\nCVE ID : CVE-2026-63089\n \n Published : July 16, 2026, 8:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographi...", "creation_timestamp": "2026-07-16T23:01:42.797335Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8304f7a7-56e1-430a-9594-a00b6fd8102b/export"/>
    <published>2026-07-16T23:01:42.797335+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/dd5d424d-47a7-4364-9e18-57d65b78b746/export</id>
    <title>dd5d424d-47a7-4364-9e18-57d65b78b746</title>
    <updated>2026-07-19T12:04:23.007021+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "dd5d424d-47a7-4364-9e18-57d65b78b746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrz54phnl2w", "content": "CVE-2026-63089 - wg-easy\nWireGuard Easy, a VPN software, allows attackers to guess weak tokens and gain access to VPN credentials. This vulnerability affects users who rely on WireGuard Easy for secure VPN\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wgeasy #CVE #infosec", "creation_timestamp": "2026-07-16T19:52:04.237974Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/dd5d424d-47a7-4364-9e18-57d65b78b746/export"/>
    <published>2026-07-16T19:52:04.237974+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bc083d7a-65bc-4efa-b003-cf62d4c85fd7/export</id>
    <title>bc083d7a-65bc-4efa-b003-cf62d4c85fd7</title>
    <updated>2026-07-19T12:04:23.007125+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bc083d7a-65bc-4efa-b003-cf62d4c85fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63088", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrxeesimu22", "content": "CVE-2026-63088 - stoatchat\nCVE ID : CVE-2026-63088\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to ...", "creation_timestamp": "2026-07-16T19:20:20.216733Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bc083d7a-65bc-4efa-b003-cf62d4c85fd7/export"/>
    <published>2026-07-16T19:20:20.216733+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/77de3884-472e-45b6-a965-4d8e1ada6fd8/export</id>
    <title>77de3884-472e-45b6-a965-4d8e1ada6fd8</title>
    <updated>2026-07-19T12:04:23.007227+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "77de3884-472e-45b6-a965-4d8e1ada6fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrwqns4ep22", "content": "CVE-2026-63087 - Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint\nCVE ID : CVE-2026-63087\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerab...", "creation_timestamp": "2026-07-16T19:09:18.701284Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/77de3884-472e-45b6-a965-4d8e1ada6fd8/export"/>
    <published>2026-07-16T19:09:18.701284+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/83c09fd7-5424-4e19-9c58-2e9ad452cdeb/export</id>
    <title>83c09fd7-5424-4e19-9c58-2e9ad452cdeb</title>
    <updated>2026-07-19T12:04:23.007325+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "83c09fd7-5424-4e19-9c58-2e9ad452cdeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63086", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrwhp7yyy22", "content": "CVE-2026-63086 - text-generation-inference 3.3.7 SSRF via fetch_image in multimodal chat completions\nCVE ID : CVE-2026-63086\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : text-generation-inference through 3.3.7 contains a server-side request...", "creation_timestamp": "2026-07-16T19:04:18.468906Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/83c09fd7-5424-4e19-9c58-2e9ad452cdeb/export"/>
    <published>2026-07-16T19:04:18.468906+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1f8fdabd-af79-48de-a24f-9998c996d82c/export</id>
    <title>1f8fdabd-af79-48de-a24f-9998c996d82c</title>
    <updated>2026-07-19T12:04:23.007424+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1f8fdabd-af79-48de-a24f-9998c996d82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63085", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrvo47kg32s", "content": "CVE-2026-63085 - Axelor Open Platform 8.x\nCVE ID : CVE-2026-63085\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-adm...", "creation_timestamp": "2026-07-16T18:49:59.374671Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1f8fdabd-af79-48de-a24f-9998c996d82c/export"/>
    <published>2026-07-16T18:49:59.374671+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/09338e0c-e913-452a-bf5f-b834ce11494d/export</id>
    <title>09338e0c-e913-452a-bf5f-b834ce11494d</title>
    <updated>2026-07-19T12:04:23.007521+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "09338e0c-e913-452a-bf5f-b834ce11494d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqromxze3h2c", "content": "CVE-2026-63087 - oncall\nAn attacker can access Grafana OnCall without a password by sending a specific request to the plugin install endpoint. This allows them to create new users, revoke legitimate access, and\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#oncall #CVE #infosec", "creation_timestamp": "2026-07-16T16:44:05.680111Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/09338e0c-e913-452a-bf5f-b834ce11494d/export"/>
    <published>2026-07-16T16:44:05.680111+00:00</published>
  </entry>
</feed>
