Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 08 Jun 2026 16:38:09 +0000 b97e4192-e87f-43cc-9fb6-c2fa4c3f673e https://vulnerability.circl.lu/sighting/b97e4192-e87f-43cc-9fb6-c2fa4c3f673e/export {"uuid": "b97e4192-e87f-43cc-9fb6-c2fa4c3f673e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4464", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmg462eys2c", "content": "", "creation_timestamp": "2026-03-22T01:41:28.366810Z"} {"uuid": "b97e4192-e87f-43cc-9fb6-c2fa4c3f673e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4464", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmg462eys2c", "content": "", "creation_timestamp": "2026-03-22T01:41:28.366810Z"} https://vulnerability.circl.lu/sighting/b97e4192-e87f-43cc-9fb6-c2fa4c3f673e/export Sun, 22 Mar 2026 01:41:28 +0000 7968325f-7d50-4e0b-a6c8-ede0b658089e https://vulnerability.circl.lu/sighting/7968325f-7d50-4e0b-a6c8-ede0b658089e/export {"uuid": "7968325f-7d50-4e0b-a6c8-ede0b658089e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4464", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260324", "content": "", "creation_timestamp": "2026-03-24T01:00:00.000000Z"} {"uuid": "7968325f-7d50-4e0b-a6c8-ede0b658089e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4464", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260324", "content": "", "creation_timestamp": "2026-03-24T01:00:00.000000Z"} https://vulnerability.circl.lu/sighting/7968325f-7d50-4e0b-a6c8-ede0b658089e/export Tue, 24 Mar 2026 01:00:00 +0000 5670f327-726a-441d-a150-71d8df7c2ea4 https://vulnerability.circl.lu/sighting/5670f327-726a-441d-a150-71d8df7c2ea4/export {"uuid": "5670f327-726a-441d-a150-71d8df7c2ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44641", "type": "published-proof-of-concept", "source": "https://github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwr", "content": "", "creation_timestamp": "2026-05-03T08:34:38.000000Z"} {"uuid": "5670f327-726a-441d-a150-71d8df7c2ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44641", "type": "published-proof-of-concept", "source": "https://github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwr", "content": "", "creation_timestamp": "2026-05-03T08:34:38.000000Z"} https://vulnerability.circl.lu/sighting/5670f327-726a-441d-a150-71d8df7c2ea4/export Sun, 03 May 2026 08:34:38 +0000 2e228c0f-7789-465b-8a4b-0ee17926ef45 https://vulnerability.circl.lu/sighting/2e228c0f-7789-465b-8a4b-0ee17926ef45/export {"uuid": "2e228c0f-7789-465b-8a4b-0ee17926ef45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "Telegram/J5ZhgOkVkOGh10nZtfdr_FvjUVC9Q3mZbF4dClPdmsBvh90", "content": "", "creation_timestamp": "2026-05-08T07:04:33.000000Z"} {"uuid": "2e228c0f-7789-465b-8a4b-0ee17926ef45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "Telegram/J5ZhgOkVkOGh10nZtfdr_FvjUVC9Q3mZbF4dClPdmsBvh90", "content": "", "creation_timestamp": "2026-05-08T07:04:33.000000Z"} https://vulnerability.circl.lu/sighting/2e228c0f-7789-465b-8a4b-0ee17926ef45/export Fri, 08 May 2026 07:04:33 +0000 5b9afd06-58e9-4a7c-9aee-d08cca81083d https://vulnerability.circl.lu/sighting/5b9afd06-58e9-4a7c-9aee-d08cca81083d/export {"uuid": "5b9afd06-58e9-4a7c-9aee-d08cca81083d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "Telegram/9hUmSN7ug2EVEMoe54drMVTAFxceMDTI0JA9Kzj6srBhh7g", "content": "", "creation_timestamp": "2026-05-08T09:00:04.000000Z"} {"uuid": "5b9afd06-58e9-4a7c-9aee-d08cca81083d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "Telegram/9hUmSN7ug2EVEMoe54drMVTAFxceMDTI0JA9Kzj6srBhh7g", "content": "", "creation_timestamp": "2026-05-08T09:00:04.000000Z"} https://vulnerability.circl.lu/sighting/5b9afd06-58e9-4a7c-9aee-d08cca81083d/export Fri, 08 May 2026 09:00:04 +0000 20b087a7-b98d-435b-b4c1-93500f53c511 https://vulnerability.circl.lu/sighting/20b087a7-b98d-435b-b4c1-93500f53c511/export {"uuid": "20b087a7-b98d-435b-b4c1-93500f53c511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44643", "type": "seen", "source": "https://gist.github.com/alon710/8d25a2ec6d3cfd7d6115a0f90a1bb719", "content": "# CVE-2026-44643: CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions\n\n> **CVSS Score:** 9.3\n> **Published:** 2026-05-11\n> **Full Report:** https://cvereports.com/reports/CVE-2026-44643\n\n## Summary\nCVE-2026-44643 is a critical sandbox escape vulnerability in the peerigon/angular-expressions library. The flaw permits unauthenticated remote code execution via prototype traversal and improper validation of filter expressions. By crafting specific malicious inputs, attackers can access the global Function constructor.\n\n## TL;DR\nA critical sandbox escape in angular-expressions < 1.5.2 allows RCE via prototype traversal in malicious filter definitions.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-95\n- **CVSS v4.0**: 9.3\n- **Attack Vector**: Network\n- **Impact**: Remote Code Execution (RCE)\n- **Privileges Required**: None\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Node.js environments utilizing peerigon/angular-expressions\n- Browser applications relying on client-side expression evaluation\n- **angular-expressions**: < 1.5.2 (Fixed in: `1.5.2`)\n\n## Mitigation\n\n- Upgrade Library\n- Runtime Hardening\n- Input Validation\n- Content Security Policy\n\n**Remediation Steps:**\n1. Update package.json to require angular-expressions version 1.5.2 or higher.\n2. Execute 'npm install' or 'yarn install' to pull the patched dependency into the build environment.\n3. Deploy the updated application to production environments.\n4. Modify the Node.js startup command to include the '--disable-proto=delete' flag.\n5. Implement application-level filtering to reject strings containing 'constructor' or '__proto__'.\n\n## References\n\n- [GitHub Security Advisory GHSA-pw8r-6689-xvf4](https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4)\n- [NVD Record for CVE-2026-44643](https://nvd.nist.gov/vuln/detail/CVE-2026-44643)\n- [angular-expressions GitHub Repository](https://github.com/peerigon/angular-expressions)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-44643) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-11T16:40:29.000000Z"} {"uuid": "20b087a7-b98d-435b-b4c1-93500f53c511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44643", "type": "seen", "source": "https://gist.github.com/alon710/8d25a2ec6d3cfd7d6115a0f90a1bb719", "content": "# CVE-2026-44643: CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions\n\n> **CVSS Score:** 9.3\n> **Published:** 2026-05-11\n> **Full Report:** https://cvereports.com/reports/CVE-2026-44643\n\n## Summary\nCVE-2026-44643 is a critical sandbox escape vulnerability in the peerigon/angular-expressions library. The flaw permits unauthenticated remote code execution via prototype traversal and improper validation of filter expressions. By crafting specific malicious inputs, attackers can access the global Function constructor.\n\n## TL;DR\nA critical sandbox escape in angular-expressions < 1.5.2 allows RCE via prototype traversal in malicious filter definitions.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-95\n- **CVSS v4.0**: 9.3\n- **Attack Vector**: Network\n- **Impact**: Remote Code Execution (RCE)\n- **Privileges Required**: None\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Node.js environments utilizing peerigon/angular-expressions\n- Browser applications relying on client-side expression evaluation\n- **angular-expressions**: < 1.5.2 (Fixed in: `1.5.2`)\n\n## Mitigation\n\n- Upgrade Library\n- Runtime Hardening\n- Input Validation\n- Content Security Policy\n\n**Remediation Steps:**\n1. Update package.json to require angular-expressions version 1.5.2 or higher.\n2. Execute 'npm install' or 'yarn install' to pull the patched dependency into the build environment.\n3. Deploy the updated application to production environments.\n4. Modify the Node.js startup command to include the '--disable-proto=delete' flag.\n5. Implement application-level filtering to reject strings containing 'constructor' or '__proto__'.\n\n## References\n\n- [GitHub Security Advisory GHSA-pw8r-6689-xvf4](https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4)\n- [NVD Record for CVE-2026-44643](https://nvd.nist.gov/vuln/detail/CVE-2026-44643)\n- [angular-expressions GitHub Repository](https://github.com/peerigon/angular-expressions)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-44643) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-11T16:40:29.000000Z"} https://vulnerability.circl.lu/sighting/20b087a7-b98d-435b-b4c1-93500f53c511/export Mon, 11 May 2026 16:40:29 +0000 2d85b5b8-5ce5-434d-994f-5e2b33ef7645 https://vulnerability.circl.lu/sighting/2d85b5b8-5ce5-434d-994f-5e2b33ef7645/export {"uuid": "2d85b5b8-5ce5-434d-994f-5e2b33ef7645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44648", "type": "published-proof-of-concept", "source": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-wmm3-h9qj-p5v6", "content": "", "creation_timestamp": "2026-05-11T20:48:45.000000Z"} {"uuid": "2d85b5b8-5ce5-434d-994f-5e2b33ef7645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44648", "type": "published-proof-of-concept", "source": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-wmm3-h9qj-p5v6", "content": "", "creation_timestamp": "2026-05-11T20:48:45.000000Z"} https://vulnerability.circl.lu/sighting/2d85b5b8-5ce5-434d-994f-5e2b33ef7645/export Mon, 11 May 2026 20:48:45 +0000 934a57bd-566b-4fae-9655-b6e55f8a3222 https://vulnerability.circl.lu/sighting/934a57bd-566b-4fae-9655-b6e55f8a3222/export {"uuid": "934a57bd-566b-4fae-9655-b6e55f8a3222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44649", "type": "published-proof-of-concept", "source": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh", "content": "", "creation_timestamp": "2026-05-11T20:55:05.000000Z"} {"uuid": "934a57bd-566b-4fae-9655-b6e55f8a3222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44649", "type": "published-proof-of-concept", "source": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh", "content": "", "creation_timestamp": "2026-05-11T20:55:05.000000Z"} https://vulnerability.circl.lu/sighting/934a57bd-566b-4fae-9655-b6e55f8a3222/export Mon, 11 May 2026 20:55:05 +0000 58cad003-09a8-43c5-adce-aaa366a1608c https://vulnerability.circl.lu/sighting/58cad003-09a8-43c5-adce-aaa366a1608c/export {"uuid": "58cad003-09a8-43c5-adce-aaa366a1608c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzncomdn62v", "content": "\ud83d\udfe0 CVE-2026-44648 - High (7.5)\n\nSillyTavern is a locally installed user interface that allows users to interact with text generat...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44648/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T23:00:59.027594Z"} {"uuid": "58cad003-09a8-43c5-adce-aaa366a1608c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzncomdn62v", "content": "\ud83d\udfe0 CVE-2026-44648 - High (7.5)\n\nSillyTavern is a locally installed user interface that allows users to interact with text generat...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44648/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T23:00:59.027594Z"} https://vulnerability.circl.lu/sighting/58cad003-09a8-43c5-adce-aaa366a1608c/export Fri, 29 May 2026 23:00:59 +0000 5a993530-c1db-4b11-b21c-29d398ee52ac https://vulnerability.circl.lu/sighting/5a993530-c1db-4b11-b21c-29d398ee52ac/export {"uuid": "5a993530-c1db-4b11-b21c-29d398ee52ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44649", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmztyivcqg2q", "content": "\ud83d\udd34 CVE-2026-44649 - Critical (9.8)\n\nSillyTavern is a locally installed user interface that allows users to interact with text generat...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44649/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-30T01:00:33.288066Z"} {"uuid": "5a993530-c1db-4b11-b21c-29d398ee52ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44649", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmztyivcqg2q", "content": "\ud83d\udd34 CVE-2026-44649 - Critical (9.8)\n\nSillyTavern is a locally installed user interface that allows users to interact with text generat...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44649/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-30T01:00:33.288066Z"} https://vulnerability.circl.lu/sighting/5a993530-c1db-4b11-b21c-29d398ee52ac/export Sat, 30 May 2026 01:00:33 +0000