<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 17:34:55 +0000</lastBuildDate>
    <item>
      <title>c6c83474-ee35-4f6f-8161-8be4d12c6a6a</title>
      <link>https://vulnerability.circl.lu/sighting/c6c83474-ee35-4f6f-8161-8be4d12c6a6a/export</link>
      <description>{"uuid": "c6c83474-ee35-4f6f-8161-8be4d12c6a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45368", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqsfii3i6n2h", "content": "CVE-2026-45368 - Kirby: Cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend\nCVE ID : CVE-2026-45368\n \n Published : July 16, 2026, 10:17 p.m. | 17\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. In versions pr...", "creation_timestamp": "2026-07-16T23:33:10.374346Z"}</description>
      <content:encoded>{"uuid": "c6c83474-ee35-4f6f-8161-8be4d12c6a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45368", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqsfii3i6n2h", "content": "CVE-2026-45368 - Kirby: Cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend\nCVE ID : CVE-2026-45368\n \n Published : July 16, 2026, 10:17 p.m. | 17\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. In versions pr...", "creation_timestamp": "2026-07-16T23:33:10.374346Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c6c83474-ee35-4f6f-8161-8be4d12c6a6a/export</guid>
      <pubDate>Thu, 16 Jul 2026 23:33:10 +0000</pubDate>
    </item>
    <item>
      <title>1068df3b-d79e-4458-a8df-0f2ff4e34dd8</title>
      <link>https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export</link>
      <description>{"uuid": "1068df3b-d79e-4458-a8df-0f2ff4e34dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnn7o72j22i", "content": "CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass\nCVE ID : CVE-2026-45363\n \n Published : July 14, 2026, 10:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT...", "creation_timestamp": "2026-07-15T02:08:06.573441Z"}</description>
      <content:encoded>{"uuid": "1068df3b-d79e-4458-a8df-0f2ff4e34dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnn7o72j22i", "content": "CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass\nCVE ID : CVE-2026-45363\n \n Published : July 14, 2026, 10:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT...", "creation_timestamp": "2026-07-15T02:08:06.573441Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export</guid>
      <pubDate>Wed, 15 Jul 2026 02:08:06 +0000</pubDate>
    </item>
    <item>
      <title>d3b923ca-2333-43ff-9e2f-a067b8fa09a6</title>
      <link>https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export</link>
      <description>{"uuid": "d3b923ca-2333-43ff-9e2f-a067b8fa09a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116921050127676424", "content": "CVE-2026-45363: CRITICAL improper authentication in ruby-jwt (&amp;lt;2.10.3, &amp;lt;3.2.0) lets attackers forge JWTs with empty HMAC keys. Immediate upgrade required to 2.10.3/3.2.0. Impact: auth bypass, high integrity risk. https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #CVE202645363 #ruby #jwt #infosec", "creation_timestamp": "2026-07-15T00:00:44.533087Z"}</description>
      <content:encoded>{"uuid": "d3b923ca-2333-43ff-9e2f-a067b8fa09a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116921050127676424", "content": "CVE-2026-45363: CRITICAL improper authentication in ruby-jwt (&amp;lt;2.10.3, &amp;lt;3.2.0) lets attackers forge JWTs with empty HMAC keys. Immediate upgrade required to 2.10.3/3.2.0. Impact: auth bypass, high integrity risk. https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #CVE202645363 #ruby #jwt #infosec", "creation_timestamp": "2026-07-15T00:00:44.533087Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export</guid>
      <pubDate>Wed, 15 Jul 2026 00:00:44 +0000</pubDate>
    </item>
    <item>
      <title>26e33862-a2f7-43d5-86a9-a7e156c5e735</title>
      <link>https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export</link>
      <description>{"uuid": "26e33862-a2f7-43d5-86a9-a7e156c5e735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqng3v7m442f", "content": "ruby-jwt CRITICAL vulnerability (CVE-2026-45363): Versions &amp;lt;2.10.3 &amp;amp; &amp;lt;3.2.0 let attackers forge JWT tokens with empty HMAC keys. Upgrade to 2.10.3/3.2.0 now. \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #rubyjwt #CVE202645363", "creation_timestamp": "2026-07-15T00:00:43.319112Z"}</description>
      <content:encoded>{"uuid": "26e33862-a2f7-43d5-86a9-a7e156c5e735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqng3v7m442f", "content": "ruby-jwt CRITICAL vulnerability (CVE-2026-45363): Versions &amp;lt;2.10.3 &amp;amp; &amp;lt;3.2.0 let attackers forge JWT tokens with empty HMAC keys. Upgrade to 2.10.3/3.2.0 now. \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #rubyjwt #CVE202645363", "creation_timestamp": "2026-07-15T00:00:43.319112Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export</guid>
      <pubDate>Wed, 15 Jul 2026 00:00:43 +0000</pubDate>
    </item>
    <item>
      <title>af1c7d2f-fc13-4109-b787-5428399d772d</title>
      <link>https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export</link>
      <description>{"uuid": "af1c7d2f-fc13-4109-b787-5428399d772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaypv4m2v", "content": "CVE-2026-45363 - jwt\nAn attacker can forge a valid JWT token without knowing the secret key. This is possible if the key is empty, or if the keyfinder returns an empty string or nil. To prevent this,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jwt #timrudat #Ruby #CVE #infosec", "creation_timestamp": "2026-07-14T22:16:11.854835Z"}</description>
      <content:encoded>{"uuid": "af1c7d2f-fc13-4109-b787-5428399d772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaypv4m2v", "content": "CVE-2026-45363 - jwt\nAn attacker can forge a valid JWT token without knowing the secret key. This is possible if the key is empty, or if the keyfinder returns an empty string or nil. To prevent this,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jwt #timrudat #Ruby #CVE #infosec", "creation_timestamp": "2026-07-14T22:16:11.854835Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export</guid>
      <pubDate>Tue, 14 Jul 2026 22:16:11 +0000</pubDate>
    </item>
    <item>
      <title>08bd2ae2-95b3-4537-b4cb-823ab97192ce</title>
      <link>https://vulnerability.circl.lu/sighting/08bd2ae2-95b3-4537-b4cb-823ab97192ce/export</link>
      <description>{"uuid": "08bd2ae2-95b3-4537-b4cb-823ab97192ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45367", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mq67w72ugf2l", "content": "\ud83d\udea8 EUVD-2026-42440\n\ud83d\udcca 7.5/10\n\ud83c\udfe2 hapifhir\n\n\ud83d\udcdd HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 inco...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42440\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-07-08T23:00:13.326567Z"}</description>
      <content:encoded>{"uuid": "08bd2ae2-95b3-4537-b4cb-823ab97192ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45367", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mq67w72ugf2l", "content": "\ud83d\udea8 EUVD-2026-42440\n\ud83d\udcca 7.5/10\n\ud83c\udfe2 hapifhir\n\n\ud83d\udcdd HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 inco...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-42440\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-07-08T23:00:13.326567Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/08bd2ae2-95b3-4537-b4cb-823ab97192ce/export</guid>
      <pubDate>Wed, 08 Jul 2026 23:00:13 +0000</pubDate>
    </item>
    <item>
      <title>ccadb69a-a196-4f0f-8ca4-a018ec7ffe61</title>
      <link>https://vulnerability.circl.lu/sighting/ccadb69a-a196-4f0f-8ca4-a018ec7ffe61/export</link>
      <description>{"uuid": "ccadb69a-a196-4f0f-8ca4-a018ec7ffe61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45360", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5or2ktfg26", "content": "CVE-2026-45360: Apache Airflow: Arbitrary import in custom deadline-reference deserialization", "creation_timestamp": "2026-05-31T13:37:32.436951Z"}</description>
      <content:encoded>{"uuid": "ccadb69a-a196-4f0f-8ca4-a018ec7ffe61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45360", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5or2ktfg26", "content": "CVE-2026-45360: Apache Airflow: Arbitrary import in custom deadline-reference deserialization", "creation_timestamp": "2026-05-31T13:37:32.436951Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ccadb69a-a196-4f0f-8ca4-a018ec7ffe61/export</guid>
      <pubDate>Sun, 31 May 2026 13:37:32 +0000</pubDate>
    </item>
    <item>
      <title>2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1</title>
      <link>https://vulnerability.circl.lu/sighting/2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1/export</link>
      <description>{"uuid": "2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45361", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmuwrpmrwn2u", "content": "\ud83d\udccc CVE-2026-45361 - Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker... https://www.cyberhub.blog/cves/CVE-2026-45361", "creation_timestamp": "2026-05-28T02:07:07.303278Z"}</description>
      <content:encoded>{"uuid": "2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45361", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmuwrpmrwn2u", "content": "\ud83d\udccc CVE-2026-45361 - Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker... https://www.cyberhub.blog/cves/CVE-2026-45361", "creation_timestamp": "2026-05-28T02:07:07.303278Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2a6e8f37-7f3b-4b6d-a5c7-22ded4d8d5f1/export</guid>
      <pubDate>Thu, 28 May 2026 02:07:07 +0000</pubDate>
    </item>
    <item>
      <title>1aa95318-5231-43fe-86cd-d41be44d2b51</title>
      <link>https://vulnerability.circl.lu/sighting/1aa95318-5231-43fe-86cd-d41be44d2b51/export</link>
      <description>{"uuid": "1aa95318-5231-43fe-86cd-d41be44d2b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45369", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlugqvo6dx2e", "content": "\ud83d\udfe0 CVE-2026-45369 - High (8.3)\n\npython-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args metho...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45369/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-15T03:57:20.807439Z"}</description>
      <content:encoded>{"uuid": "1aa95318-5231-43fe-86cd-d41be44d2b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45369", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlugqvo6dx2e", "content": "\ud83d\udfe0 CVE-2026-45369 - High (8.3)\n\npython-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args metho...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45369/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-15T03:57:20.807439Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1aa95318-5231-43fe-86cd-d41be44d2b51/export</guid>
      <pubDate>Fri, 15 May 2026 03:57:20 +0000</pubDate>
    </item>
    <item>
      <title>6e8d5c9c-829a-43e2-bef4-e15769e9417a</title>
      <link>https://vulnerability.circl.lu/sighting/6e8d5c9c-829a-43e2-bef4-e15769e9417a/export</link>
      <description>{"uuid": "6e8d5c9c-829a-43e2-bef4-e15769e9417a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45369", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mluafm52ux2q", "content": "CVE-2026-45369 - python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol\nCVE ID : CVE-2026-45369\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : python-utcp is the python implementation of UTCP. Prior...", "creation_timestamp": "2026-05-15T02:01:26.588024Z"}</description>
      <content:encoded>{"uuid": "6e8d5c9c-829a-43e2-bef4-e15769e9417a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45369", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mluafm52ux2q", "content": "CVE-2026-45369 - python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol\nCVE ID : CVE-2026-45369\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : python-utcp is the python implementation of UTCP. Prior...", "creation_timestamp": "2026-05-15T02:01:26.588024Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6e8d5c9c-829a-43e2-bef4-e15769e9417a/export</guid>
      <pubDate>Fri, 15 May 2026 02:01:26 +0000</pubDate>
    </item>
  </channel>
</rss>
