<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 16 Jul 2026 13:18:01 +0000</lastBuildDate>
    <item>
      <title>83a23b17-be05-488f-9182-aed74e0788f6</title>
      <link>https://vulnerability.circl.lu/sighting/83a23b17-be05-488f-9182-aed74e0788f6/export</link>
      <description>{"uuid": "83a23b17-be05-488f-9182-aed74e0788f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46339", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqqam6zeky26", "content": "CVE-2026-46339 in decolua 9Router (&amp;lt;0.4.37): CRITICAL OS command injection lets unauthenticated attackers fully compromise systems. Upgrade to 0.4.37 now. https://radar.offseq.com/threat/cve-2026-46339-cwe-78-improper-neutralization-of-s-96ae550cea593bb1 #OffSeq #CVE #security", "creation_timestamp": "2026-07-16T03:00:27.443537Z"}</description>
      <content:encoded>{"uuid": "83a23b17-be05-488f-9182-aed74e0788f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46339", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqqam6zeky26", "content": "CVE-2026-46339 in decolua 9Router (&amp;lt;0.4.37): CRITICAL OS command injection lets unauthenticated attackers fully compromise systems. Upgrade to 0.4.37 now. https://radar.offseq.com/threat/cve-2026-46339-cwe-78-improper-neutralization-of-s-96ae550cea593bb1 #OffSeq #CVE #security", "creation_timestamp": "2026-07-16T03:00:27.443537Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/83a23b17-be05-488f-9182-aed74e0788f6/export</guid>
      <pubDate>Thu, 16 Jul 2026 03:00:27 +0000</pubDate>
    </item>
    <item>
      <title>32d87a3d-f322-45b1-88ae-3bb3fad0e471</title>
      <link>https://vulnerability.circl.lu/sighting/32d87a3d-f322-45b1-88ae-3bb3fad0e471/export</link>
      <description>{"uuid": "32d87a3d-f322-45b1-88ae-3bb3fad0e471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46339", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116927419172028216", "content": "CRITICAL: CVE-2026-46339 impacts decolua 9Router (&amp;lt;0.4.37). OS command injection via exposed API lets unauth attackers gain full control. Patch to 0.4.37 now! https://radar.offseq.com/threat/cve-2026-46339-cwe-78-improper-neutralization-of-s-96ae550cea593bb1 #OffSeq #CVE202646339 #infosec #security", "creation_timestamp": "2026-07-16T03:00:25.538953Z"}</description>
      <content:encoded>{"uuid": "32d87a3d-f322-45b1-88ae-3bb3fad0e471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46339", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116927419172028216", "content": "CRITICAL: CVE-2026-46339 impacts decolua 9Router (&amp;lt;0.4.37). OS command injection via exposed API lets unauth attackers gain full control. Patch to 0.4.37 now! https://radar.offseq.com/threat/cve-2026-46339-cwe-78-improper-neutralization-of-s-96ae550cea593bb1 #OffSeq #CVE202646339 #infosec #security", "creation_timestamp": "2026-07-16T03:00:25.538953Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/32d87a3d-f322-45b1-88ae-3bb3fad0e471/export</guid>
      <pubDate>Thu, 16 Jul 2026 03:00:25 +0000</pubDate>
    </item>
    <item>
      <title>44111896-18b3-46c2-a90b-945d312fea4a</title>
      <link>https://vulnerability.circl.lu/sighting/44111896-18b3-46c2-a90b-945d312fea4a/export</link>
      <description>{"uuid": "44111896-18b3-46c2-a90b-945d312fea4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqq23ub7dj2e", "content": "CVE-2026-46339 - 9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes\nCVE ID : CVE-2026-46339\n \n Published : July 15, 2026, 9:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : 9Router is an AI router &amp;amp; token saver. From 0.4.30 until 0.4.3...", "creation_timestamp": "2026-07-16T01:03:56.409644Z"}</description>
      <content:encoded>{"uuid": "44111896-18b3-46c2-a90b-945d312fea4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqq23ub7dj2e", "content": "CVE-2026-46339 - 9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes\nCVE ID : CVE-2026-46339\n \n Published : July 15, 2026, 9:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : 9Router is an AI router &amp;amp; token saver. From 0.4.30 until 0.4.3...", "creation_timestamp": "2026-07-16T01:03:56.409644Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/44111896-18b3-46c2-a90b-945d312fea4a/export</guid>
      <pubDate>Thu, 16 Jul 2026 01:03:56 +0000</pubDate>
    </item>
    <item>
      <title>af0df7d4-e2a3-44fd-8bdd-62e3505582c6</title>
      <link>https://vulnerability.circl.lu/sighting/af0df7d4-e2a3-44fd-8bdd-62e3505582c6/export</link>
      <description>{"uuid": "af0df7d4-e2a3-44fd-8bdd-62e3505582c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-46339.yaml", "content": "", "creation_timestamp": "2026-07-16T00:00:03.619820Z"}</description>
      <content:encoded>{"uuid": "af0df7d4-e2a3-44fd-8bdd-62e3505582c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-46339.yaml", "content": "", "creation_timestamp": "2026-07-16T00:00:03.619820Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/af0df7d4-e2a3-44fd-8bdd-62e3505582c6/export</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:03 +0000</pubDate>
    </item>
    <item>
      <title>86ae5892-b393-43ee-ad7f-fd309da4260f</title>
      <link>https://vulnerability.circl.lu/sighting/86ae5892-b393-43ee-ad7f-fd309da4260f/export</link>
      <description>{"uuid": "86ae5892-b393-43ee-ad7f-fd309da4260f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqpq2aalhz2a", "content": "CVE-2026-46339 - 9router\nThe 9router software exposes unauthenticated API endpoints that can be used to execute arbitrary OS commands without any prerequisites or credentials. This vulnerability exists\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#9router #decolua #npm #CVE #infosec", "creation_timestamp": "2026-07-15T22:04:04.465509Z"}</description>
      <content:encoded>{"uuid": "86ae5892-b393-43ee-ad7f-fd309da4260f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqpq2aalhz2a", "content": "CVE-2026-46339 - 9router\nThe 9router software exposes unauthenticated API endpoints that can be used to execute arbitrary OS commands without any prerequisites or credentials. This vulnerability exists\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#9router #decolua #npm #CVE #infosec", "creation_timestamp": "2026-07-15T22:04:04.465509Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/86ae5892-b393-43ee-ad7f-fd309da4260f/export</guid>
      <pubDate>Wed, 15 Jul 2026 22:04:04 +0000</pubDate>
    </item>
    <item>
      <title>97f2a303-9e0e-427c-8b69-012c7af545f7</title>
      <link>https://vulnerability.circl.lu/sighting/97f2a303-9e0e-427c-8b69-012c7af545f7/export</link>
      <description>{"uuid": "97f2a303-9e0e-427c-8b69-012c7af545f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-46339.yaml", "content": "", "creation_timestamp": "2026-07-15T06:00:04.825296Z"}</description>
      <content:encoded>{"uuid": "97f2a303-9e0e-427c-8b69-012c7af545f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46339", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-46339.yaml", "content": "", "creation_timestamp": "2026-07-15T06:00:04.825296Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/97f2a303-9e0e-427c-8b69-012c7af545f7/export</guid>
      <pubDate>Wed, 15 Jul 2026 06:00:04 +0000</pubDate>
    </item>
    <item>
      <title>bd6f372c-a933-4319-b6df-f755fb5034fe</title>
      <link>https://vulnerability.circl.lu/sighting/bd6f372c-a933-4319-b6df-f755fb5034fe/export</link>
      <description>{"uuid": "bd6f372c-a933-4319-b6df-f755fb5034fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46339", "type": "published-proof-of-concept", "source": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj", "content": "", "creation_timestamp": "2026-05-13T13:15:48.000000Z"}</description>
      <content:encoded>{"uuid": "bd6f372c-a933-4319-b6df-f755fb5034fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46339", "type": "published-proof-of-concept", "source": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj", "content": "", "creation_timestamp": "2026-05-13T13:15:48.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bd6f372c-a933-4319-b6df-f755fb5034fe/export</guid>
      <pubDate>Wed, 13 May 2026 13:15:48 +0000</pubDate>
    </item>
  </channel>
</rss>
