https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 29 Jun 2026 13:49:04 +0000 https://vulnerability.circl.lu/sighting/6fa5823d-5693-4f75-8050-12e1be6ebf08/export {"uuid": "6fa5823d-5693-4f75-8050-12e1be6ebf08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48500", "type": "seen", "source": "https://gist.github.com/alon710/f3efb3a6eb14f85378da7277ba2da374", "content": "# CVE-2026-48500: CVE-2026-48500: Unauthenticated File Upload and Resource Exhaustion in Filament Admins\n\n> **CVSS Score:** 6.5\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48500\n\n## Summary\nCVE-2026-48500 is an authorization bypass vulnerability within Filament, a full-stack Laravel administration panel suite. The flaw arises from the unauthenticated exposure of Livewire's file upload RPC endpoints on guest-facing pages, allowing remote actors to upload arbitrary files to temporary storage, potentially leading to storage exhaustion and service disruption.\n\n## TL;DR\nUnauthenticated users can exploit exposed Livewire file-upload endpoints on public pages to write arbitrary files to server storage, causing potential denial-of-service conditions.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-862\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 6.5\n- **EPSS Score**: 0.00207 (10.69th percentile)\n- **Impact**: Storage depletion, Denial of Service (DoS)\n- **Exploit Status**: PoC / Conceptual\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Filament Admin Panels for Laravel (filament/filament)\n- **filament/filament**: >= 3.0.0, < 3.3.52 (Fixed in: `3.3.52`)\n- **filament/filament**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/filament**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n\n## Mitigation\n\n- Upgrade filament/filament dependency to patched versions\n- Implement custom web application firewalls or middleware to block upload RPCs on unauthenticated login routes\n- Ensure all custom public Livewire components enforce strict schema limits on dynamic file handling traits\n\n**Remediation Steps:**\n1. Verify current Filament version via 'composer show filament/filament'\n2. Run 'composer update filament/filament' to pull down the latest patch updates\n3. Apply RestrictsFileUploadsToSchemaComponents or RestrictsFileUploadsToFormComponents to custom public-facing components\n\n## References\n\n- [GitHub Security Advisory GHSA-44wp-g8f4-f4v5](https://github.com/filamentphp/filament/security/advisories/GHSA-44wp-g8f4-f4v5)\n- [CVE-2026-48500 Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-48500)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48500) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T04:42:12.000000Z"} {"uuid": "6fa5823d-5693-4f75-8050-12e1be6ebf08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48500", "type": "seen", "source": "https://gist.github.com/alon710/f3efb3a6eb14f85378da7277ba2da374", "content": "# CVE-2026-48500: CVE-2026-48500: Unauthenticated File Upload and Resource Exhaustion in Filament Admins\n\n> **CVSS Score:** 6.5\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48500\n\n## Summary\nCVE-2026-48500 is an authorization bypass vulnerability within Filament, a full-stack Laravel administration panel suite. The flaw arises from the unauthenticated exposure of Livewire's file upload RPC endpoints on guest-facing pages, allowing remote actors to upload arbitrary files to temporary storage, potentially leading to storage exhaustion and service disruption.\n\n## TL;DR\nUnauthenticated users can exploit exposed Livewire file-upload endpoints on public pages to write arbitrary files to server storage, causing potential denial-of-service conditions.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-862\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 6.5\n- **EPSS Score**: 0.00207 (10.69th percentile)\n- **Impact**: Storage depletion, Denial of Service (DoS)\n- **Exploit Status**: PoC / Conceptual\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Filament Admin Panels for Laravel (filament/filament)\n- **filament/filament**: >= 3.0.0, < 3.3.52 (Fixed in: `3.3.52`)\n- **filament/filament**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/filament**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n\n## Mitigation\n\n- Upgrade filament/filament dependency to patched versions\n- Implement custom web application firewalls or middleware to block upload RPCs on unauthenticated login routes\n- Ensure all custom public Livewire components enforce strict schema limits on dynamic file handling traits\n\n**Remediation Steps:**\n1. Verify current Filament version via 'composer show filament/filament'\n2. Run 'composer update filament/filament' to pull down the latest patch updates\n3. Apply RestrictsFileUploadsToSchemaComponents or RestrictsFileUploadsToFormComponents to custom public-facing components\n\n## References\n\n- [GitHub Security Advisory GHSA-44wp-g8f4-f4v5](https://github.com/filamentphp/filament/security/advisories/GHSA-44wp-g8f4-f4v5)\n- [CVE-2026-48500 Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-48500)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48500) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T04:42:12.000000Z"} https://vulnerability.circl.lu/sighting/6fa5823d-5693-4f75-8050-12e1be6ebf08/export Wed, 24 Jun 2026 04:42:12 +0000 https://vulnerability.circl.lu/sighting/8405dc0f-f333-4d95-8e55-4a7f6ed2b40c/export {"uuid": "8405dc0f-f333-4d95-8e55-4a7f6ed2b40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48507", "type": "seen", "source": "https://gist.github.com/alon710/e0c0df432c86420f7e6e4e56d0b5a192", "content": "# CVE-2026-48507: CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features\n\n> **CVSS Score:** 7.1\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48507\n\n## Summary\nAn incorrect authorization vulnerability (CWE-863) in Snipe-IT versions prior to 8.6.0 allows authenticated, low-privileged users with granular 'users.edit' permissions to modify restricted user flags ('activated' and 'ldap_import') and merge high-privileged administrator accounts into standard user accounts. This allows an attacker to lock administrators out of the system or completely hijack administrator accounts.\n\n## TL;DR\nLow-privileged users with 'users.edit' permissions in Snipe-IT < 8.6.0 can deactivate administrative accounts or hijack them via bulk edit and user merge features, leading to complete Denial of Service or horizontal privilege escalation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-863 (Incorrect Authorization)\n- **Attack Vector**: Network / Remote\n- **CVSS Score**: 7.1 (High)\n- **EPSS Score**: 0.00194 (Percentile: 9.18%)\n- **Impact**: Privilege Escalation / Denial of Service (Administrator Lockout)\n- **Exploit Status**: Proof-of-Concept via Integration Tests\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Snipe-IT Asset Management System (versions prior to 8.6.0)\n- **Snipe-IT**: < 8.6.0 (Fixed in: `8.6.0`)\n\n## Mitigation\n\n- Upgrade Snipe-IT to version 8.6.0 or later immediately\n- Revoke 'users.edit' and 'users.delete' permissions from low-privileged users if upgrading is not immediately possible\n- Deploy WAF rules or reverse proxy blocks on endpoints '/users/bulkeditsave' and '/users/merge/save' for non-admin accounts\n\n**Remediation Steps:**\n1. Check current Snipe-IT version using administrative panel or command line\n2. If version is less than 8.6.0, run the database and codebase update tools to move to 8.6.0\n3. Verify permissions within 'Settings > Groups' to check if low-privileged users possess access to bulk-edit and user-merge actions\n4. Monitor application logs for POST actions on '/users/bulkeditsave' containing 'activated=0' payload parameters\n\n## References\n\n- [GitHub Security Advisory (GHSA-6f75-x745-xcpr)](https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr)\n- [Official Patch Commit](https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-48507)\n- [Wiz Vulnerability Database Details](https://www.wiz.io/vulnerability-database/cve/cve-2026-48507)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48507) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T02:22:36.000000Z"} {"uuid": "8405dc0f-f333-4d95-8e55-4a7f6ed2b40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48507", "type": "seen", "source": "https://gist.github.com/alon710/e0c0df432c86420f7e6e4e56d0b5a192", "content": "# CVE-2026-48507: CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features\n\n> **CVSS Score:** 7.1\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48507\n\n## Summary\nAn incorrect authorization vulnerability (CWE-863) in Snipe-IT versions prior to 8.6.0 allows authenticated, low-privileged users with granular 'users.edit' permissions to modify restricted user flags ('activated' and 'ldap_import') and merge high-privileged administrator accounts into standard user accounts. This allows an attacker to lock administrators out of the system or completely hijack administrator accounts.\n\n## TL;DR\nLow-privileged users with 'users.edit' permissions in Snipe-IT < 8.6.0 can deactivate administrative accounts or hijack them via bulk edit and user merge features, leading to complete Denial of Service or horizontal privilege escalation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-863 (Incorrect Authorization)\n- **Attack Vector**: Network / Remote\n- **CVSS Score**: 7.1 (High)\n- **EPSS Score**: 0.00194 (Percentile: 9.18%)\n- **Impact**: Privilege Escalation / Denial of Service (Administrator Lockout)\n- **Exploit Status**: Proof-of-Concept via Integration Tests\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Snipe-IT Asset Management System (versions prior to 8.6.0)\n- **Snipe-IT**: < 8.6.0 (Fixed in: `8.6.0`)\n\n## Mitigation\n\n- Upgrade Snipe-IT to version 8.6.0 or later immediately\n- Revoke 'users.edit' and 'users.delete' permissions from low-privileged users if upgrading is not immediately possible\n- Deploy WAF rules or reverse proxy blocks on endpoints '/users/bulkeditsave' and '/users/merge/save' for non-admin accounts\n\n**Remediation Steps:**\n1. Check current Snipe-IT version using administrative panel or command line\n2. If version is less than 8.6.0, run the database and codebase update tools to move to 8.6.0\n3. Verify permissions within 'Settings > Groups' to check if low-privileged users possess access to bulk-edit and user-merge actions\n4. Monitor application logs for POST actions on '/users/bulkeditsave' containing 'activated=0' payload parameters\n\n## References\n\n- [GitHub Security Advisory (GHSA-6f75-x745-xcpr)](https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr)\n- [Official Patch Commit](https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-48507)\n- [Wiz Vulnerability Database Details](https://www.wiz.io/vulnerability-database/cve/cve-2026-48507)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48507) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T02:22:36.000000Z"} https://vulnerability.circl.lu/sighting/8405dc0f-f333-4d95-8e55-4a7f6ed2b40c/export Wed, 24 Jun 2026 02:22:36 +0000 https://vulnerability.circl.lu/sighting/681024e9-eecb-4144-abaf-c26b600c4ca2/export {"uuid": "681024e9-eecb-4144-abaf-c26b600c4ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48507", "type": "seen", "source": "https://gist.github.com/alon710/3da2d0271b4ce13266c6eb8e48512bfd", "content": "# CVE-2026-48507: CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features\n\n> **CVSS Score:** 7.1\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48507\n\n## Summary\nAn incorrect authorization vulnerability (CWE-863) in Snipe-IT versions prior to 8.6.0 allows authenticated, low-privileged users with granular 'users.edit' permissions to modify restricted user flags ('activated' and 'ldap_import') and merge high-privileged administrator accounts into standard user accounts. This allows an attacker to lock administrators out of the system or completely hijack administrator accounts.\n\n## TL;DR\nLow-privileged users with 'users.edit' permissions in Snipe-IT < 8.6.0 can deactivate administrative accounts or hijack them via bulk edit and user merge features, leading to complete Denial of Service or horizontal privilege escalation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-863 (Incorrect Authorization)\n- **Attack Vector**: Network / Remote\n- **CVSS Score**: 7.1 (High)\n- **EPSS Score**: 0.00194 (Percentile: 9.18%)\n- **Impact**: Privilege Escalation / Denial of Service (Administrator Lockout)\n- **Exploit Status**: Proof-of-Concept via Integration Tests\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Snipe-IT Asset Management System (versions prior to 8.6.0)\n- **Snipe-IT**: < 8.6.0 (Fixed in: `8.6.0`)\n\n## Mitigation\n\n- Upgrade Snipe-IT to version 8.6.0 or later immediately\n- Revoke 'users.edit' and 'users.delete' permissions from low-privileged users if upgrading is not immediately possible\n- Deploy WAF rules or reverse proxy blocks on endpoints '/users/bulkeditsave' and '/users/merge/save' for non-admin accounts\n\n**Remediation Steps:**\n1. Check current Snipe-IT version using administrative panel or command line\n2. If version is less than 8.6.0, run the database and codebase update tools to move to 8.6.0\n3. Verify permissions within 'Settings > Groups' to check if low-privileged users possess access to bulk-edit and user-merge actions\n4. Monitor application logs for POST actions on '/users/bulkeditsave' containing 'activated=0' payload parameters\n\n## References\n\n- [GitHub Security Advisory (GHSA-6f75-x745-xcpr)](https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr)\n- [Official Patch Commit](https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-48507)\n- [Wiz Vulnerability Database Details](https://www.wiz.io/vulnerability-database/cve/cve-2026-48507)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48507) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T02:11:40.000000Z"} {"uuid": "681024e9-eecb-4144-abaf-c26b600c4ca2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48507", "type": "seen", "source": "https://gist.github.com/alon710/3da2d0271b4ce13266c6eb8e48512bfd", "content": "# CVE-2026-48507: CVE-2026-48507: Incorrect Authorization in Snipe-IT Bulk User Edit and Merge Features\n\n> **CVSS Score:** 7.1\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48507\n\n## Summary\nAn incorrect authorization vulnerability (CWE-863) in Snipe-IT versions prior to 8.6.0 allows authenticated, low-privileged users with granular 'users.edit' permissions to modify restricted user flags ('activated' and 'ldap_import') and merge high-privileged administrator accounts into standard user accounts. This allows an attacker to lock administrators out of the system or completely hijack administrator accounts.\n\n## TL;DR\nLow-privileged users with 'users.edit' permissions in Snipe-IT < 8.6.0 can deactivate administrative accounts or hijack them via bulk edit and user merge features, leading to complete Denial of Service or horizontal privilege escalation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-863 (Incorrect Authorization)\n- **Attack Vector**: Network / Remote\n- **CVSS Score**: 7.1 (High)\n- **EPSS Score**: 0.00194 (Percentile: 9.18%)\n- **Impact**: Privilege Escalation / Denial of Service (Administrator Lockout)\n- **Exploit Status**: Proof-of-Concept via Integration Tests\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Snipe-IT Asset Management System (versions prior to 8.6.0)\n- **Snipe-IT**: < 8.6.0 (Fixed in: `8.6.0`)\n\n## Mitigation\n\n- Upgrade Snipe-IT to version 8.6.0 or later immediately\n- Revoke 'users.edit' and 'users.delete' permissions from low-privileged users if upgrading is not immediately possible\n- Deploy WAF rules or reverse proxy blocks on endpoints '/users/bulkeditsave' and '/users/merge/save' for non-admin accounts\n\n**Remediation Steps:**\n1. Check current Snipe-IT version using administrative panel or command line\n2. If version is less than 8.6.0, run the database and codebase update tools to move to 8.6.0\n3. Verify permissions within 'Settings > Groups' to check if low-privileged users possess access to bulk-edit and user-merge actions\n4. Monitor application logs for POST actions on '/users/bulkeditsave' containing 'activated=0' payload parameters\n\n## References\n\n- [GitHub Security Advisory (GHSA-6f75-x745-xcpr)](https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr)\n- [Official Patch Commit](https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-48507)\n- [Wiz Vulnerability Database Details](https://www.wiz.io/vulnerability-database/cve/cve-2026-48507)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48507) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T02:11:40.000000Z"} https://vulnerability.circl.lu/sighting/681024e9-eecb-4144-abaf-c26b600c4ca2/export Wed, 24 Jun 2026 02:11:40 +0000 https://vulnerability.circl.lu/sighting/b633b10e-d0eb-4ebd-b442-e8f1ed3350c3/export {"uuid": "b633b10e-d0eb-4ebd-b442-e8f1ed3350c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48505", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow6lzrmz42a", "content": "CVE-2026-48505 - Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission\nCVE ID : CVE-2026-48505\n \n Published : June 22, 2026, 9:39 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : Filament is a collection of full-sta...", "creation_timestamp": "2026-06-23T00:50:09.097391Z"} {"uuid": "b633b10e-d0eb-4ebd-b442-e8f1ed3350c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48505", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow6lzrmz42a", "content": "CVE-2026-48505 - Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission\nCVE ID : CVE-2026-48505\n \n Published : June 22, 2026, 9:39 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : Filament is a collection of full-sta...", "creation_timestamp": "2026-06-23T00:50:09.097391Z"} https://vulnerability.circl.lu/sighting/b633b10e-d0eb-4ebd-b442-e8f1ed3350c3/export Tue, 23 Jun 2026 00:50:09 +0000 https://vulnerability.circl.lu/sighting/228d9e4c-95d7-4ad7-912f-e6b5f334e4e7/export {"uuid": "228d9e4c-95d7-4ad7-912f-e6b5f334e4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48502", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow6ee6ob22q", "content": "CVE-2026-48502 - MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows\nCVE ID : CVE-2026-48502\n \n Published : June 22, 2026, 9:18 p.m. | 2\u00a0hours, 25\u00a0minutes ago\n \n Description : MessagePack for C# is a Messag...", "creation_timestamp": "2026-06-23T00:45:51.694083Z"} {"uuid": "228d9e4c-95d7-4ad7-912f-e6b5f334e4e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48502", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow6ee6ob22q", "content": "CVE-2026-48502 - MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows\nCVE ID : CVE-2026-48502\n \n Published : June 22, 2026, 9:18 p.m. | 2\u00a0hours, 25\u00a0minutes ago\n \n Description : MessagePack for C# is a Messag...", "creation_timestamp": "2026-06-23T00:45:51.694083Z"} https://vulnerability.circl.lu/sighting/228d9e4c-95d7-4ad7-912f-e6b5f334e4e7/export Tue, 23 Jun 2026 00:45:51 +0000 https://vulnerability.circl.lu/sighting/68d440fc-c451-4fae-a294-4966e2d837dc/export {"uuid": "68d440fc-c451-4fae-a294-4966e2d837dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48509", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow65lsemi23", "content": "CVE-2026-48509 - MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies\nCVE ID : CVE-2026-48509\n \n Published : June 22, 2026, 9:16 p.m. | 2\u00a0hours, 27\u00a0minutes ago\n \n Description : MessagePack for C# is a MessagePack serializer...", "creation_timestamp": "2026-06-23T00:42:06.524609Z"} {"uuid": "68d440fc-c451-4fae-a294-4966e2d837dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48509", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow65lsemi23", "content": "CVE-2026-48509 - MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies\nCVE ID : CVE-2026-48509\n \n Published : June 22, 2026, 9:16 p.m. | 2\u00a0hours, 27\u00a0minutes ago\n \n Description : MessagePack for C# is a MessagePack serializer...", "creation_timestamp": "2026-06-23T00:42:06.524609Z"} https://vulnerability.circl.lu/sighting/68d440fc-c451-4fae-a294-4966e2d837dc/export Tue, 23 Jun 2026 00:42:06 +0000 https://vulnerability.circl.lu/sighting/bfad036b-1d8f-43bc-ae4c-73fbd9977b74/export {"uuid": "bfad036b-1d8f-43bc-ae4c-73fbd9977b74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48500", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow5xmq4hl2q", "content": "CVE-2026-48500 - Filament: Unauthenticated temporary file upload on auth pages\nCVE ID : CVE-2026-48500\n \n Published : June 22, 2026, 9:41 p.m. | 2\u00a0hours, 2\u00a0minutes ago\n \n Description : Filament is a collection of full-stack components for accelerated Laravel development. From ...", "creation_timestamp": "2026-06-23T00:38:44.476435Z"} {"uuid": "bfad036b-1d8f-43bc-ae4c-73fbd9977b74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48500", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow5xmq4hl2q", "content": "CVE-2026-48500 - Filament: Unauthenticated temporary file upload on auth pages\nCVE ID : CVE-2026-48500\n \n Published : June 22, 2026, 9:41 p.m. | 2\u00a0hours, 2\u00a0minutes ago\n \n Description : Filament is a collection of full-stack components for accelerated Laravel development. From ...", "creation_timestamp": "2026-06-23T00:38:44.476435Z"} https://vulnerability.circl.lu/sighting/bfad036b-1d8f-43bc-ae4c-73fbd9977b74/export Tue, 23 Jun 2026 00:38:44 +0000 https://vulnerability.circl.lu/sighting/f8526a77-bf4d-40e0-b426-6cbbda469399/export {"uuid": "f8526a77-bf4d-40e0-b426-6cbbda469399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48506", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow5neb5pq2v", "content": "CVE-2026-48506 - MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth\nCVE ID : CVE-2026-48506\n \n Published : June 22, 2026, 9:17 p.m. | 2\u00a0hours, 26\u00a0minutes ago\n \n Description : MessagePack for C# is a MessagePack serializer for C#...", "creation_timestamp": "2026-06-23T00:32:59.920995Z"} {"uuid": "f8526a77-bf4d-40e0-b426-6cbbda469399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48506", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow5neb5pq2v", "content": "CVE-2026-48506 - MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth\nCVE ID : CVE-2026-48506\n \n Published : June 22, 2026, 9:17 p.m. | 2\u00a0hours, 26\u00a0minutes ago\n \n Description : MessagePack for C# is a MessagePack serializer for C#...", "creation_timestamp": "2026-06-23T00:32:59.920995Z"} https://vulnerability.circl.lu/sighting/f8526a77-bf4d-40e0-b426-6cbbda469399/export Tue, 23 Jun 2026 00:32:59 +0000 https://vulnerability.circl.lu/sighting/fc5225b4-5f9e-4d7f-94df-bf8a2f2dc0d3/export {"uuid": "fc5225b4-5f9e-4d7f-94df-bf8a2f2dc0d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4850", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3minlqheimq2w", "content": "", "creation_timestamp": "2026-04-04T06:20:09.906111Z"} {"uuid": "fc5225b4-5f9e-4d7f-94df-bf8a2f2dc0d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4850", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3minlqheimq2w", "content": "", "creation_timestamp": "2026-04-04T06:20:09.906111Z"} https://vulnerability.circl.lu/sighting/fc5225b4-5f9e-4d7f-94df-bf8a2f2dc0d3/export Sat, 04 Apr 2026 06:20:09 +0000 https://vulnerability.circl.lu/sighting/38a5c563-ed7e-4682-8bff-5dfc9b44610a/export {"uuid": "38a5c563-ed7e-4682-8bff-5dfc9b44610a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4850", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhxdt3xewl23", "content": "", "creation_timestamp": "2026-03-26T09:59:53.817739Z"} {"uuid": "38a5c563-ed7e-4682-8bff-5dfc9b44610a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4850", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhxdt3xewl23", "content": "", "creation_timestamp": "2026-03-26T09:59:53.817739Z"} https://vulnerability.circl.lu/sighting/38a5c563-ed7e-4682-8bff-5dfc9b44610a/export Thu, 26 Mar 2026 09:59:53 +0000