<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 10 Jul 2026 03:29:58 +0000</lastBuildDate>
    <item>
      <title>739119cd-9f52-4270-9eaf-8ef6d44f4acf</title>
      <link>https://vulnerability.circl.lu/sighting/739119cd-9f52-4270-9eaf-8ef6d44f4acf/export</link>
      <description>{"uuid": "739119cd-9f52-4270-9eaf-8ef6d44f4acf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116870089136632895", "content": "CVE-2026-59509 (CRITICAL): cve-search POST /fetch_cve_data allows unauth'd access to arbitrary MongoDB collections, exposing admin creds for offline cracking. Restrict endpoint, monitor activity, check vendor updates. https://radar.offseq.com/threat/ghsa-3fmp-59v6-4qw2-ddbb46f84ba1bbe2 #OffSeq #infosec #CVE202659509", "creation_timestamp": "2026-07-06T00:00:38.620312Z"}</description>
      <content:encoded>{"uuid": "739119cd-9f52-4270-9eaf-8ef6d44f4acf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116870089136632895", "content": "CVE-2026-59509 (CRITICAL): cve-search POST /fetch_cve_data allows unauth'd access to arbitrary MongoDB collections, exposing admin creds for offline cracking. Restrict endpoint, monitor activity, check vendor updates. https://radar.offseq.com/threat/ghsa-3fmp-59v6-4qw2-ddbb46f84ba1bbe2 #OffSeq #infosec #CVE202659509", "creation_timestamp": "2026-07-06T00:00:38.620312Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/739119cd-9f52-4270-9eaf-8ef6d44f4acf/export</guid>
      <pubDate>Mon, 06 Jul 2026 00:00:38 +0000</pubDate>
    </item>
    <item>
      <title>feb228e7-b3d7-4206-a841-ccdf714db306</title>
      <link>https://vulnerability.circl.lu/sighting/feb228e7-b3d7-4206-a841-ccdf714db306/export</link>
      <description>{"uuid": "feb228e7-b3d7-4206-a841-ccdf714db306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpvp4ane5k23", "content": "CVE-2026-59509 - cve-search\nCVE-Search, a tool for searching CVEs, has a flaw that allows attackers to access any MongoDB collection without logging in. This could lead to sensitive data being exposed, including\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#cvesearch #CVE #infosec", "creation_timestamp": "2026-07-05T13:38:04.817891Z"}</description>
      <content:encoded>{"uuid": "feb228e7-b3d7-4206-a841-ccdf714db306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpvp4ane5k23", "content": "CVE-2026-59509 - cve-search\nCVE-Search, a tool for searching CVEs, has a flaw that allows attackers to access any MongoDB collection without logging in. This could lead to sensitive data being exposed, including\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#cvesearch #CVE #infosec", "creation_timestamp": "2026-07-05T13:38:04.817891Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/feb228e7-b3d7-4206-a841-ccdf714db306/export</guid>
      <pubDate>Sun, 05 Jul 2026 13:38:04 +0000</pubDate>
    </item>
    <item>
      <title>edc6f2c1-e63e-4967-9a26-1cfd9f8792d2</title>
      <link>https://vulnerability.circl.lu/sighting/edc6f2c1-e63e-4967-9a26-1cfd9f8792d2/export</link>
      <description>{"uuid": "edc6f2c1-e63e-4967-9a26-1cfd9f8792d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpvo7623bw2o", "content": "CVE-2026-59509 - Unauthenticated arbitrary MongoDB collection read in cve-search\nCVE ID : CVE-2026-59509\n \n Published : July 5, 2026, 12:02 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data end...", "creation_timestamp": "2026-07-05T13:21:49.188761Z"}</description>
      <content:encoded>{"uuid": "edc6f2c1-e63e-4967-9a26-1cfd9f8792d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpvo7623bw2o", "content": "CVE-2026-59509 - Unauthenticated arbitrary MongoDB collection read in cve-search\nCVE ID : CVE-2026-59509\n \n Published : July 5, 2026, 12:02 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data end...", "creation_timestamp": "2026-07-05T13:21:49.188761Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/edc6f2c1-e63e-4967-9a26-1cfd9f8792d2/export</guid>
      <pubDate>Sun, 05 Jul 2026 13:21:49 +0000</pubDate>
    </item>
  </channel>
</rss>
