<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 10 Jul 2026 19:43:10 +0000</lastBuildDate>
    <item>
      <title>52277cf6-1f8d-4c6b-9d24-701f6e585a6e</title>
      <link>https://vulnerability.circl.lu/sighting/52277cf6-1f8d-4c6b-9d24-701f6e585a6e/export</link>
      <description>{"uuid": "52277cf6-1f8d-4c6b-9d24-701f6e585a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12685", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbxcnrpmr27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12685 \u0432 \u0442\u0435\u043c\u0435 EscortWP \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D1325B54-5074-4DD5-BD79-239A74C0AB63", "creation_timestamp": "2026-07-10T10:36:47.173059Z"}</description>
      <content:encoded>{"uuid": "52277cf6-1f8d-4c6b-9d24-701f6e585a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12685", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbxcnrpmr27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12685 \u0432 \u0442\u0435\u043c\u0435 EscortWP \u0434\u043b\u044f WordPress: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D1325B54-5074-4DD5-BD79-239A74C0AB63", "creation_timestamp": "2026-07-10T10:36:47.173059Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/52277cf6-1f8d-4c6b-9d24-701f6e585a6e/export</guid>
      <pubDate>Fri, 10 Jul 2026 10:36:47 +0000</pubDate>
    </item>
    <item>
      <title>4e5461fa-40f7-4896-9d8f-d8fad1f09920</title>
      <link>https://vulnerability.circl.lu/sighting/4e5461fa-40f7-4896-9d8f-d8fad1f09920/export</link>
      <description>{"uuid": "4e5461fa-40f7-4896-9d8f-d8fad1f09920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12685", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqbp4i6yyn24", "content": "CVE-2026-12685 - EscortWP\nCVE ID : CVE-2026-12685\n \n Published : July 10, 2026, 7:16 a.m. | 32\u00a0minutes ago\n \n Description : The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who...", "creation_timestamp": "2026-07-10T08:10:09.756936Z"}</description>
      <content:encoded>{"uuid": "4e5461fa-40f7-4896-9d8f-d8fad1f09920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12685", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqbp4i6yyn24", "content": "CVE-2026-12685 - EscortWP\nCVE ID : CVE-2026-12685\n \n Published : July 10, 2026, 7:16 a.m. | 32\u00a0minutes ago\n \n Description : The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who...", "creation_timestamp": "2026-07-10T08:10:09.756936Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4e5461fa-40f7-4896-9d8f-d8fad1f09920/export</guid>
      <pubDate>Fri, 10 Jul 2026 08:10:09 +0000</pubDate>
    </item>
    <item>
      <title>bc5d3ee8-36ed-407d-b8c7-e81c97f8170b</title>
      <link>https://vulnerability.circl.lu/sighting/bc5d3ee8-36ed-407d-b8c7-e81c97f8170b/export</link>
      <description>{"uuid": "bc5d3ee8-36ed-407d-b8c7-e81c97f8170b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12685", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqbmvjqo2j2d", "content": "EscortWP theme \u22643.6.2 hit by CRITICAL hidden backdoor (CVE-2026-12685): attackers with a hard-coded key can delete all content &amp;amp; exfiltrate admin data. Switch themes &amp;amp; stay alert for patches. https://radar.offseq.com/threat/cve-2026-12685-cwe-912-hidden-functionality-in-esc-2444ba57a4fc890e #OffS...", "creation_timestamp": "2026-07-10T07:30:29.504569Z"}</description>
      <content:encoded>{"uuid": "bc5d3ee8-36ed-407d-b8c7-e81c97f8170b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12685", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqbmvjqo2j2d", "content": "EscortWP theme \u22643.6.2 hit by CRITICAL hidden backdoor (CVE-2026-12685): attackers with a hard-coded key can delete all content &amp;amp; exfiltrate admin data. Switch themes &amp;amp; stay alert for patches. https://radar.offseq.com/threat/cve-2026-12685-cwe-912-hidden-functionality-in-esc-2444ba57a4fc890e #OffS...", "creation_timestamp": "2026-07-10T07:30:29.504569Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bc5d3ee8-36ed-407d-b8c7-e81c97f8170b/export</guid>
      <pubDate>Fri, 10 Jul 2026 07:30:29 +0000</pubDate>
    </item>
    <item>
      <title>992da49d-b3e4-494a-b92b-898287816325</title>
      <link>https://vulnerability.circl.lu/sighting/992da49d-b3e4-494a-b92b-898287816325/export</link>
      <description>{"uuid": "992da49d-b3e4-494a-b92b-898287816325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12685", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116894507132740931", "content": "CVE-2026-12685 | EscortWP \u22643.6.2: CRITICAL backdoor (CWE-912) enables unauthenticated data wipe &amp;amp; exfiltrates site/admin info via hard-coded key. No patch available \u2014 replace theme &amp;amp; monitor vendor. https://radar.offseq.com/threat/cve-2026-12685-cwe-912-hidden-functionality-in-esc-2444ba57a4fc890e #OffSeq #WordPress #Infosec #CVE2026_12685", "creation_timestamp": "2026-07-10T07:30:27.754406Z"}</description>
      <content:encoded>{"uuid": "992da49d-b3e4-494a-b92b-898287816325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12685", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116894507132740931", "content": "CVE-2026-12685 | EscortWP \u22643.6.2: CRITICAL backdoor (CWE-912) enables unauthenticated data wipe &amp;amp; exfiltrates site/admin info via hard-coded key. No patch available \u2014 replace theme &amp;amp; monitor vendor. https://radar.offseq.com/threat/cve-2026-12685-cwe-912-hidden-functionality-in-esc-2444ba57a4fc890e #OffSeq #WordPress #Infosec #CVE2026_12685", "creation_timestamp": "2026-07-10T07:30:27.754406Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/992da49d-b3e4-494a-b92b-898287816325/export</guid>
      <pubDate>Fri, 10 Jul 2026 07:30:27 +0000</pubDate>
    </item>
    <item>
      <title>b25b96d0-db31-43e0-aa23-11733c5246e9</title>
      <link>https://vulnerability.circl.lu/sighting/b25b96d0-db31-43e0-aa23-11733c5246e9/export</link>
      <description>{"uuid": "b25b96d0-db31-43e0-aa23-11733c5246e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12686", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2rdjfhx2q", "content": "CVE-2026-12686 - Incorrect authorisation in Adiss\u2019s Biloop\nCVE ID : CVE-2026-12686\n \n Published : July 6, 2026, 11:16 a.m. | 31\u00a0minutes ago\n \n Description : An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised acce...", "creation_timestamp": "2026-07-06T12:12:06.065584Z"}</description>
      <content:encoded>{"uuid": "b25b96d0-db31-43e0-aa23-11733c5246e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12686", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2rdjfhx2q", "content": "CVE-2026-12686 - Incorrect authorisation in Adiss\u2019s Biloop\nCVE ID : CVE-2026-12686\n \n Published : July 6, 2026, 11:16 a.m. | 31\u00a0minutes ago\n \n Description : An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised acce...", "creation_timestamp": "2026-07-06T12:12:06.065584Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b25b96d0-db31-43e0-aa23-11733c5246e9/export</guid>
      <pubDate>Mon, 06 Jul 2026 12:12:06 +0000</pubDate>
    </item>
    <item>
      <title>ea396b7e-fb4c-4c05-90a4-756babfebf53</title>
      <link>https://vulnerability.circl.lu/sighting/ea396b7e-fb4c-4c05-90a4-756babfebf53/export</link>
      <description>{"uuid": "ea396b7e-fb4c-4c05-90a4-756babfebf53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12686", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpy2k7rycx2i", "content": "CVE-2026-12686\nAdobe Commerce does not properly check user access to company data, which means an authenticated user could see or change sensitive information from other companies hosted on the same website. This could lead\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-06T12:08:04.530185Z"}</description>
      <content:encoded>{"uuid": "ea396b7e-fb4c-4c05-90a4-756babfebf53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12686", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpy2k7rycx2i", "content": "CVE-2026-12686\nAdobe Commerce does not properly check user access to company data, which means an authenticated user could see or change sensitive information from other companies hosted on the same website. This could lead\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-06T12:08:04.530185Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ea396b7e-fb4c-4c05-90a4-756babfebf53/export</guid>
      <pubDate>Mon, 06 Jul 2026 12:08:04 +0000</pubDate>
    </item>
    <item>
      <title>2d076412-4c69-48af-8fe1-df13f78fe9e5</title>
      <link>https://vulnerability.circl.lu/sighting/2d076412-4c69-48af-8fe1-df13f78fe9e5/export</link>
      <description>{"uuid": "2d076412-4c69-48af-8fe1-df13f78fe9e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12686", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpxv3qz2ph2g", "content": "CRITICAL vuln in Adiss Biloop v6.1.1: Authenticated users can access and modify other tenants\u2019 data via company ID parameter manipulation. Review and tighten access controls. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 ...", "creation_timestamp": "2026-07-06T10:30:30.845383Z"}</description>
      <content:encoded>{"uuid": "2d076412-4c69-48af-8fe1-df13f78fe9e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12686", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpxv3qz2ph2g", "content": "CRITICAL vuln in Adiss Biloop v6.1.1: Authenticated users can access and modify other tenants\u2019 data via company ID parameter manipulation. Review and tighten access controls. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 ...", "creation_timestamp": "2026-07-06T10:30:30.845383Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2d076412-4c69-48af-8fe1-df13f78fe9e5/export</guid>
      <pubDate>Mon, 06 Jul 2026 10:30:30 +0000</pubDate>
    </item>
    <item>
      <title>ee88c45c-006d-4aff-8f58-a322a3fc1aaa</title>
      <link>https://vulnerability.circl.lu/sighting/ee88c45c-006d-4aff-8f58-a322a3fc1aaa/export</link>
      <description>{"uuid": "ee88c45c-006d-4aff-8f58-a322a3fc1aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12686", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116872565768512647", "content": "Adiss Biloop v6.1.1: CRITICAL CVE-2026-12686 enables authenticated users to bypass authorization via manipulated company ID, exposing cross-tenant data. Monitor logs and limit exposure while awaiting patch. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 #infosec #vuln", "creation_timestamp": "2026-07-06T10:30:28.977091Z"}</description>
      <content:encoded>{"uuid": "ee88c45c-006d-4aff-8f58-a322a3fc1aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12686", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116872565768512647", "content": "Adiss Biloop v6.1.1: CRITICAL CVE-2026-12686 enables authenticated users to bypass authorization via manipulated company ID, exposing cross-tenant data. Monitor logs and limit exposure while awaiting patch. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 #infosec #vuln", "creation_timestamp": "2026-07-06T10:30:28.977091Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ee88c45c-006d-4aff-8f58-a322a3fc1aaa/export</guid>
      <pubDate>Mon, 06 Jul 2026 10:30:28 +0000</pubDate>
    </item>
  </channel>
</rss>
