<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 11 Jul 2026 14:19:11 +0000</lastBuildDate>
    <item>
      <title>4bf867a3-3d62-480c-bb17-211eb61a65ec</title>
      <link>https://vulnerability.circl.lu/sighting/4bf867a3-3d62-480c-bb17-211eb61a65ec/export</link>
      <description>{"uuid": "4bf867a3-3d62-480c-bb17-211eb61a65ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://t.me/brutsecurity/2605", "content": "\ud83d\udea8 Bug Bounty / Red Team Tip\n\nCVE-2026-21643 \u2014 Critical Pre-Auth SQL Injection (CVSS 9.1) in FortiClient EMS 7.4.4 (multi-tenant mode only)\n\nUnauthenticated attackers can inject arbitrary SQL via the Site HTTP header to the public endpoint /api/v1/init_consts (or login endpoint). This happens before authentication and hits the PostgreSQL backend with superuser-level access in many setups \u2192 full DB dump, schema extraction, or RCE (via PostgreSQL features like COPY FROM PROGRAM).\n\n- Affected: Only FortiClient EMS 7.4.4 (multi-tenant/Sites feature enabled)\n- Not affected: 7.2.x, 8.0.x, single-site deployments\n- Fixed: Upgrade to 7.4.5 or later\n- Status: Actively exploited in the wild + public PoCs available\n\nMain Detail Article (Highly Recommended):  \nBishop Fox deep-dive with exploitation paths, payloads (e.g., pg_sleep(5) for blind testing), and lab results \u2192  \nhttps://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4\n\nPublic PoC (GitHub):  \nhttps://github.com/0xBlackash/CVE-2026-21643\n\nUseful Google/Shodan Dorks:\n- http.title:\"FortiClient EMS\" \"7.4.4\"\n- http.html:\"FortiClient Enterprise Management Server\"\n- http.favicon.hash: -specific-hash (or search for EMS login page)\n- Shodan: \"Model: FCTEMS\" or \"FortiClient EMS\"\n\nQuick Check:\nIf your EMS login page is internet-facing and running 7.4.4 with multi-tenant enabled \u2192 patch ASAP or block public access. Thousands of instances are exposed (Shadowserver ~2k+, Shodan ~1k+).\n\nHigh-value target for hunters. Patch or restrict immediately!\n\n#BugBounty #RedTeam #Fortinet #CVE202621643 #SQLi", "creation_timestamp": "2026-07-11T10:00:05.407445Z"}</description>
      <content:encoded>{"uuid": "4bf867a3-3d62-480c-bb17-211eb61a65ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://t.me/brutsecurity/2605", "content": "\ud83d\udea8 Bug Bounty / Red Team Tip\n\nCVE-2026-21643 \u2014 Critical Pre-Auth SQL Injection (CVSS 9.1) in FortiClient EMS 7.4.4 (multi-tenant mode only)\n\nUnauthenticated attackers can inject arbitrary SQL via the Site HTTP header to the public endpoint /api/v1/init_consts (or login endpoint). This happens before authentication and hits the PostgreSQL backend with superuser-level access in many setups \u2192 full DB dump, schema extraction, or RCE (via PostgreSQL features like COPY FROM PROGRAM).\n\n- Affected: Only FortiClient EMS 7.4.4 (multi-tenant/Sites feature enabled)\n- Not affected: 7.2.x, 8.0.x, single-site deployments\n- Fixed: Upgrade to 7.4.5 or later\n- Status: Actively exploited in the wild + public PoCs available\n\nMain Detail Article (Highly Recommended):  \nBishop Fox deep-dive with exploitation paths, payloads (e.g., pg_sleep(5) for blind testing), and lab results \u2192  \nhttps://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4\n\nPublic PoC (GitHub):  \nhttps://github.com/0xBlackash/CVE-2026-21643\n\nUseful Google/Shodan Dorks:\n- http.title:\"FortiClient EMS\" \"7.4.4\"\n- http.html:\"FortiClient Enterprise Management Server\"\n- http.favicon.hash: -specific-hash (or search for EMS login page)\n- Shodan: \"Model: FCTEMS\" or \"FortiClient EMS\"\n\nQuick Check:\nIf your EMS login page is internet-facing and running 7.4.4 with multi-tenant enabled \u2192 patch ASAP or block public access. Thousands of instances are exposed (Shadowserver ~2k+, Shodan ~1k+).\n\nHigh-value target for hunters. Patch or restrict immediately!\n\n#BugBounty #RedTeam #Fortinet #CVE202621643 #SQLi", "creation_timestamp": "2026-07-11T10:00:05.407445Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4bf867a3-3d62-480c-bb17-211eb61a65ec/export</guid>
      <pubDate>Sat, 11 Jul 2026 10:00:05 +0000</pubDate>
    </item>
    <item>
      <title>1ff0f56d-a2ec-4671-9389-132e9161a1a0</title>
      <link>https://vulnerability.circl.lu/sighting/1ff0f56d-a2ec-4671-9389-132e9161a1a0/export</link>
      <description>{"uuid": "1ff0f56d-a2ec-4671-9389-132e9161a1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "seen", "source": "https://t.me/brutsecurity/2605", "content": "\ud83d\udea8 Bug Bounty / Red Team Tip\n\nCVE-2026-21643 \u2014 Critical Pre-Auth SQL Injection (CVSS 9.1) in FortiClient EMS 7.4.4 (multi-tenant mode only)\n\nUnauthenticated attackers can inject arbitrary SQL via the Site HTTP header to the public endpoint /api/v1/init_consts (or login endpoint). This happens before authentication and hits the PostgreSQL backend with superuser-level access in many setups \u2192 full DB dump, schema extraction, or RCE (via PostgreSQL features like COPY FROM PROGRAM).\n\n- Affected: Only FortiClient EMS 7.4.4 (multi-tenant/Sites feature enabled)\n- Not affected: 7.2.x, 8.0.x, single-site deployments\n- Fixed: Upgrade to 7.4.5 or later\n- Status: Actively exploited in the wild + public PoCs available\n\nMain Detail Article (Highly Recommended):  \nBishop Fox deep-dive with exploitation paths, payloads (e.g., pg_sleep(5) for blind testing), and lab results \u2192  \nhttps://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4\n\nPublic PoC (GitHub):  \nhttps://github.com/0xBlackash/CVE-2026-21643\n\nUseful Google/Shodan Dorks:\n- http.title:\"FortiClient EMS\" \"7.4.4\"\n- http.html:\"FortiClient Enterprise Management Server\"\n- http.favicon.hash: -specific-hash (or search for EMS login page)\n- Shodan: \"Model: FCTEMS\" or \"FortiClient EMS\"\n\nQuick Check:\nIf your EMS login page is internet-facing and running 7.4.4 with multi-tenant enabled \u2192 patch ASAP or block public access. Thousands of instances are exposed (Shadowserver ~2k+, Shodan ~1k+).\n\nHigh-value target for hunters. Patch or restrict immediately!\n\n#BugBounty #RedTeam #Fortinet #CVE202621643 #SQLi", "creation_timestamp": "2026-07-10T00:00:12.994174Z"}</description>
      <content:encoded>{"uuid": "1ff0f56d-a2ec-4671-9389-132e9161a1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "seen", "source": "https://t.me/brutsecurity/2605", "content": "\ud83d\udea8 Bug Bounty / Red Team Tip\n\nCVE-2026-21643 \u2014 Critical Pre-Auth SQL Injection (CVSS 9.1) in FortiClient EMS 7.4.4 (multi-tenant mode only)\n\nUnauthenticated attackers can inject arbitrary SQL via the Site HTTP header to the public endpoint /api/v1/init_consts (or login endpoint). This happens before authentication and hits the PostgreSQL backend with superuser-level access in many setups \u2192 full DB dump, schema extraction, or RCE (via PostgreSQL features like COPY FROM PROGRAM).\n\n- Affected: Only FortiClient EMS 7.4.4 (multi-tenant/Sites feature enabled)\n- Not affected: 7.2.x, 8.0.x, single-site deployments\n- Fixed: Upgrade to 7.4.5 or later\n- Status: Actively exploited in the wild + public PoCs available\n\nMain Detail Article (Highly Recommended):  \nBishop Fox deep-dive with exploitation paths, payloads (e.g., pg_sleep(5) for blind testing), and lab results \u2192  \nhttps://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4\n\nPublic PoC (GitHub):  \nhttps://github.com/0xBlackash/CVE-2026-21643\n\nUseful Google/Shodan Dorks:\n- http.title:\"FortiClient EMS\" \"7.4.4\"\n- http.html:\"FortiClient Enterprise Management Server\"\n- http.favicon.hash: -specific-hash (or search for EMS login page)\n- Shodan: \"Model: FCTEMS\" or \"FortiClient EMS\"\n\nQuick Check:\nIf your EMS login page is internet-facing and running 7.4.4 with multi-tenant enabled \u2192 patch ASAP or block public access. Thousands of instances are exposed (Shadowserver ~2k+, Shodan ~1k+).\n\nHigh-value target for hunters. Patch or restrict immediately!\n\n#BugBounty #RedTeam #Fortinet #CVE202621643 #SQLi", "creation_timestamp": "2026-07-10T00:00:12.994174Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1ff0f56d-a2ec-4671-9389-132e9161a1a0/export</guid>
      <pubDate>Fri, 10 Jul 2026 00:00:12 +0000</pubDate>
    </item>
    <item>
      <title>f905a9c8-acc7-4b85-ad51-7ca4138e8b9c</title>
      <link>https://vulnerability.circl.lu/sighting/f905a9c8-acc7-4b85-ad51-7ca4138e8b9c/export</link>
      <description>{"uuid": "f905a9c8-acc7-4b85-ad51-7ca4138e8b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "seen", "source": "https://t.me/brutsecurity/2605", "content": "\ud83d\udea8 Bug Bounty / Red Team Tip\n\nCVE-2026-21643 \u2014 Critical Pre-Auth SQL Injection (CVSS 9.1) in FortiClient EMS 7.4.4 (multi-tenant mode only)\n\nUnauthenticated attackers can inject arbitrary SQL via the Site HTTP header to the public endpoint /api/v1/init_consts (or login endpoint). This happens before authentication and hits the PostgreSQL backend with superuser-level access in many setups \u2192 full DB dump, schema extraction, or RCE (via PostgreSQL features like COPY FROM PROGRAM).\n\n- Affected: Only FortiClient EMS 7.4.4 (multi-tenant/Sites feature enabled)\n- Not affected: 7.2.x, 8.0.x, single-site deployments\n- Fixed: Upgrade to 7.4.5 or later\n- Status: Actively exploited in the wild + public PoCs available\n\nMain Detail Article (Highly Recommended):  \nBishop Fox deep-dive with exploitation paths, payloads (e.g., pg_sleep(5) for blind testing), and lab results \u2192  \nhttps://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4\n\nPublic PoC (GitHub):  \nhttps://github.com/0xBlackash/CVE-2026-21643\n\nUseful Google/Shodan Dorks:\n- http.title:\"FortiClient EMS\" \"7.4.4\"\n- http.html:\"FortiClient Enterprise Management Server\"\n- http.favicon.hash: -specific-hash (or search for EMS login page)\n- Shodan: \"Model: FCTEMS\" or \"FortiClient EMS\"\n\nQuick Check:\nIf your EMS login page is internet-facing and running 7.4.4 with multi-tenant enabled \u2192 patch ASAP or block public access. Thousands of instances are exposed (Shadowserver ~2k+, Shodan ~1k+).\n\nHigh-value target for hunters. Patch or restrict immediately!\n\n#BugBounty #RedTeam #Fortinet #CVE202621643 #SQLi", "creation_timestamp": "2026-07-09T03:00:05.673848Z"}</description>
      <content:encoded>{"uuid": "f905a9c8-acc7-4b85-ad51-7ca4138e8b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "seen", "source": "https://t.me/brutsecurity/2605", "content": "\ud83d\udea8 Bug Bounty / Red Team Tip\n\nCVE-2026-21643 \u2014 Critical Pre-Auth SQL Injection (CVSS 9.1) in FortiClient EMS 7.4.4 (multi-tenant mode only)\n\nUnauthenticated attackers can inject arbitrary SQL via the Site HTTP header to the public endpoint /api/v1/init_consts (or login endpoint). This happens before authentication and hits the PostgreSQL backend with superuser-level access in many setups \u2192 full DB dump, schema extraction, or RCE (via PostgreSQL features like COPY FROM PROGRAM).\n\n- Affected: Only FortiClient EMS 7.4.4 (multi-tenant/Sites feature enabled)\n- Not affected: 7.2.x, 8.0.x, single-site deployments\n- Fixed: Upgrade to 7.4.5 or later\n- Status: Actively exploited in the wild + public PoCs available\n\nMain Detail Article (Highly Recommended):  \nBishop Fox deep-dive with exploitation paths, payloads (e.g., pg_sleep(5) for blind testing), and lab results \u2192  \nhttps://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4\n\nPublic PoC (GitHub):  \nhttps://github.com/0xBlackash/CVE-2026-21643\n\nUseful Google/Shodan Dorks:\n- http.title:\"FortiClient EMS\" \"7.4.4\"\n- http.html:\"FortiClient Enterprise Management Server\"\n- http.favicon.hash: -specific-hash (or search for EMS login page)\n- Shodan: \"Model: FCTEMS\" or \"FortiClient EMS\"\n\nQuick Check:\nIf your EMS login page is internet-facing and running 7.4.4 with multi-tenant enabled \u2192 patch ASAP or block public access. Thousands of instances are exposed (Shadowserver ~2k+, Shodan ~1k+).\n\nHigh-value target for hunters. Patch or restrict immediately!\n\n#BugBounty #RedTeam #Fortinet #CVE202621643 #SQLi", "creation_timestamp": "2026-07-09T03:00:05.673848Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f905a9c8-acc7-4b85-ad51-7ca4138e8b9c/export</guid>
      <pubDate>Thu, 09 Jul 2026 03:00:05 +0000</pubDate>
    </item>
    <item>
      <title>239f19a9-7393-472b-8efa-40c1dbe5b8ff</title>
      <link>https://vulnerability.circl.lu/sighting/239f19a9-7393-472b-8efa-40c1dbe5b8ff/export</link>
      <description>{"uuid": "239f19a9-7393-472b-8efa-40c1dbe5b8ff", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/60ec08e2-667c-4cb0-b78c-ac4058db2559", "content": "", "creation_timestamp": "2026-06-30T09:23:17.434808Z"}</description>
      <content:encoded>{"uuid": "239f19a9-7393-472b-8efa-40c1dbe5b8ff", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/60ec08e2-667c-4cb0-b78c-ac4058db2559", "content": "", "creation_timestamp": "2026-06-30T09:23:17.434808Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/239f19a9-7393-472b-8efa-40c1dbe5b8ff/export</guid>
      <pubDate>Tue, 30 Jun 2026 09:23:17 +0000</pubDate>
    </item>
    <item>
      <title>2b36d803-254c-4040-918e-3e1ff549a959</title>
      <link>https://vulnerability.circl.lu/sighting/2b36d803-254c-4040-918e-3e1ff549a959/export</link>
      <description>{"uuid": "2b36d803-254c-4040-918e-3e1ff549a959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21643", "type": "seen", "source": "https://www.acn.gov.it/portale/w/fortibleed-esposizione-di-credenziali-ssl-vpn-associate-a-dispositivi-fortinet-esposti-su-internet", "content": "", "creation_timestamp": "2026-06-25T16:45:22.919022Z"}</description>
      <content:encoded>{"uuid": "2b36d803-254c-4040-918e-3e1ff549a959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-21643", "type": "seen", "source": "https://www.acn.gov.it/portale/w/fortibleed-esposizione-di-credenziali-ssl-vpn-associate-a-dispositivi-fortinet-esposti-su-internet", "content": "", "creation_timestamp": "2026-06-25T16:45:22.919022Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2b36d803-254c-4040-918e-3e1ff549a959/export</guid>
      <pubDate>Thu, 25 Jun 2026 16:45:22 +0000</pubDate>
    </item>
    <item>
      <title>422eefed-e688-470a-bd20-625487a597ba</title>
      <link>https://vulnerability.circl.lu/sighting/422eefed-e688-470a-bd20-625487a597ba/export</link>
      <description>{"uuid": "422eefed-e688-470a-bd20-625487a597ba", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/82511421-8748-4c5b-8ef3-1deffaba12cd", "content": "", "creation_timestamp": "2026-06-23T14:03:40.070102Z"}</description>
      <content:encoded>{"uuid": "422eefed-e688-470a-bd20-625487a597ba", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/82511421-8748-4c5b-8ef3-1deffaba12cd", "content": "", "creation_timestamp": "2026-06-23T14:03:40.070102Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/422eefed-e688-470a-bd20-625487a597ba/export</guid>
      <pubDate>Tue, 23 Jun 2026 14:03:40 +0000</pubDate>
    </item>
    <item>
      <title>ff371fd0-0294-4de1-a236-daa2443f0acd</title>
      <link>https://vulnerability.circl.lu/sighting/ff371fd0-0294-4de1-a236-daa2443f0acd/export</link>
      <description>{"uuid": "ff371fd0-0294-4de1-a236-daa2443f0acd", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e623b53b-184e-428b-8ca1-72c843727c86", "content": "", "creation_timestamp": "2026-06-19T12:45:32.380211Z"}</description>
      <content:encoded>{"uuid": "ff371fd0-0294-4de1-a236-daa2443f0acd", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e623b53b-184e-428b-8ca1-72c843727c86", "content": "", "creation_timestamp": "2026-06-19T12:45:32.380211Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ff371fd0-0294-4de1-a236-daa2443f0acd/export</guid>
      <pubDate>Fri, 19 Jun 2026 12:45:32 +0000</pubDate>
    </item>
    <item>
      <title>e3c37786-5f33-408e-b17e-d0ff6b936649</title>
      <link>https://vulnerability.circl.lu/sighting/e3c37786-5f33-408e-b17e-d0ff6b936649/export</link>
      <description>{"uuid": "e3c37786-5f33-408e-b17e-d0ff6b936649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-14)", "content": "", "creation_timestamp": "2026-06-14T00:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "e3c37786-5f33-408e-b17e-d0ff6b936649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-14)", "content": "", "creation_timestamp": "2026-06-14T00:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e3c37786-5f33-408e-b17e-d0ff6b936649/export</guid>
      <pubDate>Sun, 14 Jun 2026 00:00:00 +0000</pubDate>
    </item>
    <item>
      <title>84e42386-4ad8-4614-bc6d-7aa43fc20e1e</title>
      <link>https://vulnerability.circl.lu/sighting/84e42386-4ad8-4614-bc6d-7aa43fc20e1e/export</link>
      <description>{"uuid": "84e42386-4ad8-4614-bc6d-7aa43fc20e1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-05)", "content": "", "creation_timestamp": "2026-06-05T00:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "84e42386-4ad8-4614-bc6d-7aa43fc20e1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-05)", "content": "", "creation_timestamp": "2026-06-05T00:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/84e42386-4ad8-4614-bc6d-7aa43fc20e1e/export</guid>
      <pubDate>Fri, 05 Jun 2026 00:00:00 +0000</pubDate>
    </item>
    <item>
      <title>544bc1db-4a10-47c3-871b-e9b05445354a</title>
      <link>https://vulnerability.circl.lu/sighting/544bc1db-4a10-47c3-871b-e9b05445354a/export</link>
      <description>{"uuid": "544bc1db-4a10-47c3-871b-e9b05445354a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-03)", "content": "", "creation_timestamp": "2026-06-03T00:00:00.000000Z"}</description>
      <content:encoded>{"uuid": "544bc1db-4a10-47c3-871b-e9b05445354a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-21643", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-03)", "content": "", "creation_timestamp": "2026-06-03T00:00:00.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/544bc1db-4a10-47c3-871b-e9b05445354a/export</guid>
      <pubDate>Wed, 03 Jun 2026 00:00:00 +0000</pubDate>
    </item>
  </channel>
</rss>
