<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 05 Jul 2026 07:05:12 +0000</lastBuildDate>
    <item>
      <title>967db019-44fa-47f0-9442-fdbee65e67ba</title>
      <link>https://vulnerability.circl.lu/sighting/967db019-44fa-47f0-9442-fdbee65e67ba/export</link>
      <description>{"uuid": "967db019-44fa-47f0-9442-fdbee65e67ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mps7pglzfp2z", "content": "The latest update for #Indusface includes \"CVE-2026-33017: Langflow RCE Deploys Monero Miners on AI Servers\" and \"CVE-2026-46817: Oracle EBS Payments Vulnerability Under Active Exploitation\".\n \n#cybersecurity #infosec https://opsmtrs.com/3ySs2VF", "creation_timestamp": "2026-07-04T04:24:29.501083Z"}</description>
      <content:encoded>{"uuid": "967db019-44fa-47f0-9442-fdbee65e67ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mps7pglzfp2z", "content": "The latest update for #Indusface includes \"CVE-2026-33017: Langflow RCE Deploys Monero Miners on AI Servers\" and \"CVE-2026-46817: Oracle EBS Payments Vulnerability Under Active Exploitation\".\n \n#cybersecurity #infosec https://opsmtrs.com/3ySs2VF", "creation_timestamp": "2026-07-04T04:24:29.501083Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/967db019-44fa-47f0-9442-fdbee65e67ba/export</guid>
      <pubDate>Sat, 04 Jul 2026 04:24:29 +0000</pubDate>
    </item>
    <item>
      <title>5ae8b122-5f2d-481a-8251-40fe6bb01a94</title>
      <link>https://vulnerability.circl.lu/sighting/5ae8b122-5f2d-481a-8251-40fe6bb01a94/export</link>
      <description>{"uuid": "5ae8b122-5f2d-481a-8251-40fe6bb01a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mplvhvzt2s2a", "content": "Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints\n\nThreat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017\u2026\n#hackernews #news", "creation_timestamp": "2026-07-01T16:05:22.685848Z"}</description>
      <content:encoded>{"uuid": "5ae8b122-5f2d-481a-8251-40fe6bb01a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mplvhvzt2s2a", "content": "Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints\n\nThreat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017\u2026\n#hackernews #news", "creation_timestamp": "2026-07-01T16:05:22.685848Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5ae8b122-5f2d-481a-8251-40fe6bb01a94/export</guid>
      <pubDate>Wed, 01 Jul 2026 16:05:22 +0000</pubDate>
    </item>
    <item>
      <title>6ee99a05-4459-4439-8d64-4e0f8debe091</title>
      <link>https://vulnerability.circl.lu/sighting/6ee99a05-4459-4439-8d64-4e0f8debe091/export</link>
      <description>{"uuid": "6ee99a05-4459-4439-8d64-4e0f8debe091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-028", "content": "", "creation_timestamp": "2026-07-01T02:45:14.539588Z"}</description>
      <content:encoded>{"uuid": "6ee99a05-4459-4439-8d64-4e0f8debe091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-028", "content": "", "creation_timestamp": "2026-07-01T02:45:14.539588Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6ee99a05-4459-4439-8d64-4e0f8debe091/export</guid>
      <pubDate>Wed, 01 Jul 2026 02:45:14 +0000</pubDate>
    </item>
    <item>
      <title>fca3ae57-73b0-4fd8-a33d-674cfb9ed194</title>
      <link>https://vulnerability.circl.lu/sighting/fca3ae57-73b0-4fd8-a33d-674cfb9ed194/export</link>
      <description>{"uuid": "fca3ae57-73b0-4fd8-a33d-674cfb9ed194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "content": "Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)", "creation_timestamp": "2026-07-01T01:00:46.406436Z"}</description>
      <content:encoded>{"uuid": "fca3ae57-73b0-4fd8-a33d-674cfb9ed194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "content": "Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)", "creation_timestamp": "2026-07-01T01:00:46.406436Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fca3ae57-73b0-4fd8-a33d-674cfb9ed194/export</guid>
      <pubDate>Wed, 01 Jul 2026 01:00:46 +0000</pubDate>
    </item>
    <item>
      <title>5ee32878-e59b-40f5-b8ec-267fb581a0ff</title>
      <link>https://vulnerability.circl.lu/sighting/5ee32878-e59b-40f5-b8ec-267fb581a0ff/export</link>
      <description>{"uuid": "5ee32878-e59b-40f5-b8ec-267fb581a0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mpjrcloa4r26", "content": "Langflow CVE-2026-33017 is being exploited for unauthenticated RCE, deploying a Monero miner via a multi-stage chain. The lambsys binary disables defenses, persists, and spreads using reused credentials. #Langflow #CVE2026 #Monero", "creation_timestamp": "2026-06-30T19:45:29.176664Z"}</description>
      <content:encoded>{"uuid": "5ee32878-e59b-40f5-b8ec-267fb581a0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mpjrcloa4r26", "content": "Langflow CVE-2026-33017 is being exploited for unauthenticated RCE, deploying a Monero miner via a multi-stage chain. The lambsys binary disables defenses, persists, and spreads using reused credentials. #Langflow #CVE2026 #Monero", "creation_timestamp": "2026-06-30T19:45:29.176664Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5ee32878-e59b-40f5-b8ec-267fb581a0ff/export</guid>
      <pubDate>Tue, 30 Jun 2026 19:45:29 +0000</pubDate>
    </item>
    <item>
      <title>630f2fed-9a5b-4ae7-a0ed-71c67084631f</title>
      <link>https://vulnerability.circl.lu/sighting/630f2fed-9a5b-4ae7-a0ed-71c67084631f/export</link>
      <description>{"uuid": "630f2fed-9a5b-4ae7-a0ed-71c67084631f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mpjpjlqa3t2n", "content": "\ud83e\udd16 CVE-2026-33017 (CVSS 9.3): Unauthenticated RCE in Langflow exploited in the wild to deploy Monero miners on exposed AI endpoints.\nhttps://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "creation_timestamp": "2026-06-30T19:13:35.992308Z"}</description>
      <content:encoded>{"uuid": "630f2fed-9a5b-4ae7-a0ed-71c67084631f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mpjpjlqa3t2n", "content": "\ud83e\udd16 CVE-2026-33017 (CVSS 9.3): Unauthenticated RCE in Langflow exploited in the wild to deploy Monero miners on exposed AI endpoints.\nhttps://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "creation_timestamp": "2026-06-30T19:13:35.992308Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/630f2fed-9a5b-4ae7-a0ed-71c67084631f/export</guid>
      <pubDate>Tue, 30 Jun 2026 19:13:35 +0000</pubDate>
    </item>
    <item>
      <title>d2d32fa0-1331-473a-8be6-c66a8f06926f</title>
      <link>https://vulnerability.circl.lu/sighting/d2d32fa0-1331-473a-8be6-c66a8f06926f/export</link>
      <description>{"uuid": "d2d32fa0-1331-473a-8be6-c66a8f06926f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "content": "Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)", "creation_timestamp": "2026-06-30T19:00:46.161226Z"}</description>
      <content:encoded>{"uuid": "d2d32fa0-1331-473a-8be6-c66a8f06926f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html", "content": "Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.\n\nThe activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)", "creation_timestamp": "2026-06-30T19:00:46.161226Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d2d32fa0-1331-473a-8be6-c66a8f06926f/export</guid>
      <pubDate>Tue, 30 Jun 2026 19:00:46 +0000</pubDate>
    </item>
    <item>
      <title>c639b959-9b8a-4f6f-9d58-f7110eb9159e</title>
      <link>https://vulnerability.circl.lu/sighting/c639b959-9b8a-4f6f-9d58-f7110eb9159e/export</link>
      <description>{"uuid": "c639b959-9b8a-4f6f-9d58-f7110eb9159e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33017", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/116840459136103170", "content": "\u203c\ufe0f One POST to RCE: Unauthenticated Code Execution in Langflow (CVE-2026-33017)\nhttps://darkwebinformer.com/one-post-to-rce-unauthenticated-code-execution-in-langflow-cve-2026-33017/", "creation_timestamp": "2026-06-30T18:25:20.506849Z"}</description>
      <content:encoded>{"uuid": "c639b959-9b8a-4f6f-9d58-f7110eb9159e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33017", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/116840459136103170", "content": "\u203c\ufe0f One POST to RCE: Unauthenticated Code Execution in Langflow (CVE-2026-33017)\nhttps://darkwebinformer.com/one-post-to-rce-unauthenticated-code-execution-in-langflow-cve-2026-33017/", "creation_timestamp": "2026-06-30T18:25:20.506849Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c639b959-9b8a-4f6f-9d58-f7110eb9159e/export</guid>
      <pubDate>Tue, 30 Jun 2026 18:25:20 +0000</pubDate>
    </item>
    <item>
      <title>07fbbb5f-9cee-4a54-b522-92909c7df64a</title>
      <link>https://vulnerability.circl.lu/sighting/07fbbb5f-9cee-4a54-b522-92909c7df64a/export</link>
      <description>{"uuid": "07fbbb5f-9cee-4a54-b522-92909c7df64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpjlfckjpd2l", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-33017 \u0432 Langflow: \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0435 API-\u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/5CD28AF0-2632-445B-8F6A-D8DA125521C7", "creation_timestamp": "2026-06-30T17:59:37.262913Z"}</description>
      <content:encoded>{"uuid": "07fbbb5f-9cee-4a54-b522-92909c7df64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpjlfckjpd2l", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-33017 \u0432 Langflow: \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0435 API-\u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/5CD28AF0-2632-445B-8F6A-D8DA125521C7", "creation_timestamp": "2026-06-30T17:59:37.262913Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/07fbbb5f-9cee-4a54-b522-92909c7df64a/export</guid>
      <pubDate>Tue, 30 Jun 2026 17:59:37 +0000</pubDate>
    </item>
    <item>
      <title>fc38d403-da01-4c6a-97df-869c3ef15800</title>
      <link>https://vulnerability.circl.lu/sighting/fc38d403-da01-4c6a-97df-869c3ef15800/export</link>
      <description>{"uuid": "fc38d403-da01-4c6a-97df-869c3ef15800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mpjjhujmry2l", "content": "Threat actors exploit CVE-2026-33017 in exposed Langflow endpoints to deploy Monero miners, disable defenses, persist via cron, and spread through reused SSH keys.\n", "creation_timestamp": "2026-06-30T17:25:16.558402Z"}</description>
      <content:encoded>{"uuid": "fc38d403-da01-4c6a-97df-869c3ef15800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mpjjhujmry2l", "content": "Threat actors exploit CVE-2026-33017 in exposed Langflow endpoints to deploy Monero miners, disable defenses, persist via cron, and spread through reused SSH keys.\n", "creation_timestamp": "2026-06-30T17:25:16.558402Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fc38d403-da01-4c6a-97df-869c3ef15800/export</guid>
      <pubDate>Tue, 30 Jun 2026 17:25:16 +0000</pubDate>
    </item>
  </channel>
</rss>
