<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 04:13:06 +0000</lastBuildDate>
    <item>
      <title>1cb45ea4-fe97-44a1-81fe-452e5adf9377</title>
      <link>https://vulnerability.circl.lu/sighting/1cb45ea4-fe97-44a1-81fe-452e5adf9377/export</link>
      <description>{"uuid": "1cb45ea4-fe97-44a1-81fe-452e5adf9377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35671", "type": "seen", "source": "https://gist.github.com/alon710/e9c21cf2a4b3d2c5f2db0a4799f8c878", "content": "# GHSA-985R-Q3QP-299H: GHSA-985R-Q3QP-299H: Incomplete Fix in phpMyFAQ Admin API Enables Privilege Escalation and Account Takeover\n\n&amp;gt; **CVSS Score:** 8.8\n&amp;gt; **Published:** 2026-06-26\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-985R-Q3QP-299H\n\n## Summary\nAn incomplete mitigation of a predecessor vulnerability (GHSA-xvp4-phqj-cjr3 / CVE-2026-35671) in phpMyFAQ leaves sister administrative API endpoints vulnerable to Insecure Direct Object Reference (IDOR). Specifically, the `editUser` and `updateUserRights` endpoints lack object-level access controls, permitting authenticated low-privilege administrators to escalate their privileges or hijack SuperAdmin accounts.\n\n## TL;DR\nAn incomplete security patch in phpMyFAQ allows low-privilege administrative accounts to bypass authorization controls. By submitting crafted requests to vulnerable API endpoints, attackers can modify SuperAdmin account profiles or elevate their own privileges, resulting in full application takeover.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-639\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 8.8\n- **EPSS Score**: Not Available\n- **Vulnerability Type**: Insecure Direct Object Reference (IDOR)\n- **Impact**: Privilege Escalation &amp;amp; Account Takeover\n- **Exploit Status**: poc\n- **KEV Status**: No\n\n## Affected Systems\n\n- phpMyFAQ deployments with administrative API routes enabled\n- **phpMyFAQ**: &amp;lt;= 4.1.3\n\n## Mitigation\n\n- Restrict network access to the admin panel via IP blocklists or VPN gateways.\n- Enable query-level logging to monitor parameters passed to user-modification endpoints.\n- Deploy WAF rules to detect and alert on unauthorized PUT requests containing administrative user IDs in the JSON payload.\n\n**Remediation Steps:**\n1. Identify the current phpMyFAQ deployment version.\n2. Download and install the updated PHP package containing the complete authorization validation logic for UserController.\n3. Audit the administrative user list to verify that no unauthorized low-privilege users have changed their associated email addresses or group roles.\n4. Invalidate all active administrative sessions post-upgrade to enforce new access-control checks.\n\n## References\n\n- [GHSA-985R-Q3QP-299H Advisory Page](https://github.com/advisories/GHSA-985R-Q3QP-299H)\n- [Predecessor Advisory (GHSA-xvp4-phqj-cjr3)](https://github.com/advisories/GHSA-xvp4-phqj-cjr3)\n- [Vendor Code Repository](https://github.com/thorsten/phpMyFAQ)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-985R-Q3QP-299H) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T21:42:10.233338Z"}</description>
      <content:encoded>{"uuid": "1cb45ea4-fe97-44a1-81fe-452e5adf9377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35671", "type": "seen", "source": "https://gist.github.com/alon710/e9c21cf2a4b3d2c5f2db0a4799f8c878", "content": "# GHSA-985R-Q3QP-299H: GHSA-985R-Q3QP-299H: Incomplete Fix in phpMyFAQ Admin API Enables Privilege Escalation and Account Takeover\n\n&amp;gt; **CVSS Score:** 8.8\n&amp;gt; **Published:** 2026-06-26\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-985R-Q3QP-299H\n\n## Summary\nAn incomplete mitigation of a predecessor vulnerability (GHSA-xvp4-phqj-cjr3 / CVE-2026-35671) in phpMyFAQ leaves sister administrative API endpoints vulnerable to Insecure Direct Object Reference (IDOR). Specifically, the `editUser` and `updateUserRights` endpoints lack object-level access controls, permitting authenticated low-privilege administrators to escalate their privileges or hijack SuperAdmin accounts.\n\n## TL;DR\nAn incomplete security patch in phpMyFAQ allows low-privilege administrative accounts to bypass authorization controls. By submitting crafted requests to vulnerable API endpoints, attackers can modify SuperAdmin account profiles or elevate their own privileges, resulting in full application takeover.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-639\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 8.8\n- **EPSS Score**: Not Available\n- **Vulnerability Type**: Insecure Direct Object Reference (IDOR)\n- **Impact**: Privilege Escalation &amp;amp; Account Takeover\n- **Exploit Status**: poc\n- **KEV Status**: No\n\n## Affected Systems\n\n- phpMyFAQ deployments with administrative API routes enabled\n- **phpMyFAQ**: &amp;lt;= 4.1.3\n\n## Mitigation\n\n- Restrict network access to the admin panel via IP blocklists or VPN gateways.\n- Enable query-level logging to monitor parameters passed to user-modification endpoints.\n- Deploy WAF rules to detect and alert on unauthorized PUT requests containing administrative user IDs in the JSON payload.\n\n**Remediation Steps:**\n1. Identify the current phpMyFAQ deployment version.\n2. Download and install the updated PHP package containing the complete authorization validation logic for UserController.\n3. Audit the administrative user list to verify that no unauthorized low-privilege users have changed their associated email addresses or group roles.\n4. Invalidate all active administrative sessions post-upgrade to enforce new access-control checks.\n\n## References\n\n- [GHSA-985R-Q3QP-299H Advisory Page](https://github.com/advisories/GHSA-985R-Q3QP-299H)\n- [Predecessor Advisory (GHSA-xvp4-phqj-cjr3)](https://github.com/advisories/GHSA-xvp4-phqj-cjr3)\n- [Vendor Code Repository](https://github.com/thorsten/phpMyFAQ)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-985R-Q3QP-299H) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-26T21:42:10.233338Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1cb45ea4-fe97-44a1-81fe-452e5adf9377/export</guid>
      <pubDate>Fri, 26 Jun 2026 21:42:10 +0000</pubDate>
    </item>
    <item>
      <title>32483219-ed1b-4926-8e2a-fdcbd3b5006d</title>
      <link>https://vulnerability.circl.lu/sighting/32483219-ed1b-4926-8e2a-fdcbd3b5006d/export</link>
      <description>{"uuid": "32483219-ed1b-4926-8e2a-fdcbd3b5006d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35674", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnaydvpfyc2r", "content": "\ud83d\udccc CVE-2026-35674 - OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged comman... https://www.cyberhub.blog/cves/CVE-2026-35674", "creation_timestamp": "2026-06-01T21:07:07.932153Z"}</description>
      <content:encoded>{"uuid": "32483219-ed1b-4926-8e2a-fdcbd3b5006d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35674", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnaydvpfyc2r", "content": "\ud83d\udccc CVE-2026-35674 - OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged comman... https://www.cyberhub.blog/cves/CVE-2026-35674", "creation_timestamp": "2026-06-01T21:07:07.932153Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/32483219-ed1b-4926-8e2a-fdcbd3b5006d/export</guid>
      <pubDate>Mon, 01 Jun 2026 21:07:07 +0000</pubDate>
    </item>
    <item>
      <title>cdbb7868-2974-46d4-a132-4b1e386a6d19</title>
      <link>https://vulnerability.circl.lu/sighting/cdbb7868-2974-46d4-a132-4b1e386a6d19/export</link>
      <description>{"uuid": "cdbb7868-2974-46d4-a132-4b1e386a6d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35674", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmyza6ggmm2p", "content": "\ud83d\udfe0 CVE-2026-35674 - High (8.8)\n\nOpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route th...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-35674/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T17:01:39.369004Z"}</description>
      <content:encoded>{"uuid": "cdbb7868-2974-46d4-a132-4b1e386a6d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35674", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmyza6ggmm2p", "content": "\ud83d\udfe0 CVE-2026-35674 - High (8.8)\n\nOpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route th...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-35674/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T17:01:39.369004Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cdbb7868-2974-46d4-a132-4b1e386a6d19/export</guid>
      <pubDate>Fri, 29 May 2026 17:01:39 +0000</pubDate>
    </item>
    <item>
      <title>de7cb34f-175c-497c-9ae0-1a8bb6c67643</title>
      <link>https://vulnerability.circl.lu/sighting/de7cb34f-175c-497c-9ae0-1a8bb6c67643/export</link>
      <description>{"uuid": "de7cb34f-175c-497c-9ae0-1a8bb6c67643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35676", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwklaw3se2c", "content": "CVE-2026-35676 - phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint\nCVE ID : CVE-2026-35676\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the u...", "creation_timestamp": "2026-05-28T17:34:05.894065Z"}</description>
      <content:encoded>{"uuid": "de7cb34f-175c-497c-9ae0-1a8bb6c67643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35676", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwklaw3se2c", "content": "CVE-2026-35676 - phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint\nCVE ID : CVE-2026-35676\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the u...", "creation_timestamp": "2026-05-28T17:34:05.894065Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/de7cb34f-175c-497c-9ae0-1a8bb6c67643/export</guid>
      <pubDate>Thu, 28 May 2026 17:34:05 +0000</pubDate>
    </item>
    <item>
      <title>3addc85b-58c8-45a0-b5fb-f3790f3cce80</title>
      <link>https://vulnerability.circl.lu/sighting/3addc85b-58c8-45a0-b5fb-f3790f3cce80/export</link>
      <description>{"uuid": "3addc85b-58c8-45a0-b5fb-f3790f3cce80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35675", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwjubgrpa2h", "content": "CVE-2026-35675 - phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update\nCVE ID : CVE-2026-35675\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : phpMyFAQ before 4.1.3 contains an authentication bypass vulnerabilit...", "creation_timestamp": "2026-05-28T17:21:13.475037Z"}</description>
      <content:encoded>{"uuid": "3addc85b-58c8-45a0-b5fb-f3790f3cce80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35675", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwjubgrpa2h", "content": "CVE-2026-35675 - phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update\nCVE ID : CVE-2026-35675\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : phpMyFAQ before 4.1.3 contains an authentication bypass vulnerabilit...", "creation_timestamp": "2026-05-28T17:21:13.475037Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3addc85b-58c8-45a0-b5fb-f3790f3cce80/export</guid>
      <pubDate>Thu, 28 May 2026 17:21:13 +0000</pubDate>
    </item>
    <item>
      <title>ce08d61a-c40a-4eca-8395-b408d874d3c3</title>
      <link>https://vulnerability.circl.lu/sighting/ce08d61a-c40a-4eca-8395-b408d874d3c3/export</link>
      <description>{"uuid": "ce08d61a-c40a-4eca-8395-b408d874d3c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35675", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-w9xh-5f39-vq89", "content": "", "creation_timestamp": "2026-05-20T15:46:55.000000Z"}</description>
      <content:encoded>{"uuid": "ce08d61a-c40a-4eca-8395-b408d874d3c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35675", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-w9xh-5f39-vq89", "content": "", "creation_timestamp": "2026-05-20T15:46:55.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ce08d61a-c40a-4eca-8395-b408d874d3c3/export</guid>
      <pubDate>Wed, 20 May 2026 15:46:55 +0000</pubDate>
    </item>
    <item>
      <title>e7e68e98-7127-4929-a875-7d62970bc902</title>
      <link>https://vulnerability.circl.lu/sighting/e7e68e98-7127-4929-a875-7d62970bc902/export</link>
      <description>{"uuid": "e7e68e98-7127-4929-a875-7d62970bc902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35672", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-gp95-j463-vv28", "content": "", "creation_timestamp": "2026-05-20T15:46:42.000000Z"}</description>
      <content:encoded>{"uuid": "e7e68e98-7127-4929-a875-7d62970bc902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35672", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-gp95-j463-vv28", "content": "", "creation_timestamp": "2026-05-20T15:46:42.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e7e68e98-7127-4929-a875-7d62970bc902/export</guid>
      <pubDate>Wed, 20 May 2026 15:46:42 +0000</pubDate>
    </item>
    <item>
      <title>dd9b0907-0b35-4a71-b3aa-7b9e7ffae136</title>
      <link>https://vulnerability.circl.lu/sighting/dd9b0907-0b35-4a71-b3aa-7b9e7ffae136/export</link>
      <description>{"uuid": "dd9b0907-0b35-4a71-b3aa-7b9e7ffae136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35671", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-xvp4-phqj-cjr3", "content": "", "creation_timestamp": "2026-05-20T15:46:17.000000Z"}</description>
      <content:encoded>{"uuid": "dd9b0907-0b35-4a71-b3aa-7b9e7ffae136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35671", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-xvp4-phqj-cjr3", "content": "", "creation_timestamp": "2026-05-20T15:46:17.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/dd9b0907-0b35-4a71-b3aa-7b9e7ffae136/export</guid>
      <pubDate>Wed, 20 May 2026 15:46:17 +0000</pubDate>
    </item>
    <item>
      <title>bc273f40-29b8-4139-ae0b-0ada874f4975</title>
      <link>https://vulnerability.circl.lu/sighting/bc273f40-29b8-4139-ae0b-0ada874f4975/export</link>
      <description>{"uuid": "bc273f40-29b8-4139-ae0b-0ada874f4975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35676", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-9qv9-8xv6-5p35", "content": "", "creation_timestamp": "2026-05-20T15:45:53.000000Z"}</description>
      <content:encoded>{"uuid": "bc273f40-29b8-4139-ae0b-0ada874f4975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-35676", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-9qv9-8xv6-5p35", "content": "", "creation_timestamp": "2026-05-20T15:45:53.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bc273f40-29b8-4139-ae0b-0ada874f4975/export</guid>
      <pubDate>Wed, 20 May 2026 15:45:53 +0000</pubDate>
    </item>
    <item>
      <title>29aed55e-66e9-47d6-9d0f-adc4ccb0e0a0</title>
      <link>https://vulnerability.circl.lu/sighting/29aed55e-66e9-47d6-9d0f-adc4ccb0e0a0/export</link>
      <description>{"uuid": "29aed55e-66e9-47d6-9d0f-adc4ccb0e0a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35670", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj5xyakirt2z", "content": "", "creation_timestamp": "2026-04-10T18:41:50.981369Z"}</description>
      <content:encoded>{"uuid": "29aed55e-66e9-47d6-9d0f-adc4ccb0e0a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35670", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj5xyakirt2z", "content": "", "creation_timestamp": "2026-04-10T18:41:50.981369Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/29aed55e-66e9-47d6-9d0f-adc4ccb0e0a0/export</guid>
      <pubDate>Fri, 10 Apr 2026 18:41:50 +0000</pubDate>
    </item>
  </channel>
</rss>
