<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Tue, 07 Jul 2026 01:06:06 +0000</lastBuildDate>
    <item>
      <title>28c999b9-2dbc-406e-b1e6-65f2dc4a71ec</title>
      <link>https://vulnerability.circl.lu/sighting/28c999b9-2dbc-406e-b1e6-65f2dc4a71ec/export</link>
      <description>{"uuid": "28c999b9-2dbc-406e-b1e6-65f2dc4a71ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-05T07:55:59.725929Z"}</description>
      <content:encoded>{"uuid": "28c999b9-2dbc-406e-b1e6-65f2dc4a71ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-05T07:55:59.725929Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/28c999b9-2dbc-406e-b1e6-65f2dc4a71ec/export</guid>
      <pubDate>Sun, 05 Jul 2026 07:55:59 +0000</pubDate>
    </item>
    <item>
      <title>da99882a-a9da-4ecf-8a20-6b8d051e6180</title>
      <link>https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export</link>
      <description>{"uuid": "da99882a-a9da-4ecf-8a20-6b8d051e6180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-03T08:40:03.367903Z"}</description>
      <content:encoded>{"uuid": "da99882a-a9da-4ecf-8a20-6b8d051e6180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-03T08:40:03.367903Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export</guid>
      <pubDate>Fri, 03 Jul 2026 08:40:03 +0000</pubDate>
    </item>
    <item>
      <title>f588181e-64ae-4b43-9b51-da32c8f87572</title>
      <link>https://vulnerability.circl.lu/sighting/f588181e-64ae-4b43-9b51-da32c8f87572/export</link>
      <description>{"uuid": "f588181e-64ae-4b43-9b51-da32c8f87572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41262", "type": "published-proof-of-concept", "source": "https://github.com/fleetdm/fleet/security/advisories/GHSA-gm7f-v959-fr2g", "content": "", "creation_timestamp": "2026-06-26T22:35:37.463698Z"}</description>
      <content:encoded>{"uuid": "f588181e-64ae-4b43-9b51-da32c8f87572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41262", "type": "published-proof-of-concept", "source": "https://github.com/fleetdm/fleet/security/advisories/GHSA-gm7f-v959-fr2g", "content": "", "creation_timestamp": "2026-06-26T22:35:37.463698Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f588181e-64ae-4b43-9b51-da32c8f87572/export</guid>
      <pubDate>Fri, 26 Jun 2026 22:35:37 +0000</pubDate>
    </item>
    <item>
      <title>c23f149b-252d-40dc-8186-437b3e478dce</title>
      <link>https://vulnerability.circl.lu/sighting/c23f149b-252d-40dc-8186-437b3e478dce/export</link>
      <description>{"uuid": "c23f149b-252d-40dc-8186-437b3e478dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41263", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkqpzycnet2q", "content": "CVE-2026-41263 - Traefik: BasicAuth middleware: timing side-channel vulnerability\nCVE ID : CVE-2026-41263\n \n Published : April 30, 2026, 9:16 p.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, an...", "creation_timestamp": "2026-04-30T23:05:25.891616Z"}</description>
      <content:encoded>{"uuid": "c23f149b-252d-40dc-8186-437b3e478dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41263", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkqpzycnet2q", "content": "CVE-2026-41263 - Traefik: BasicAuth middleware: timing side-channel vulnerability\nCVE ID : CVE-2026-41263\n \n Published : April 30, 2026, 9:16 p.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, an...", "creation_timestamp": "2026-04-30T23:05:25.891616Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c23f149b-252d-40dc-8186-437b3e478dce/export</guid>
      <pubDate>Thu, 30 Apr 2026 23:05:25 +0000</pubDate>
    </item>
    <item>
      <title>b8e8d750-5889-4940-92b7-cf50e6fd3cc6</title>
      <link>https://vulnerability.circl.lu/sighting/b8e8d750-5889-4940-92b7-cf50e6fd3cc6/export</link>
      <description>{"uuid": "b8e8d750-5889-4940-92b7-cf50e6fd3cc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41267", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkfcol2w4r2o", "content": "", "creation_timestamp": "2026-04-26T10:07:07.969747Z"}</description>
      <content:encoded>{"uuid": "b8e8d750-5889-4940-92b7-cf50e6fd3cc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41267", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkfcol2w4r2o", "content": "", "creation_timestamp": "2026-04-26T10:07:07.969747Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b8e8d750-5889-4940-92b7-cf50e6fd3cc6/export</guid>
      <pubDate>Sun, 26 Apr 2026 10:07:07 +0000</pubDate>
    </item>
    <item>
      <title>3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f</title>
      <link>https://vulnerability.circl.lu/sighting/3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f/export</link>
      <description>{"uuid": "3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41265", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke23guci32z", "content": "", "creation_timestamp": "2026-04-25T22:00:35.939148Z"}</description>
      <content:encoded>{"uuid": "3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41265", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke23guci32z", "content": "", "creation_timestamp": "2026-04-25T22:00:35.939148Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3e9b9df6-41ca-4f7a-b1c0-727cb8e96c6f/export</guid>
      <pubDate>Sat, 25 Apr 2026 22:00:35 +0000</pubDate>
    </item>
    <item>
      <title>bc41f443-01aa-45b1-8773-940888ab8111</title>
      <link>https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export</link>
      <description>{"uuid": "bc41f443-01aa-45b1-8773-940888ab8111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke2376l4i2t", "content": "", "creation_timestamp": "2026-04-25T22:00:28.721224Z"}</description>
      <content:encoded>{"uuid": "bc41f443-01aa-45b1-8773-940888ab8111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke2376l4i2t", "content": "", "creation_timestamp": "2026-04-25T22:00:28.721224Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export</guid>
      <pubDate>Sat, 25 Apr 2026 22:00:28 +0000</pubDate>
    </item>
    <item>
      <title>b84f72ba-c5a3-440a-a094-62ee5eced554</title>
      <link>https://vulnerability.circl.lu/sighting/b84f72ba-c5a3-440a-a094-62ee5eced554/export</link>
      <description>{"uuid": "b84f72ba-c5a3-440a-a094-62ee5eced554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41266", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkbwznomm32f", "content": "", "creation_timestamp": "2026-04-25T02:00:35.695437Z"}</description>
      <content:encoded>{"uuid": "b84f72ba-c5a3-440a-a094-62ee5eced554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41266", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkbwznomm32f", "content": "", "creation_timestamp": "2026-04-25T02:00:35.695437Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b84f72ba-c5a3-440a-a094-62ee5eced554/export</guid>
      <pubDate>Sat, 25 Apr 2026 02:00:35 +0000</pubDate>
    </item>
    <item>
      <title>d9457267-1c7a-4d9b-9966-54b920695aa0</title>
      <link>https://vulnerability.circl.lu/sighting/d9457267-1c7a-4d9b-9966-54b920695aa0/export</link>
      <description>{"uuid": "d9457267-1c7a-4d9b-9966-54b920695aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41263", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mkanez5th22k", "content": "", "creation_timestamp": "2026-04-24T13:35:19.535850Z"}</description>
      <content:encoded>{"uuid": "d9457267-1c7a-4d9b-9966-54b920695aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41263", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mkanez5th22k", "content": "", "creation_timestamp": "2026-04-24T13:35:19.535850Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d9457267-1c7a-4d9b-9966-54b920695aa0/export</guid>
      <pubDate>Fri, 24 Apr 2026 13:35:19 +0000</pubDate>
    </item>
    <item>
      <title>9803cbc4-67ff-4afd-9e63-edbe4cf36667</title>
      <link>https://vulnerability.circl.lu/sighting/9803cbc4-67ff-4afd-9e63-edbe4cf36667/export</link>
      <description>{"uuid": "9803cbc4-67ff-4afd-9e63-edbe4cf36667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4126", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mk7bocnbhl2s", "content": "", "creation_timestamp": "2026-04-24T00:33:06.463052Z"}</description>
      <content:encoded>{"uuid": "9803cbc4-67ff-4afd-9e63-edbe4cf36667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4126", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mk7bocnbhl2s", "content": "", "creation_timestamp": "2026-04-24T00:33:06.463052Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9803cbc4-67ff-4afd-9e63-edbe4cf36667/export</guid>
      <pubDate>Fri, 24 Apr 2026 00:33:06 +0000</pubDate>
    </item>
  </channel>
</rss>
