<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Mon, 13 Jul 2026 21:35:37 +0000</lastBuildDate>
    <item>
      <title>d0982b0f-adab-44ee-9f95-ba448252280e</title>
      <link>https://vulnerability.circl.lu/sighting/d0982b0f-adab-44ee-9f95-ba448252280e/export</link>
      <description>{"uuid": "d0982b0f-adab-44ee-9f95-ba448252280e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-07-12)", "content": "", "creation_timestamp": "2026-07-13T10:15:05.248782Z"}</description>
      <content:encoded>{"uuid": "d0982b0f-adab-44ee-9f95-ba448252280e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-07-12)", "content": "", "creation_timestamp": "2026-07-13T10:15:05.248782Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d0982b0f-adab-44ee-9f95-ba448252280e/export</guid>
      <pubDate>Mon, 13 Jul 2026 10:15:05 +0000</pubDate>
    </item>
    <item>
      <title>66695597-dad1-4997-ba8f-90352abb4e74</title>
      <link>https://vulnerability.circl.lu/sighting/66695597-dad1-4997-ba8f-90352abb4e74/export</link>
      <description>{"uuid": "66695597-dad1-4997-ba8f-90352abb4e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-07-11)", "content": "", "creation_timestamp": "2026-07-12T10:15:04.342925Z"}</description>
      <content:encoded>{"uuid": "66695597-dad1-4997-ba8f-90352abb4e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-07-11)", "content": "", "creation_timestamp": "2026-07-12T10:15:04.342925Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/66695597-dad1-4997-ba8f-90352abb4e74/export</guid>
      <pubDate>Sun, 12 Jul 2026 10:15:04 +0000</pubDate>
    </item>
    <item>
      <title>f0b917c4-d66c-46f1-a5ca-01ac72a2a2d2</title>
      <link>https://vulnerability.circl.lu/sighting/f0b917c4-d66c-46f1-a5ca-01ac72a2a2d2/export</link>
      <description>{"uuid": "f0b917c4-d66c-46f1-a5ca-01ac72a2a2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2750", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\nCRITICAL auth bypass in cPanel &amp;amp; WHM (CVSS 10.0)\n\nZero credentials \u2192 Full root WHM access via CRLF injection + session file poisoning.\n\n~70 million domains affected.\n\n### Exploit Chain (4 stages):\n1. Pre-auth session minting  \n2. CRLF injection via Authorization header  \n3. do_token_denied gadget (raw \u2192 cache flush)  \n4. /json-api/version \u2192 PWNED\n\nWhat you get:\n- \u2705 Interactive WHM root shell  \n- \u2705 Account enumeration  \n- \u2705 Command execution  \n- \u2705 Backdoor admin creation  \n- \u2705 Ready for bulk scanning (stdlib only, no extra deps)\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-12T00:00:53.395921Z"}</description>
      <content:encoded>{"uuid": "f0b917c4-d66c-46f1-a5ca-01ac72a2a2d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2750", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\nCRITICAL auth bypass in cPanel &amp;amp; WHM (CVSS 10.0)\n\nZero credentials \u2192 Full root WHM access via CRLF injection + session file poisoning.\n\n~70 million domains affected.\n\n### Exploit Chain (4 stages):\n1. Pre-auth session minting  \n2. CRLF injection via Authorization header  \n3. do_token_denied gadget (raw \u2192 cache flush)  \n4. /json-api/version \u2192 PWNED\n\nWhat you get:\n- \u2705 Interactive WHM root shell  \n- \u2705 Account enumeration  \n- \u2705 Command execution  \n- \u2705 Backdoor admin creation  \n- \u2705 Ready for bulk scanning (stdlib only, no extra deps)\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-12T00:00:53.395921Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f0b917c4-d66c-46f1-a5ca-01ac72a2a2d2/export</guid>
      <pubDate>Sun, 12 Jul 2026 00:00:53 +0000</pubDate>
    </item>
    <item>
      <title>99b69ecd-076e-493b-b407-ede1a24dac49</title>
      <link>https://vulnerability.circl.lu/sighting/99b69ecd-076e-493b-b407-ede1a24dac49/export</link>
      <description>{"uuid": "99b69ecd-076e-493b-b407-ede1a24dac49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2689", "content": "\ud83d\udd25CVE-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator\n\n\ud83d\udea8https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py", "creation_timestamp": "2026-07-12T00:00:52.765912Z"}</description>
      <content:encoded>{"uuid": "99b69ecd-076e-493b-b407-ede1a24dac49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2689", "content": "\ud83d\udd25CVE-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator\n\n\ud83d\udea8https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py", "creation_timestamp": "2026-07-12T00:00:52.765912Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/99b69ecd-076e-493b-b407-ede1a24dac49/export</guid>
      <pubDate>Sun, 12 Jul 2026 00:00:52 +0000</pubDate>
    </item>
    <item>
      <title>94c02b0a-a4f6-42fd-8d01-1534e98d6ece</title>
      <link>https://vulnerability.circl.lu/sighting/94c02b0a-a4f6-42fd-8d01-1534e98d6ece/export</link>
      <description>{"uuid": "94c02b0a-a4f6-42fd-8d01-1534e98d6ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2691", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\ncPanel &amp;amp; WHM'de CVSS 10.0 kritik auth bypass.\n\nCRLF injection \u2192 session file poisoning \u2192 root WHM access.\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-12T00:00:52.728811Z"}</description>
      <content:encoded>{"uuid": "94c02b0a-a4f6-42fd-8d01-1534e98d6ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2691", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\ncPanel &amp;amp; WHM'de CVSS 10.0 kritik auth bypass.\n\nCRLF injection \u2192 session file poisoning \u2192 root WHM access.\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-12T00:00:52.728811Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/94c02b0a-a4f6-42fd-8d01-1534e98d6ece/export</guid>
      <pubDate>Sun, 12 Jul 2026 00:00:52 +0000</pubDate>
    </item>
    <item>
      <title>906a57fa-9cca-4ff4-b8f4-1362726fd91e</title>
      <link>https://vulnerability.circl.lu/sighting/906a57fa-9cca-4ff4-b8f4-1362726fd91e/export</link>
      <description>{"uuid": "906a57fa-9cca-4ff4-b8f4-1362726fd91e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2691", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\ncPanel &amp;amp; WHM'de CVSS 10.0 kritik auth bypass.\n\nCRLF injection \u2192 session file poisoning \u2192 root WHM access.\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-11T11:00:05.901881Z"}</description>
      <content:encoded>{"uuid": "906a57fa-9cca-4ff4-b8f4-1362726fd91e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2691", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\ncPanel &amp;amp; WHM'de CVSS 10.0 kritik auth bypass.\n\nCRLF injection \u2192 session file poisoning \u2192 root WHM access.\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-11T11:00:05.901881Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/906a57fa-9cca-4ff4-b8f4-1362726fd91e/export</guid>
      <pubDate>Sat, 11 Jul 2026 11:00:05 +0000</pubDate>
    </item>
    <item>
      <title>61900a2d-1e3b-474c-a633-2c93fe3a7089</title>
      <link>https://vulnerability.circl.lu/sighting/61900a2d-1e3b-474c-a633-2c93fe3a7089/export</link>
      <description>{"uuid": "61900a2d-1e3b-474c-a633-2c93fe3a7089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-07-10)", "content": "", "creation_timestamp": "2026-07-11T10:15:05.043706Z"}</description>
      <content:encoded>{"uuid": "61900a2d-1e3b-474c-a633-2c93fe3a7089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-07-10)", "content": "", "creation_timestamp": "2026-07-11T10:15:05.043706Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/61900a2d-1e3b-474c-a633-2c93fe3a7089/export</guid>
      <pubDate>Sat, 11 Jul 2026 10:15:05 +0000</pubDate>
    </item>
    <item>
      <title>073b8449-dc18-4ddb-ba60-f1bbd9773f91</title>
      <link>https://vulnerability.circl.lu/sighting/073b8449-dc18-4ddb-ba60-f1bbd9773f91/export</link>
      <description>{"uuid": "073b8449-dc18-4ddb-ba60-f1bbd9773f91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2689", "content": "\ud83d\udd25CVE-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator\n\n\ud83d\udea8https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py", "creation_timestamp": "2026-07-11T10:00:06.162907Z"}</description>
      <content:encoded>{"uuid": "073b8449-dc18-4ddb-ba60-f1bbd9773f91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2689", "content": "\ud83d\udd25CVE-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator\n\n\ud83d\udea8https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py", "creation_timestamp": "2026-07-11T10:00:06.162907Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/073b8449-dc18-4ddb-ba60-f1bbd9773f91/export</guid>
      <pubDate>Sat, 11 Jul 2026 10:00:06 +0000</pubDate>
    </item>
    <item>
      <title>22180f9d-39af-4b92-9c0a-8d3f963a4ee6</title>
      <link>https://vulnerability.circl.lu/sighting/22180f9d-39af-4b92-9c0a-8d3f963a4ee6/export</link>
      <description>{"uuid": "22180f9d-39af-4b92-9c0a-8d3f963a4ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-07-10)", "content": "", "creation_timestamp": "2026-07-11T10:00:04.570231Z"}</description>
      <content:encoded>{"uuid": "22180f9d-39af-4b92-9c0a-8d3f963a4ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-07-10)", "content": "", "creation_timestamp": "2026-07-11T10:00:04.570231Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/22180f9d-39af-4b92-9c0a-8d3f963a4ee6/export</guid>
      <pubDate>Sat, 11 Jul 2026 10:00:04 +0000</pubDate>
    </item>
    <item>
      <title>3e9d80cb-73b9-4b1b-a29a-103f3f3af6b6</title>
      <link>https://vulnerability.circl.lu/sighting/3e9d80cb-73b9-4b1b-a29a-103f3f3af6b6/export</link>
      <description>{"uuid": "3e9d80cb-73b9-4b1b-a29a-103f3f3af6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2750", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\nCRITICAL auth bypass in cPanel &amp;amp; WHM (CVSS 10.0)\n\nZero credentials \u2192 Full root WHM access via CRLF injection + session file poisoning.\n\n~70 million domains affected.\n\n### Exploit Chain (4 stages):\n1. Pre-auth session minting  \n2. CRLF injection via Authorization header  \n3. do_token_denied gadget (raw \u2192 cache flush)  \n4. /json-api/version \u2192 PWNED\n\nWhat you get:\n- \u2705 Interactive WHM root shell  \n- \u2705 Account enumeration  \n- \u2705 Command execution  \n- \u2705 Backdoor admin creation  \n- \u2705 Ready for bulk scanning (stdlib only, no extra deps)\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-11T09:00:04.701588Z"}</description>
      <content:encoded>{"uuid": "3e9d80cb-73b9-4b1b-a29a-103f3f3af6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2750", "content": "\ud83d\udea8 cPanelSniper \u2014 CVE-2026-41940\n\nCRITICAL auth bypass in cPanel &amp;amp; WHM (CVSS 10.0)\n\nZero credentials \u2192 Full root WHM access via CRLF injection + session file poisoning.\n\n~70 million domains affected.\n\n### Exploit Chain (4 stages):\n1. Pre-auth session minting  \n2. CRLF injection via Authorization header  \n3. do_token_denied gadget (raw \u2192 cache flush)  \n4. /json-api/version \u2192 PWNED\n\nWhat you get:\n- \u2705 Interactive WHM root shell  \n- \u2705 Account enumeration  \n- \u2705 Command execution  \n- \u2705 Backdoor admin creation  \n- \u2705 Ready for bulk scanning (stdlib only, no extra deps)\n\nhttps://github.com/ynsmroztas/cPanelSniper", "creation_timestamp": "2026-07-11T09:00:04.701588Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3e9d80cb-73b9-4b1b-a29a-103f3f3af6b6/export</guid>
      <pubDate>Sat, 11 Jul 2026 09:00:04 +0000</pubDate>
    </item>
  </channel>
</rss>
