<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 16:31:08 +0000</lastBuildDate>
    <item>
      <title>61eea565-bc8e-462e-9320-2502a7d268b0</title>
      <link>https://vulnerability.circl.lu/sighting/61eea565-bc8e-462e-9320-2502a7d268b0/export</link>
      <description>{"uuid": "61eea565-bc8e-462e-9320-2502a7d268b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphsssv2ny2e", "content": "\ud83d\udccc CVE-2026-45408 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authentica... https://www.cyberhub.blog/cves/CVE-2026-45408", "creation_timestamp": "2026-06-30T01:07:07.269275Z"}</description>
      <content:encoded>{"uuid": "61eea565-bc8e-462e-9320-2502a7d268b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphsssv2ny2e", "content": "\ud83d\udccc CVE-2026-45408 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authentica... https://www.cyberhub.blog/cves/CVE-2026-45408", "creation_timestamp": "2026-06-30T01:07:07.269275Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/61eea565-bc8e-462e-9320-2502a7d268b0/export</guid>
      <pubDate>Tue, 30 Jun 2026 01:07:07 +0000</pubDate>
    </item>
    <item>
      <title>cf9829ac-30d0-4c45-8dce-ddf835a46083</title>
      <link>https://vulnerability.circl.lu/sighting/cf9829ac-30d0-4c45-8dce-ddf835a46083/export</link>
      <description>{"uuid": "cf9829ac-30d0-4c45-8dce-ddf835a46083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45406", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphr55hvyv24", "content": "\ud83d\udccc CVE-2026-45406 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository direct... https://www.cyberhub.blog/cves/CVE-2026-45406", "creation_timestamp": "2026-06-30T00:37:06.617509Z"}</description>
      <content:encoded>{"uuid": "cf9829ac-30d0-4c45-8dce-ddf835a46083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45406", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphr55hvyv24", "content": "\ud83d\udccc CVE-2026-45406 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository direct... https://www.cyberhub.blog/cves/CVE-2026-45406", "creation_timestamp": "2026-06-30T00:37:06.617509Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cf9829ac-30d0-4c45-8dce-ddf835a46083/export</guid>
      <pubDate>Tue, 30 Jun 2026 00:37:06 +0000</pubDate>
    </item>
    <item>
      <title>fa09ced8-04e3-4ce3-97dc-ea66066affde</title>
      <link>https://vulnerability.circl.lu/sighting/fa09ced8-04e3-4ce3-97dc-ea66066affde/export</link>
      <description>{"uuid": "fa09ced8-04e3-4ce3-97dc-ea66066affde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45405", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphphj2ody2g", "content": "\ud83d\udccc CVE-2026-45405 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary dir... https://www.cyberhub.blog/cves/CVE-2026-45405", "creation_timestamp": "2026-06-30T00:07:11.463990Z"}</description>
      <content:encoded>{"uuid": "fa09ced8-04e3-4ce3-97dc-ea66066affde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45405", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mphphj2ody2g", "content": "\ud83d\udccc CVE-2026-45405 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary dir... https://www.cyberhub.blog/cves/CVE-2026-45405", "creation_timestamp": "2026-06-30T00:07:11.463990Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fa09ced8-04e3-4ce3-97dc-ea66066affde/export</guid>
      <pubDate>Tue, 30 Jun 2026 00:07:11 +0000</pubDate>
    </item>
    <item>
      <title>73df28a4-420b-4fff-bf90-62281a036548</title>
      <link>https://vulnerability.circl.lu/sighting/73df28a4-420b-4fff-bf90-62281a036548/export</link>
      <description>{"uuid": "73df28a4-420b-4fff-bf90-62281a036548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpd7btxcpw2h", "content": "CVE-2026-45408 - Critical Command Injection in Dokku. CVSS 9.0. No patch available. Mitigations required. Limit git push access and review app name validation. #CVE #Dokku #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-45408/", "creation_timestamp": "2026-06-28T05:06:57.828397Z"}</description>
      <content:encoded>{"uuid": "73df28a4-420b-4fff-bf90-62281a036548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpd7btxcpw2h", "content": "CVE-2026-45408 - Critical Command Injection in Dokku. CVSS 9.0. No patch available. Mitigations required. Limit git push access and review app name validation. #CVE #Dokku #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-45408/", "creation_timestamp": "2026-06-28T05:06:57.828397Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/73df28a4-420b-4fff-bf90-62281a036548/export</guid>
      <pubDate>Sun, 28 Jun 2026 05:06:57 +0000</pubDate>
    </item>
    <item>
      <title>6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620</title>
      <link>https://vulnerability.circl.lu/sighting/6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620/export</link>
      <description>{"uuid": "6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45407", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7mx6ctia2i", "content": "CVE-2026-45407 - Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch\nCVE ID : CVE-2026-45407\n \n Published : June 26, 2026, 4:21 p.m. | 1\u00a0hour, 23\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command create...", "creation_timestamp": "2026-06-26T19:00:53.025222Z"}</description>
      <content:encoded>{"uuid": "6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45407", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7mx6ctia2i", "content": "CVE-2026-45407 - Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch\nCVE ID : CVE-2026-45407\n \n Published : June 26, 2026, 4:21 p.m. | 1\u00a0hour, 23\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command create...", "creation_timestamp": "2026-06-26T19:00:53.025222Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6e53b52d-1cf3-4e09-a4b5-e5b60fe3d620/export</guid>
      <pubDate>Fri, 26 Jun 2026 19:00:53 +0000</pubDate>
    </item>
    <item>
      <title>37aa3000-04fa-4217-9305-7fe373284907</title>
      <link>https://vulnerability.circl.lu/sighting/37aa3000-04fa-4217-9305-7fe373284907/export</link>
      <description>{"uuid": "37aa3000-04fa-4217-9305-7fe373284907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45405", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7m5luydh2c", "content": "CVE-2026-45405 - Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add\nCVE ID : CVE-2026-45405\n \n Published : June 26, 2026, 4:23 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-arch...", "creation_timestamp": "2026-06-26T18:46:34.781114Z"}</description>
      <content:encoded>{"uuid": "37aa3000-04fa-4217-9305-7fe373284907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45405", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7m5luydh2c", "content": "CVE-2026-45405 - Dokku: Arbitrary File Write via Tar Symlink Traversal in git:from-archive and certs:add\nCVE ID : CVE-2026-45405\n \n Published : June 26, 2026, 4:23 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-arch...", "creation_timestamp": "2026-06-26T18:46:34.781114Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/37aa3000-04fa-4217-9305-7fe373284907/export</guid>
      <pubDate>Fri, 26 Jun 2026 18:46:34 +0000</pubDate>
    </item>
    <item>
      <title>e21aa45b-5124-4814-b6ff-7d4397a3ae95</title>
      <link>https://vulnerability.circl.lu/sighting/e21aa45b-5124-4814-b6ff-7d4397a3ae95/export</link>
      <description>{"uuid": "e21aa45b-5124-4814-b6ff-7d4397a3ae95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kmzy3za2c", "content": "CVE-2026-45408 - Dokku: OS Command Injection via App Name in Git Pre-Receive Hook\nCVE ID : CVE-2026-45408\n \n Published : June 26, 2026, 4:19 p.m. | 1\u00a0hour, 25\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9]...", "creation_timestamp": "2026-06-26T18:19:25.395483Z"}</description>
      <content:encoded>{"uuid": "e21aa45b-5124-4814-b6ff-7d4397a3ae95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45408", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kmzy3za2c", "content": "CVE-2026-45408 - Dokku: OS Command Injection via App Name in Git Pre-Receive Hook\nCVE ID : CVE-2026-45408\n \n Published : June 26, 2026, 4:19 p.m. | 1\u00a0hour, 25\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9]...", "creation_timestamp": "2026-06-26T18:19:25.395483Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e21aa45b-5124-4814-b6ff-7d4397a3ae95/export</guid>
      <pubDate>Fri, 26 Jun 2026 18:19:25 +0000</pubDate>
    </item>
    <item>
      <title>68020ac8-5b93-45ea-8fce-c5e804144642</title>
      <link>https://vulnerability.circl.lu/sighting/68020ac8-5b93-45ea-8fce-c5e804144642/export</link>
      <description>{"uuid": "68020ac8-5b93-45ea-8fce-c5e804144642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45406", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kk7bms52n", "content": "CVE-2026-45406 - Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval\nCVE ID : CVE-2026-45406\n \n Published : June 26, 2026, 4:22 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts ...", "creation_timestamp": "2026-06-26T18:17:50.304849Z"}</description>
      <content:encoded>{"uuid": "68020ac8-5b93-45ea-8fce-c5e804144642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45406", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kk7bms52n", "content": "CVE-2026-45406 - Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval\nCVE ID : CVE-2026-45406\n \n Published : June 26, 2026, 4:22 p.m. | 1\u00a0hour, 22\u00a0minutes ago\n \n Description : Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts ...", "creation_timestamp": "2026-06-26T18:17:50.304849Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/68020ac8-5b93-45ea-8fce-c5e804144642/export</guid>
      <pubDate>Fri, 26 Jun 2026 18:17:50 +0000</pubDate>
    </item>
    <item>
      <title>dadb8f8e-3666-45a9-91da-30a7b279e1ba</title>
      <link>https://vulnerability.circl.lu/sighting/dadb8f8e-3666-45a9-91da-30a7b279e1ba/export</link>
      <description>{"uuid": "dadb8f8e-3666-45a9-91da-30a7b279e1ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45409", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnlgica57p2y", "content": "CVE-2026-45409 - Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix\nCVE ID : CVE-2026-45409\n \n Published : June 5, 2026, 11:16 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : Internationalized Domain Nam...", "creation_timestamp": "2026-06-06T00:46:44.907977Z"}</description>
      <content:encoded>{"uuid": "dadb8f8e-3666-45a9-91da-30a7b279e1ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45409", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnlgica57p2y", "content": "CVE-2026-45409 - Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix\nCVE ID : CVE-2026-45409\n \n Published : June 5, 2026, 11:16 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : Internationalized Domain Nam...", "creation_timestamp": "2026-06-06T00:46:44.907977Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/dadb8f8e-3666-45a9-91da-30a7b279e1ba/export</guid>
      <pubDate>Sat, 06 Jun 2026 00:46:44 +0000</pubDate>
    </item>
    <item>
      <title>ca59684b-b952-4ea6-b8e2-7731bd938ddf</title>
      <link>https://vulnerability.circl.lu/sighting/ca59684b-b952-4ea6-b8e2-7731bd938ddf/export</link>
      <description>{"uuid": "ca59684b-b952-4ea6-b8e2-7731bd938ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45401", "type": "seen", "source": "Telegram/IqAYll4ZzjxpeZQ_8CUvuT_fob3B5lJjEUBfv2EUXY56hck", "content": "", "creation_timestamp": "2026-05-27T21:12:27.000000Z"}</description>
      <content:encoded>{"uuid": "ca59684b-b952-4ea6-b8e2-7731bd938ddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45401", "type": "seen", "source": "Telegram/IqAYll4ZzjxpeZQ_8CUvuT_fob3B5lJjEUBfv2EUXY56hck", "content": "", "creation_timestamp": "2026-05-27T21:12:27.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ca59684b-b952-4ea6-b8e2-7731bd938ddf/export</guid>
      <pubDate>Wed, 27 May 2026 21:12:27 +0000</pubDate>
    </item>
  </channel>
</rss>
