<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Mon, 13 Jul 2026 18:52:05 +0000</lastBuildDate>
    <item>
      <title>e49dbabe-c136-4bf7-b3c4-a5b31d8f9a6f</title>
      <link>https://vulnerability.circl.lu/sighting/e49dbabe-c136-4bf7-b3c4-a5b31d8f9a6f/export</link>
      <description>{"uuid": "e49dbabe-c136-4bf7-b3c4-a5b31d8f9a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88073", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46394-haxcms-git-command-injection\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shreyas-challa\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a PHP\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-09 17:55:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC and writeup for CVE-2026-46394: OS command injection in HAXcms Git.php (CWE-78). Authorized security research only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T00:00:46.063175Z"}</description>
      <content:encoded>{"uuid": "e49dbabe-c136-4bf7-b3c4-a5b31d8f9a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88073", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46394-haxcms-git-command-injection\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shreyas-challa\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a PHP\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-09 17:55:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC and writeup for CVE-2026-46394: OS command injection in HAXcms Git.php (CWE-78). Authorized security research only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T00:00:46.063175Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e49dbabe-c136-4bf7-b3c4-a5b31d8f9a6f/export</guid>
      <pubDate>Mon, 13 Jul 2026 00:00:46 +0000</pubDate>
    </item>
    <item>
      <title>7a24aabc-6c66-43fe-a5eb-4a31ca629e3e</title>
      <link>https://vulnerability.circl.lu/sighting/7a24aabc-6c66-43fe-a5eb-4a31ca629e3e/export</link>
      <description>{"uuid": "7a24aabc-6c66-43fe-a5eb-4a31ca629e3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88073", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46394-haxcms-git-command-injection\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shreyas-challa\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a PHP\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-09 17:55:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC and writeup for CVE-2026-46394: OS command injection in HAXcms Git.php (CWE-78). Authorized security research only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-12T10:00:03.523650Z"}</description>
      <content:encoded>{"uuid": "7a24aabc-6c66-43fe-a5eb-4a31ca629e3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88073", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46394-haxcms-git-command-injection\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shreyas-challa\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a PHP\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-09 17:55:03\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC and writeup for CVE-2026-46394: OS command injection in HAXcms Git.php (CWE-78). Authorized security research only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-12T10:00:03.523650Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7a24aabc-6c66-43fe-a5eb-4a31ca629e3e/export</guid>
      <pubDate>Sun, 12 Jul 2026 10:00:03 +0000</pubDate>
    </item>
    <item>
      <title>142b0a2a-bc5a-41ba-b9f8-adeb27282da9</title>
      <link>https://vulnerability.circl.lu/sighting/142b0a2a-bc5a-41ba-b9f8-adeb27282da9/export</link>
      <description>{"uuid": "142b0a2a-bc5a-41ba-b9f8-adeb27282da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "Telegram/avQcqITCN0CdPqbu_zPd1c2U29MoQRx_NSjCudrYTZic4II", "content": "", "creation_timestamp": "2026-06-09T23:00:05.000000Z"}</description>
      <content:encoded>{"uuid": "142b0a2a-bc5a-41ba-b9f8-adeb27282da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "Telegram/avQcqITCN0CdPqbu_zPd1c2U29MoQRx_NSjCudrYTZic4II", "content": "", "creation_timestamp": "2026-06-09T23:00:05.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/142b0a2a-bc5a-41ba-b9f8-adeb27282da9/export</guid>
      <pubDate>Tue, 09 Jun 2026 23:00:05 +0000</pubDate>
    </item>
    <item>
      <title>cff8a0f4-f76c-4459-b8a5-f2f111d3a8ac</title>
      <link>https://vulnerability.circl.lu/sighting/cff8a0f4-f76c-4459-b8a5-f2f111d3a8ac/export</link>
      <description>{"uuid": "cff8a0f4-f76c-4459-b8a5-f2f111d3a8ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "Telegram/Twzxtbvyqic9grgE7JaZrbs3i9BOrZG8PBBvMyWgrTB7Ya8", "content": "", "creation_timestamp": "2026-06-09T19:00:13.000000Z"}</description>
      <content:encoded>{"uuid": "cff8a0f4-f76c-4459-b8a5-f2f111d3a8ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46394", "type": "published-proof-of-concept", "source": "Telegram/Twzxtbvyqic9grgE7JaZrbs3i9BOrZG8PBBvMyWgrTB7Ya8", "content": "", "creation_timestamp": "2026-06-09T19:00:13.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cff8a0f4-f76c-4459-b8a5-f2f111d3a8ac/export</guid>
      <pubDate>Tue, 09 Jun 2026 19:00:13 +0000</pubDate>
    </item>
  </channel>
</rss>
