<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Mon, 06 Jul 2026 17:07:53 +0000</lastBuildDate>
    <item>
      <title>089c3a53-db85-4a24-a3ff-1e46bb1818d8</title>
      <link>https://vulnerability.circl.lu/sighting/089c3a53-db85-4a24-a3ff-1e46bb1818d8/export</link>
      <description>{"uuid": "089c3a53-db85-4a24-a3ff-1e46bb1818d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48939", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpwdjdape723", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-48939 \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0438 iCagenda \u0434\u043b\u044f Joomla: \u0443\u0433\u0440\u043e\u0437\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432\n\n\n\nhttps://kripta.biz/posts/B4898F64-5D8B-4A50-BE10-C10F29B49F90", "creation_timestamp": "2026-07-05T19:43:19.156902Z"}</description>
      <content:encoded>{"uuid": "089c3a53-db85-4a24-a3ff-1e46bb1818d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48939", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpwdjdape723", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-48939 \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0438 iCagenda \u0434\u043b\u044f Joomla: \u0443\u0433\u0440\u043e\u0437\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432\n\n\n\nhttps://kripta.biz/posts/B4898F64-5D8B-4A50-BE10-C10F29B49F90", "creation_timestamp": "2026-07-05T19:43:19.156902Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/089c3a53-db85-4a24-a3ff-1e46bb1818d8/export</guid>
      <pubDate>Sun, 05 Jul 2026 19:43:19 +0000</pubDate>
    </item>
    <item>
      <title>3e5c0599-d229-4f30-aeae-2e73519dada3</title>
      <link>https://vulnerability.circl.lu/sighting/3e5c0599-d229-4f30-aeae-2e73519dada3/export</link>
      <description>{"uuid": "3e5c0599-d229-4f30-aeae-2e73519dada3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48931", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mpsjwo7hac2k", "content": "CVE-2026-48931 Shouldn't Have Been a CVE \nhttps://adventures.nodeland.dev/archive/cve-2026-48931-shouldnt-have-been-a-cve/", "creation_timestamp": "2026-07-04T07:27:31.104725Z"}</description>
      <content:encoded>{"uuid": "3e5c0599-d229-4f30-aeae-2e73519dada3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48931", "type": "seen", "source": "https://bsky.app/profile/tech-trending.bsky.social/post/3mpsjwo7hac2k", "content": "CVE-2026-48931 Shouldn't Have Been a CVE \nhttps://adventures.nodeland.dev/archive/cve-2026-48931-shouldnt-have-been-a-cve/", "creation_timestamp": "2026-07-04T07:27:31.104725Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3e5c0599-d229-4f30-aeae-2e73519dada3/export</guid>
      <pubDate>Sat, 04 Jul 2026 07:27:31 +0000</pubDate>
    </item>
    <item>
      <title>f6771f1b-a5eb-4856-9e12-2421659c80f3</title>
      <link>https://vulnerability.circl.lu/sighting/f6771f1b-a5eb-4856-9e12-2421659c80f3/export</link>
      <description>{"uuid": "f6771f1b-a5eb-4856-9e12-2421659c80f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48930", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpalhvozva2d", "content": "\ud83d\udccc CVE-2026-48930 - A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver... https://www.cyberhub.blog/cves/CVE-2026-48930", "creation_timestamp": "2026-06-27T04:07:06.651862Z"}</description>
      <content:encoded>{"uuid": "f6771f1b-a5eb-4856-9e12-2421659c80f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48930", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpalhvozva2d", "content": "\ud83d\udccc CVE-2026-48930 - A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver... https://www.cyberhub.blog/cves/CVE-2026-48930", "creation_timestamp": "2026-06-27T04:07:06.651862Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f6771f1b-a5eb-4856-9e12-2421659c80f3/export</guid>
      <pubDate>Sat, 27 Jun 2026 04:07:06 +0000</pubDate>
    </item>
    <item>
      <title>91ac0e7a-e79d-4bd2-a8ff-0aa4f896c93f</title>
      <link>https://vulnerability.circl.lu/sighting/91ac0e7a-e79d-4bd2-a8ff-0aa4f896c93f/export</link>
      <description>{"uuid": "91ac0e7a-e79d-4bd2-a8ff-0aa4f896c93f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48933", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116814526921125903", "content": "Node.js WebCrypto in v22.22.3, v24.16.0, v26.3.0 is affected by CVE-2026-48933 (HIGH). Integer overflow in subtle.encrypt() can crash processes with inputs \u2265 2 GiB, causing DoS. Avoid large inputs while awaiting a fix. \ud83d\udd10 https://radar.offseq.com/threat/cve-2026-48933-cwe-190-integer-overflow-in-nodejs--5c33db78fed81dbe #OffSeq #Nodejs #Vuln", "creation_timestamp": "2026-06-26T04:30:31.789409Z"}</description>
      <content:encoded>{"uuid": "91ac0e7a-e79d-4bd2-a8ff-0aa4f896c93f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48933", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116814526921125903", "content": "Node.js WebCrypto in v22.22.3, v24.16.0, v26.3.0 is affected by CVE-2026-48933 (HIGH). Integer overflow in subtle.encrypt() can crash processes with inputs \u2265 2 GiB, causing DoS. Avoid large inputs while awaiting a fix. \ud83d\udd10 https://radar.offseq.com/threat/cve-2026-48933-cwe-190-integer-overflow-in-nodejs--5c33db78fed81dbe #OffSeq #Nodejs #Vuln", "creation_timestamp": "2026-06-26T04:30:31.789409Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/91ac0e7a-e79d-4bd2-a8ff-0aa4f896c93f/export</guid>
      <pubDate>Fri, 26 Jun 2026 04:30:31 +0000</pubDate>
    </item>
    <item>
      <title>d27b5ca8-b7e3-4552-af25-bb7987a26943</title>
      <link>https://vulnerability.circl.lu/sighting/d27b5ca8-b7e3-4552-af25-bb7987a26943/export</link>
      <description>{"uuid": "d27b5ca8-b7e3-4552-af25-bb7987a26943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48933", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp64cqknvp2o", "content": "Node.js WebCrypto (v22.22.3, 24.16.0, 26.3.0) faces a HIGH severity bug \u2014 CVE-2026-48933. Integer overflow in subtle.encrypt() can crash Node.js with 2 GiB+ input. Avoid large inputs &amp;amp; watch for patches. \ud83d\udeab https://radar.offseq.com/threat/cve-2026-48933-cwe-190-integer-overflow-in-nodejs--5c33db78...", "creation_timestamp": "2026-06-26T04:30:28.498694Z"}</description>
      <content:encoded>{"uuid": "d27b5ca8-b7e3-4552-af25-bb7987a26943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48933", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp64cqknvp2o", "content": "Node.js WebCrypto (v22.22.3, 24.16.0, 26.3.0) faces a HIGH severity bug \u2014 CVE-2026-48933. Integer overflow in subtle.encrypt() can crash Node.js with 2 GiB+ input. Avoid large inputs &amp;amp; watch for patches. \ud83d\udeab https://radar.offseq.com/threat/cve-2026-48933-cwe-190-integer-overflow-in-nodejs--5c33db78...", "creation_timestamp": "2026-06-26T04:30:28.498694Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d27b5ca8-b7e3-4552-af25-bb7987a26943/export</guid>
      <pubDate>Fri, 26 Jun 2026 04:30:28 +0000</pubDate>
    </item>
    <item>
      <title>2b98f057-3cea-4f4a-9947-7e83df4192cb</title>
      <link>https://vulnerability.circl.lu/sighting/2b98f057-3cea-4f4a-9947-7e83df4192cb/export</link>
      <description>{"uuid": "2b98f057-3cea-4f4a-9947-7e83df4192cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48934", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5xlz53r627", "content": "CVE-2026-48934 - Node.js TLS Host Verification Bypass\nCVE ID : CVE-2026-48934\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\n\nThis vulnerability affects...", "creation_timestamp": "2026-06-26T03:06:10.361160Z"}</description>
      <content:encoded>{"uuid": "2b98f057-3cea-4f4a-9947-7e83df4192cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48934", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5xlz53r627", "content": "CVE-2026-48934 - Node.js TLS Host Verification Bypass\nCVE ID : CVE-2026-48934\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\n\nThis vulnerability affects...", "creation_timestamp": "2026-06-26T03:06:10.361160Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2b98f057-3cea-4f4a-9947-7e83df4192cb/export</guid>
      <pubDate>Fri, 26 Jun 2026 03:06:10 +0000</pubDate>
    </item>
    <item>
      <title>d02f7958-d34e-49e7-84cb-f81539b82532</title>
      <link>https://vulnerability.circl.lu/sighting/d02f7958-d34e-49e7-84cb-f81539b82532/export</link>
      <description>{"uuid": "d02f7958-d34e-49e7-84cb-f81539b82532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48935", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5wi743io2c", "content": "CVE-2026-48935 - Node.js Permission API File Metadata Modification Vulnerability\nCVE ID : CVE-2026-48935\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was ...", "creation_timestamp": "2026-06-26T02:46:08.325978Z"}</description>
      <content:encoded>{"uuid": "d02f7958-d34e-49e7-84cb-f81539b82532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48935", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5wi743io2c", "content": "CVE-2026-48935 - Node.js Permission API File Metadata Modification Vulnerability\nCVE ID : CVE-2026-48935\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was ...", "creation_timestamp": "2026-06-26T02:46:08.325978Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d02f7958-d34e-49e7-84cb-f81539b82532/export</guid>
      <pubDate>Fri, 26 Jun 2026 02:46:08 +0000</pubDate>
    </item>
    <item>
      <title>ab841fab-bd6b-4fc0-aee1-8b212c00c36a</title>
      <link>https://vulnerability.circl.lu/sighting/ab841fab-bd6b-4fc0-aee1-8b212c00c36a/export</link>
      <description>{"uuid": "ab841fab-bd6b-4fc0-aee1-8b212c00c36a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48930", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vtsvk7v27", "content": "CVE-2026-48930 - Node.js TLS Hostname Handling Vulnerability\nCVE ID : CVE-2026-48930\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to...", "creation_timestamp": "2026-06-26T02:34:44.700255Z"}</description>
      <content:encoded>{"uuid": "ab841fab-bd6b-4fc0-aee1-8b212c00c36a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48930", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vtsvk7v27", "content": "CVE-2026-48930 - Node.js TLS Hostname Handling Vulnerability\nCVE ID : CVE-2026-48930\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to...", "creation_timestamp": "2026-06-26T02:34:44.700255Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ab841fab-bd6b-4fc0-aee1-8b212c00c36a/export</guid>
      <pubDate>Fri, 26 Jun 2026 02:34:44 +0000</pubDate>
    </item>
    <item>
      <title>17d04e9f-807b-4af0-a6a4-67d61876296b</title>
      <link>https://vulnerability.circl.lu/sighting/17d04e9f-807b-4af0-a6a4-67d61876296b/export</link>
      <description>{"uuid": "17d04e9f-807b-4af0-a6a4-67d61876296b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48936", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vogv5gr2z", "content": "CVE-2026-48936 - Node.js: Insufficient Permissions Check Leading to Unauthorized Socket Server Creation\nCVE ID : CVE-2026-48936\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js Permission API can cause a local server to be started (vi...", "creation_timestamp": "2026-06-26T02:31:44.008833Z"}</description>
      <content:encoded>{"uuid": "17d04e9f-807b-4af0-a6a4-67d61876296b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48936", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vogv5gr2z", "content": "CVE-2026-48936 - Node.js: Insufficient Permissions Check Leading to Unauthorized Socket Server Creation\nCVE ID : CVE-2026-48936\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js Permission API can cause a local server to be started (vi...", "creation_timestamp": "2026-06-26T02:31:44.008833Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/17d04e9f-807b-4af0-a6a4-67d61876296b/export</guid>
      <pubDate>Fri, 26 Jun 2026 02:31:44 +0000</pubDate>
    </item>
    <item>
      <title>2e759e89-9722-4ff8-abae-3350145970ce</title>
      <link>https://vulnerability.circl.lu/sighting/2e759e89-9722-4ff8-abae-3350145970ce/export</link>
      <description>{"uuid": "2e759e89-9722-4ff8-abae-3350145970ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48933", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vjkhvop2u", "content": "CVE-2026-48933 - Node.js WebCrypto Denial of Service\nCVE ID : CVE-2026-48933\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\n\nTh...", "creation_timestamp": "2026-06-26T02:29:00.087404Z"}</description>
      <content:encoded>{"uuid": "2e759e89-9722-4ff8-abae-3350145970ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48933", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vjkhvop2u", "content": "CVE-2026-48933 - Node.js WebCrypto Denial of Service\nCVE ID : CVE-2026-48933\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\n\nTh...", "creation_timestamp": "2026-06-26T02:29:00.087404Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2e759e89-9722-4ff8-abae-3350145970ce/export</guid>
      <pubDate>Fri, 26 Jun 2026 02:29:00 +0000</pubDate>
    </item>
  </channel>
</rss>
