<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 04 Jul 2026 15:33:56 +0000</lastBuildDate>
    <item>
      <title>688e40cf-0b21-464e-8a79-c2cf38892fce</title>
      <link>https://vulnerability.circl.lu/sighting/688e40cf-0b21-464e-8a79-c2cf38892fce/export</link>
      <description>{"uuid": "688e40cf-0b21-464e-8a79-c2cf38892fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49352", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mprk4i62nu2j", "content": "CVE-2026-49352 - 9router\n9router's default secret is hardcoded and publicly known, allowing unauthorized users to access the dashboard and API if the server's JWT secret is not set. This vulnerability\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#9router #decolua #npm #CVE #infosec", "creation_timestamp": "2026-07-03T21:58:06.747307Z"}</description>
      <content:encoded>{"uuid": "688e40cf-0b21-464e-8a79-c2cf38892fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49352", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mprk4i62nu2j", "content": "CVE-2026-49352 - 9router\n9router's default secret is hardcoded and publicly known, allowing unauthorized users to access the dashboard and API if the server's JWT secret is not set. This vulnerability\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#9router #decolua #npm #CVE #infosec", "creation_timestamp": "2026-07-03T21:58:06.747307Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/688e40cf-0b21-464e-8a79-c2cf38892fce/export</guid>
      <pubDate>Fri, 03 Jul 2026 21:58:06 +0000</pubDate>
    </item>
    <item>
      <title>8e330481-1ad0-4eb0-99db-100170fa4b24</title>
      <link>https://vulnerability.circl.lu/sighting/8e330481-1ad0-4eb0-99db-100170fa4b24/export</link>
      <description>{"uuid": "8e330481-1ad0-4eb0-99db-100170fa4b24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49352", "type": "published-proof-of-concept", "source": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx", "content": "", "creation_timestamp": "2026-07-02T22:35:02.831369Z"}</description>
      <content:encoded>{"uuid": "8e330481-1ad0-4eb0-99db-100170fa4b24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49352", "type": "published-proof-of-concept", "source": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx", "content": "", "creation_timestamp": "2026-07-02T22:35:02.831369Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8e330481-1ad0-4eb0-99db-100170fa4b24/export</guid>
      <pubDate>Thu, 02 Jul 2026 22:35:02 +0000</pubDate>
    </item>
    <item>
      <title>54c46a81-1240-44c2-aeca-bcd575c9bb91</title>
      <link>https://vulnerability.circl.lu/sighting/54c46a81-1240-44c2-aeca-bcd575c9bb91/export</link>
      <description>{"uuid": "54c46a81-1240-44c2-aeca-bcd575c9bb91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49355", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mpgpvt4gmd2m", "content": "OpenProject \u5b89\u5168\u6f0f\u6d1e CVE-2026-49355 \u6df1\u5ea6\u89e3\u6790:\u5f71\u54cd\u3001\u4fee\u590d\u4e0e\u9632\u62a4\u6307\u5357\n\n\n\nhttps://qian.cx/posts/211C6E68-C198-47A5-BA6D-4141610176B6", "creation_timestamp": "2026-06-29T14:42:27.237395Z"}</description>
      <content:encoded>{"uuid": "54c46a81-1240-44c2-aeca-bcd575c9bb91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49355", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mpgpvt4gmd2m", "content": "OpenProject \u5b89\u5168\u6f0f\u6d1e CVE-2026-49355 \u6df1\u5ea6\u89e3\u6790:\u5f71\u54cd\u3001\u4fee\u590d\u4e0e\u9632\u62a4\u6307\u5357\n\n\n\nhttps://qian.cx/posts/211C6E68-C198-47A5-BA6D-4141610176B6", "creation_timestamp": "2026-06-29T14:42:27.237395Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/54c46a81-1240-44c2-aeca-bcd575c9bb91/export</guid>
      <pubDate>Mon, 29 Jun 2026 14:42:27 +0000</pubDate>
    </item>
    <item>
      <title>a56229fc-8be2-4d79-b0c4-2270503617a5</title>
      <link>https://vulnerability.circl.lu/sighting/a56229fc-8be2-4d79-b0c4-2270503617a5/export</link>
      <description>{"uuid": "a56229fc-8be2-4d79-b0c4-2270503617a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49355", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgpvnlgcv2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-49355 \u0432 OpenProject: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/E0B7ED07-B9F2-4E08-BB6B-DC777CE9A72F", "creation_timestamp": "2026-06-29T14:42:21.063399Z"}</description>
      <content:encoded>{"uuid": "a56229fc-8be2-4d79-b0c4-2270503617a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49355", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgpvnlgcv2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-49355 \u0432 OpenProject: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/E0B7ED07-B9F2-4E08-BB6B-DC777CE9A72F", "creation_timestamp": "2026-06-29T14:42:21.063399Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a56229fc-8be2-4d79-b0c4-2270503617a5/export</guid>
      <pubDate>Mon, 29 Jun 2026 14:42:21 +0000</pubDate>
    </item>
    <item>
      <title>9704d6fc-2bbd-4f50-a47a-d5ff7696baeb</title>
      <link>https://vulnerability.circl.lu/sighting/9704d6fc-2bbd-4f50-a47a-d5ff7696baeb/export</link>
      <description>{"uuid": "9704d6fc-2bbd-4f50-a47a-d5ff7696baeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49358", "type": "published-proof-of-concept", "source": "https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-5g9f-cwwg-4p8g", "content": "", "creation_timestamp": "2026-06-27T00:35:52.125676Z"}</description>
      <content:encoded>{"uuid": "9704d6fc-2bbd-4f50-a47a-d5ff7696baeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49358", "type": "published-proof-of-concept", "source": "https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-5g9f-cwwg-4p8g", "content": "", "creation_timestamp": "2026-06-27T00:35:52.125676Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9704d6fc-2bbd-4f50-a47a-d5ff7696baeb/export</guid>
      <pubDate>Sat, 27 Jun 2026 00:35:52 +0000</pubDate>
    </item>
    <item>
      <title>ba2a6f92-f3c9-4c59-9770-51d201613954</title>
      <link>https://vulnerability.circl.lu/sighting/ba2a6f92-f3c9-4c59-9770-51d201613954/export</link>
      <description>{"uuid": "ba2a6f92-f3c9-4c59-9770-51d201613954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49359", "type": "published-proof-of-concept", "source": "https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-x8g9-h984-pc36", "content": "", "creation_timestamp": "2026-06-27T00:35:49.647749Z"}</description>
      <content:encoded>{"uuid": "ba2a6f92-f3c9-4c59-9770-51d201613954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49359", "type": "published-proof-of-concept", "source": "https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-x8g9-h984-pc36", "content": "", "creation_timestamp": "2026-06-27T00:35:49.647749Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ba2a6f92-f3c9-4c59-9770-51d201613954/export</guid>
      <pubDate>Sat, 27 Jun 2026 00:35:49 +0000</pubDate>
    </item>
    <item>
      <title>2eb81710-ac68-4037-8a30-b81756d2f9cd</title>
      <link>https://vulnerability.circl.lu/sighting/2eb81710-ac68-4037-8a30-b81756d2f9cd/export</link>
      <description>{"uuid": "2eb81710-ac68-4037-8a30-b81756d2f9cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49359", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mp7ykmyves2b", "content": "A PDF feature can be turned into a window into your servers.\n\nphp-weasyprint (1.2M+ installs) fetched attacker-controlled URLs server-side. Cloud metadata and local files were both in reach.\n\nRun it? Upgrade to 2.6.0. (CVE-2026-49359)", "creation_timestamp": "2026-06-26T22:28:37.797194Z"}</description>
      <content:encoded>{"uuid": "2eb81710-ac68-4037-8a30-b81756d2f9cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49359", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mp7ykmyves2b", "content": "A PDF feature can be turned into a window into your servers.\n\nphp-weasyprint (1.2M+ installs) fetched attacker-controlled URLs server-side. Cloud metadata and local files were both in reach.\n\nRun it? Upgrade to 2.6.0. (CVE-2026-49359)", "creation_timestamp": "2026-06-26T22:28:37.797194Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2eb81710-ac68-4037-8a30-b81756d2f9cd/export</guid>
      <pubDate>Fri, 26 Jun 2026 22:28:37 +0000</pubDate>
    </item>
    <item>
      <title>501dbaca-4266-40c3-a491-f048a428b814</title>
      <link>https://vulnerability.circl.lu/sighting/501dbaca-4266-40c3-a491-f048a428b814/export</link>
      <description>{"uuid": "501dbaca-4266-40c3-a491-f048a428b814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4935", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlgzvfsudp2q", "content": "\ud83d\udfe0 CVE-2026-4935 - High (8.6)\n\nThe OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sani...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-4935/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-09T20:00:25.044777Z"}</description>
      <content:encoded>{"uuid": "501dbaca-4266-40c3-a491-f048a428b814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4935", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlgzvfsudp2q", "content": "\ud83d\udfe0 CVE-2026-4935 - High (8.6)\n\nThe OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sani...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-4935/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-09T20:00:25.044777Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/501dbaca-4266-40c3-a491-f048a428b814/export</guid>
      <pubDate>Sat, 09 May 2026 20:00:25 +0000</pubDate>
    </item>
    <item>
      <title>5f007f29-b3d2-4e23-96c4-138129bc9b54</title>
      <link>https://vulnerability.circl.lu/sighting/5f007f29-b3d2-4e23-96c4-138129bc9b54/export</link>
      <description>{"uuid": "5f007f29-b3d2-4e23-96c4-138129bc9b54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4935", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlddm66jny2k", "content": "CVE-2026-4935 - SureTriggers\nCVE ID : CVE-2026-4935\n \n Published : May 8, 2026, 7:16 a.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statemen...", "creation_timestamp": "2026-05-08T08:43:32.510497Z"}</description>
      <content:encoded>{"uuid": "5f007f29-b3d2-4e23-96c4-138129bc9b54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4935", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlddm66jny2k", "content": "CVE-2026-4935 - SureTriggers\nCVE ID : CVE-2026-4935\n \n Published : May 8, 2026, 7:16 a.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statemen...", "creation_timestamp": "2026-05-08T08:43:32.510497Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5f007f29-b3d2-4e23-96c4-138129bc9b54/export</guid>
      <pubDate>Fri, 08 May 2026 08:43:32 +0000</pubDate>
    </item>
  </channel>
</rss>
