<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 11 Jul 2026 15:04:20 +0000</lastBuildDate>
    <item>
      <title>dafaea23-9638-4a38-b0a6-a1890dfd066b</title>
      <link>https://vulnerability.circl.lu/sighting/dafaea23-9638-4a38-b0a6-a1890dfd066b/export</link>
      <description>{"uuid": "dafaea23-9638-4a38-b0a6-a1890dfd066b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54130", "type": "seen", "source": "https://bsky.app/profile/ebibibibibibi.bsky.social/post/3mprst7ebel2r", "content": "270\u6587\u5b57\u3067280\u6587\u5b57\u4ee5\u5185\u306b\u53ce\u307e\u308a\u307e\u3057\u305f\u3002\n\nCopilot\u306b\u3001\u30ed\u30b0\u30a4\u30f3\u4e0d\u8981\u3067\u60c5\u5831\u3092\u76d7\u307f\u898b\u3089\u308c\u308b\u8106\u5f31\u6027CVE-2026-54130\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\ud83d\udce7\n\nMicrosoft\u5074\u306f\u5373\u4fee\u6b63\u6e08\u307f\u3002\u3067\u3082\u300c\u76f4\u3063\u305f\u304b\u3089\u7d42\u308f\u308a\u300d\u3067\u306f\u306a\u304f\u3001\u4f01\u696d\u5074\u306e\u30c7\u30fc\u30bf\u30ac\u30d0\u30ca\u30f3\u30b9\u3068\u3044\u3046\u5bbf\u984c\u306f\u6b8b\u3063\u3066\u3044\u307e\u3059\u3002\n\n\u8a73\u3057\u304f\u306f\u3053\u3061\u3089\ud83d\udc47\n\nhttps://www.ebisuda.net/tech/2026/07/04/microsoft-365-copilotcve-2026-54130-microsoft-365-copilot-cve-2026-54130-nothing/\n\n#TechNews #Microsoft365", "creation_timestamp": "2026-07-04T00:33:57.720096Z"}</description>
      <content:encoded>{"uuid": "dafaea23-9638-4a38-b0a6-a1890dfd066b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54130", "type": "seen", "source": "https://bsky.app/profile/ebibibibibibi.bsky.social/post/3mprst7ebel2r", "content": "270\u6587\u5b57\u3067280\u6587\u5b57\u4ee5\u5185\u306b\u53ce\u307e\u308a\u307e\u3057\u305f\u3002\n\nCopilot\u306b\u3001\u30ed\u30b0\u30a4\u30f3\u4e0d\u8981\u3067\u60c5\u5831\u3092\u76d7\u307f\u898b\u3089\u308c\u308b\u8106\u5f31\u6027CVE-2026-54130\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\ud83d\udce7\n\nMicrosoft\u5074\u306f\u5373\u4fee\u6b63\u6e08\u307f\u3002\u3067\u3082\u300c\u76f4\u3063\u305f\u304b\u3089\u7d42\u308f\u308a\u300d\u3067\u306f\u306a\u304f\u3001\u4f01\u696d\u5074\u306e\u30c7\u30fc\u30bf\u30ac\u30d0\u30ca\u30f3\u30b9\u3068\u3044\u3046\u5bbf\u984c\u306f\u6b8b\u3063\u3066\u3044\u307e\u3059\u3002\n\n\u8a73\u3057\u304f\u306f\u3053\u3061\u3089\ud83d\udc47\n\nhttps://www.ebisuda.net/tech/2026/07/04/microsoft-365-copilotcve-2026-54130-microsoft-365-copilot-cve-2026-54130-nothing/\n\n#TechNews #Microsoft365", "creation_timestamp": "2026-07-04T00:33:57.720096Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/dafaea23-9638-4a38-b0a6-a1890dfd066b/export</guid>
      <pubDate>Sat, 04 Jul 2026 00:33:57 +0000</pubDate>
    </item>
    <item>
      <title>b1a0fcd4-12fa-458f-a7ed-a616918db100</title>
      <link>https://vulnerability.circl.lu/sighting/b1a0fcd4-12fa-458f-a7ed-a616918db100/export</link>
      <description>{"uuid": "b1a0fcd4-12fa-458f-a7ed-a616918db100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/53380720a9a5b4c843cae16f7ca2b475", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *Add migrations to generate shipment\\_return number sequences* [\\#7615](https://github.com/Wishibam/Marketplace-api/pull/7615)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n    - *fix(media): remove rawurlencode on filename and throw on ImageKit resize failure* [\\#7622](https://github.com/Wishibam/Marketplace-api/pull/7622)\n    - *fix(slug-listener): exclude current Attribute from uniqueness check on preUpdate* [\\#7624](https://github.com/Wishibam/Marketplace-api/pull/7624)\n    - *chore(deps): bump guzzlehttp/guzzle from 7.12.3 to 7.13.1 in /api* [\\#7637](https://github.com/Wishibam/Marketplace-api/pull/7637)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)\n    - *:bug: fix: apply organization VAT tax\\_id on Sellsy invoice lines* [\\#7627](https://github.com/Wishibam/Marketplace-api/pull/7627)\n    - *:bug: fix: set Sellsy invoice date to the billed period end* [\\#7639](https://github.com/Wishibam/Marketplace-api/pull/7639)", "creation_timestamp": "2026-07-02T12:54:52.420785Z"}</description>
      <content:encoded>{"uuid": "b1a0fcd4-12fa-458f-a7ed-a616918db100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/53380720a9a5b4c843cae16f7ca2b475", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *Add migrations to generate shipment\\_return number sequences* [\\#7615](https://github.com/Wishibam/Marketplace-api/pull/7615)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n    - *fix(media): remove rawurlencode on filename and throw on ImageKit resize failure* [\\#7622](https://github.com/Wishibam/Marketplace-api/pull/7622)\n    - *fix(slug-listener): exclude current Attribute from uniqueness check on preUpdate* [\\#7624](https://github.com/Wishibam/Marketplace-api/pull/7624)\n    - *chore(deps): bump guzzlehttp/guzzle from 7.12.3 to 7.13.1 in /api* [\\#7637](https://github.com/Wishibam/Marketplace-api/pull/7637)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)\n    - *:bug: fix: apply organization VAT tax\\_id on Sellsy invoice lines* [\\#7627](https://github.com/Wishibam/Marketplace-api/pull/7627)\n    - *:bug: fix: set Sellsy invoice date to the billed period end* [\\#7639](https://github.com/Wishibam/Marketplace-api/pull/7639)", "creation_timestamp": "2026-07-02T12:54:52.420785Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b1a0fcd4-12fa-458f-a7ed-a616918db100/export</guid>
      <pubDate>Thu, 02 Jul 2026 12:54:52 +0000</pubDate>
    </item>
    <item>
      <title>94ae2405-a0b5-438c-a726-8b029f4d3041</title>
      <link>https://vulnerability.circl.lu/sighting/94ae2405-a0b5-438c-a726-8b029f4d3041/export</link>
      <description>{"uuid": "94ae2405-a0b5-438c-a726-8b029f4d3041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/5034ea73a772721f570eac9600f8146e", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *Add migrations to generate shipment\\_return number sequences* [\\#7615](https://github.com/Wishibam/Marketplace-api/pull/7615)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n    - *chore(deps): bump guzzlehttp/guzzle from 7.12.3 to 7.13.1 in /api* [\\#7637](https://github.com/Wishibam/Marketplace-api/pull/7637)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)\n    - *:bug: fix: apply organization VAT tax\\_id on Sellsy invoice lines* [\\#7627](https://github.com/Wishibam/Marketplace-api/pull/7627)\n    - *:bug: fix: set Sellsy invoice date to the billed period end* [\\#7639](https://github.com/Wishibam/Marketplace-api/pull/7639)", "creation_timestamp": "2026-07-02T10:12:17.069657Z"}</description>
      <content:encoded>{"uuid": "94ae2405-a0b5-438c-a726-8b029f4d3041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/5034ea73a772721f570eac9600f8146e", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *Add migrations to generate shipment\\_return number sequences* [\\#7615](https://github.com/Wishibam/Marketplace-api/pull/7615)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n    - *chore(deps): bump guzzlehttp/guzzle from 7.12.3 to 7.13.1 in /api* [\\#7637](https://github.com/Wishibam/Marketplace-api/pull/7637)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)\n    - *:bug: fix: apply organization VAT tax\\_id on Sellsy invoice lines* [\\#7627](https://github.com/Wishibam/Marketplace-api/pull/7627)\n    - *:bug: fix: set Sellsy invoice date to the billed period end* [\\#7639](https://github.com/Wishibam/Marketplace-api/pull/7639)", "creation_timestamp": "2026-07-02T10:12:17.069657Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/94ae2405-a0b5-438c-a726-8b029f4d3041/export</guid>
      <pubDate>Thu, 02 Jul 2026 10:12:17 +0000</pubDate>
    </item>
    <item>
      <title>d2714fe3-1a7a-4ca2-a953-ff14edf48093</title>
      <link>https://vulnerability.circl.lu/sighting/d2714fe3-1a7a-4ca2-a953-ff14edf48093/export</link>
      <description>{"uuid": "d2714fe3-1a7a-4ca2-a953-ff14edf48093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/f183cf76d6d8f91c2f7a1e84274c6ff7", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *Add migrations to generate shipment\\_return number sequences* [\\#7615](https://github.com/Wishibam/Marketplace-api/pull/7615)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n    - *:bug: fix: apply organization VAT tax\\_id on Sellsy invoice lines* [\\#7627](https://github.com/Wishibam/Marketplace-api/pull/7627)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)", "creation_timestamp": "2026-07-01T09:25:18.828047Z"}</description>
      <content:encoded>{"uuid": "d2714fe3-1a7a-4ca2-a953-ff14edf48093", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/f183cf76d6d8f91c2f7a1e84274c6ff7", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *Add migrations to generate shipment\\_return number sequences* [\\#7615](https://github.com/Wishibam/Marketplace-api/pull/7615)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n    - *:bug: fix: apply organization VAT tax\\_id on Sellsy invoice lines* [\\#7627](https://github.com/Wishibam/Marketplace-api/pull/7627)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)", "creation_timestamp": "2026-07-01T09:25:18.828047Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d2714fe3-1a7a-4ca2-a953-ff14edf48093/export</guid>
      <pubDate>Wed, 01 Jul 2026 09:25:18 +0000</pubDate>
    </item>
    <item>
      <title>4d84c022-1e62-44eb-b99f-516949a39c46</title>
      <link>https://vulnerability.circl.lu/sighting/4d84c022-1e62-44eb-b99f-516949a39c46/export</link>
      <description>{"uuid": "4d84c022-1e62-44eb-b99f-516949a39c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/3505b49f03364a9484362f9967ad24df", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)", "creation_timestamp": "2026-06-30T09:37:43.478407Z"}</description>
      <content:encoded>{"uuid": "4d84c022-1e62-44eb-b99f-516949a39c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/3505b49f03364a9484362f9967ad24df", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd75 Retour de test**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd75 Retour de test**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n        - *Add migrations to create missing return number sequences for each org\u2026* [\\#7614](https://github.com/Wishibam/Marketplace-api/pull/7614)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n    - *:bug: fix: normalize stripe alerting errors to avoid string offset TypeError* [\\#7616](https://github.com/Wishibam/Marketplace-api/pull/7616)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)", "creation_timestamp": "2026-06-30T09:37:43.478407Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4d84c022-1e62-44eb-b99f-516949a39c46/export</guid>
      <pubDate>Tue, 30 Jun 2026 09:37:43 +0000</pubDate>
    </item>
    <item>
      <title>d9656c58-6616-4bb6-90d4-623d8b7b19c1</title>
      <link>https://vulnerability.circl.lu/sighting/d9656c58-6616-4bb6-90d4-623d8b7b19c1/export</link>
      <description>{"uuid": "d9656c58-6616-4bb6-90d4-623d8b7b19c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/991f800e26e520fdd92f15b89fab3305", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd73Testing**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **In review WMS**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)", "creation_timestamp": "2026-06-29T13:40:54.938432Z"}</description>
      <content:encoded>{"uuid": "d9656c58-6616-4bb6-90d4-623d8b7b19c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/991f800e26e520fdd92f15b89fab3305", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83d\ude80\ud83d\ude80\ud83d\ude80A MEP**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **\ud83e\udd73Testing**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **In review WMS**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\ud83e\udd73Testing**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)\n    - *:bug: fix: send Sellsy invoice note from organization config* [\\#7610](https://github.com/Wishibam/Marketplace-api/pull/7610)\n    - *:wrench: chore: sync master security hotfixes (CVE) into develop* [\\#7612](https://github.com/Wishibam/Marketplace-api/pull/7612)", "creation_timestamp": "2026-06-29T13:40:54.938432Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d9656c58-6616-4bb6-90d4-623d8b7b19c1/export</guid>
      <pubDate>Mon, 29 Jun 2026 13:40:54 +0000</pubDate>
    </item>
    <item>
      <title>7efb06e3-e05a-4415-a7ea-d130fd86fe74</title>
      <link>https://vulnerability.circl.lu/sighting/7efb06e3-e05a-4415-a7ea-d130fd86fe74/export</link>
      <description>{"uuid": "7efb06e3-e05a-4415-a7ea-d130fd86fe74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/140f477ecbfedc8701c163345e6191b0", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83e\udd75 Retour de test**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **In review WMS**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **In review WMS**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\u2600\ufe0fIn review**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)", "creation_timestamp": "2026-06-29T08:59:50.419634Z"}</description>
      <content:encoded>{"uuid": "7efb06e3-e05a-4415-a7ea-d130fd86fe74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/140f477ecbfedc8701c163345e6191b0", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83e\udd75 Retour de test**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **In review WMS**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **In review WMS**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n    - [Multi plateforme - droit de r\u00e9tractation](https://trello.com/c/ebl3rUnS/2400-multi-plateforme-droit-de-r%C3%A9tractation) **\u2600\ufe0fIn review**\n        - *Add right of withdrawal feature* [\\#7606](https://github.com/Wishibam/Marketplace-api/pull/7606)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)\n    - *:sparkles: feat: add --no-send option to Sellsy invoice command* [\\#7608](https://github.com/Wishibam/Marketplace-api/pull/7608)", "creation_timestamp": "2026-06-29T08:59:50.419634Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7efb06e3-e05a-4415-a7ea-d130fd86fe74/export</guid>
      <pubDate>Mon, 29 Jun 2026 08:59:50 +0000</pubDate>
    </item>
    <item>
      <title>506ab6b4-62c5-4ec4-82b4-25e674d6ec09</title>
      <link>https://vulnerability.circl.lu/sighting/506ab6b4-62c5-4ec4-82b4-25e674d6ec09/export</link>
      <description>{"uuid": "506ab6b4-62c5-4ec4-82b4-25e674d6ec09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/36138528b5a097ea980b0a2aa2e6ffa4", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83e\udd75 Retour de test**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **In review WMS**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\udc8e\ud83d\udc8e\ud83d\udc8edoing**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)", "creation_timestamp": "2026-06-29T07:39:40.820031Z"}</description>
      <content:encoded>{"uuid": "506ab6b4-62c5-4ec4-82b4-25e674d6ec09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/36138528b5a097ea980b0a2aa2e6ffa4", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83e\udd75 Retour de test**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **In review WMS**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PACKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-packing-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83d\udc8e\ud83d\udc8e\ud83d\udc8edoing**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *:memo: docs: map PrintNode accounts per env and organization* [\\#7573](https://github.com/Wishibam/Marketplace-api/pull/7573)\n    - *:memo: docs: define \"done\" for dev tasks as green PR awaiting review* [\\#7574](https://github.com/Wishibam/Marketplace-api/pull/7574)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)", "creation_timestamp": "2026-06-29T07:39:40.820031Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/506ab6b4-62c5-4ec4-82b4-25e674d6ec09/export</guid>
      <pubDate>Mon, 29 Jun 2026 07:39:40 +0000</pubDate>
    </item>
    <item>
      <title>6249c60e-6118-41c0-8af0-1fb988fa641c</title>
      <link>https://vulnerability.circl.lu/sighting/6249c60e-6118-41c0-8af0-1fb988fa641c/export</link>
      <description>{"uuid": "6249c60e-6118-41c0-8af0-1fb988fa641c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/13052ec311abbd912fac9e5e2408f762", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83e\udd73Testing**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **In review WMS**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PICKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-picking-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83e\udd75 Retour de test**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)", "creation_timestamp": "2026-06-26T14:56:19.120005Z"}</description>
      <content:encoded>{"uuid": "6249c60e-6118-41c0-8af0-1fb988fa641c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/13052ec311abbd912fac9e5e2408f762", "content": "## \ud83d\udd17 Companion release\n\nThis release ships alongside the **Marketplace-client (frontend)** release PR:\n\n- https://github.com/Wishibam/Marketplace-client/pull/4137\n\n- **Trello**\n    - [Refonte Dashboard Marchand / ORGA](https://trello.com/c/5VPUOd2a/2366-refonte-dashboard-marchand-orga) **\ud83e\udd73Testing**\n        - *fix(dashboard): v2 ter* [\\#7583](https://github.com/Wishibam/Marketplace-api/pull/7583)\n        - *fix(dashboard): fix retailer filter param, enrich stock export and deprecate getSize/getColor* [\\#7602](https://github.com/Wishibam/Marketplace-api/pull/7602)\n    - [\ud83d\uded2\ud83d\udd0e Tri \u2014 passer en vue filtr\u00e9e par marchand (Marchand &amp;gt; Liste produit &amp;gt; D\u00e9tail produit)](https://trello.com/c/QtKdZOeE/2444-%F0%9F%9B%92%F0%9F%94%8E-tri-passer-en-vue-filtr%C3%A9e-par-marchand-marchand-liste-produit-d%C3%A9tail-produit) **In review WMS**\n        - *fix(wms): sorting retailer list* [\\#7588](https://github.com/Wishibam/Marketplace-api/pull/7588)\n    - [\ud83d\udd0d WMS - PICKING - Recherche au-del\u00e0 de la limite des 30 commandes](https://trello.com/c/cw1UsrG7/2427-%F0%9F%94%8D-wms-picking-recherche-au-del%C3%A0-de-la-limite-des-30-commandes) **\ud83e\udd75 Retour de test**\n        - *:sparkles: Add new search options for packing view* [\\#7589](https://github.com/Wishibam/Marketplace-api/pull/7589)\n    - [Traitement Cloudinary de la premi\u00e8re image de variation](https://trello.com/c/YuiI3bne/2449-traitement-cloudinary-de-la-premi%C3%A8re-image-de-variation) **\ud83c\udf89 Reviewed pas Merg\u00e9**\n        - *:sparkles: feat: process first variation image via Cloudinary preset* [\\#7592](https://github.com/Wishibam/Marketplace-api/pull/7592)\n    - [\ud83d\udce6\u2611\ufe0f WMS \u2014 Tri des colis : d\u00e9p\u00f4t de masse pour l'exp\u00e9dition (syst\u00e8me de coches)](https://trello.com/c/oMuGHbGB/2429-%F0%9F%93%A6%E2%98%91%EF%B8%8F-wms-tri-des-colis-d%C3%A9p%C3%B4t-de-masse-pour-lexp%C3%A9dition-syst%C3%A8me-de-coches) **\ud83e\udd73Testing**\n        - *:sparkles: WMS rework massTransfer on TriShipping* [\\#7593](https://github.com/Wishibam/Marketplace-api/pull/7593)\n \n- **Misc**\n    - *:sparkles: feat: store waybills on Scaleway buckets* [\\#7571](https://github.com/Wishibam/Marketplace-api/pull/7571)\n    - *Fix again issues with invoice table* [\\#7577](https://github.com/Wishibam/Marketplace-api/pull/7577)\n    - *:bug: fix: truncate over-long category names before persist* [\\#7578](https://github.com/Wishibam/Marketplace-api/pull/7578)\n    - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)\n    - *chore(deps): bump phpseclib/phpseclib from 3.0.52 to 3.0.54 in /api* [\\#7580](https://github.com/Wishibam/Marketplace-api/pull/7580)\n    - *:bug: Wrong wmsItems status when LineItems are reserved hours appart* [\\#7585](https://github.com/Wishibam/Marketplace-api/pull/7585)\n    - *:arrow\\_up: deps: bump guzzlehttp/guzzle &amp;amp; psr7 (3 CVE)* [\\#7587](https://github.com/Wishibam/Marketplace-api/pull/7587)\n    - *:wrench: chore: relax composer php upper-bound for PHP 8.5 deploy* [\\#7590](https://github.com/Wishibam/Marketplace-api/pull/7590)\n    - *fix(feed): preserve newlines (\\n) in product description on import* [\\#7591](https://github.com/Wishibam/Marketplace-api/pull/7591)\n    - *:bug: fix: first-image reprocessing actually reaches the eshop* [\\#7598](https://github.com/Wishibam/Marketplace-api/pull/7598)\n    - *:bug: fix: give each processed image a unique URL so re-processing reaches the eshop* [\\#7599](https://github.com/Wishibam/Marketplace-api/pull/7599)\n    - *:zap: perf: first-image processing once per flush, off the import worker hot path* [\\#7604](https://github.com/Wishibam/Marketplace-api/pull/7604)\n \n- **D\u00e9j\u00e0 en production**\n    - *fix(media): flush before Factory call so VichUploader sets contentUrl before URL is built* [\\#7594](https://github.com/Wishibam/Marketplace-api/pull/7594)", "creation_timestamp": "2026-06-26T14:56:19.120005Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6249c60e-6118-41c0-8af0-1fb988fa641c/export</guid>
      <pubDate>Fri, 26 Jun 2026 14:56:19 +0000</pubDate>
    </item>
    <item>
      <title>3735c5fe-ee6e-42f4-b5ae-7a5c6830de67</title>
      <link>https://vulnerability.circl.lu/sighting/3735c5fe-ee6e-42f4-b5ae-7a5c6830de67/export</link>
      <description>{"uuid": "3735c5fe-ee6e-42f4-b5ae-7a5c6830de67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54130", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mp62yygivm2n", "content": "\ud83d\udccc CVE-2026-54130 - Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. https://www.cyberhub.blog/cves/CVE-2026-54130", "creation_timestamp": "2026-06-26T04:07:07.455619Z"}</description>
      <content:encoded>{"uuid": "3735c5fe-ee6e-42f4-b5ae-7a5c6830de67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54130", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mp62yygivm2n", "content": "\ud83d\udccc CVE-2026-54130 - Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. https://www.cyberhub.blog/cves/CVE-2026-54130", "creation_timestamp": "2026-06-26T04:07:07.455619Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3735c5fe-ee6e-42f4-b5ae-7a5c6830de67/export</guid>
      <pubDate>Fri, 26 Jun 2026 04:07:07 +0000</pubDate>
    </item>
  </channel>
</rss>
