<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Tue, 14 Jul 2026 05:11:44 +0000</lastBuildDate>
    <item>
      <title>cd245aca-df4b-48be-871c-5815b0b9c874</title>
      <link>https://vulnerability.circl.lu/sighting/cd245aca-df4b-48be-871c-5815b0b9c874/export</link>
      <description>{"uuid": "cd245aca-df4b-48be-871c-5815b0b9c874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92820", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-54390\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-10 10:56:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-54390 \u2014 JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:07.360864Z"}</description>
      <content:encoded>{"uuid": "cd245aca-df4b-48be-871c-5815b0b9c874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92820", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-54390\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-10 10:56:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-54390 \u2014 JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:07.360864Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cd245aca-df4b-48be-871c-5815b0b9c874/export</guid>
      <pubDate>Tue, 14 Jul 2026 00:00:07 +0000</pubDate>
    </item>
    <item>
      <title>b8d9ebda-6f17-43ea-ab6e-8015b8034578</title>
      <link>https://vulnerability.circl.lu/sighting/b8d9ebda-6f17-43ea-ab6e-8015b8034578/export</link>
      <description>{"uuid": "b8d9ebda-6f17-43ea-ab6e-8015b8034578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://t.me/GithubRedTeam/92820", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-54390\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-10 10:56:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-54390 \u2014 JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:05.547070Z"}</description>
      <content:encoded>{"uuid": "b8d9ebda-6f17-43ea-ab6e-8015b8034578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://t.me/GithubRedTeam/92820", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-54390\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-10 10:56:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-54390 \u2014 JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:05.547070Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b8d9ebda-6f17-43ea-ab6e-8015b8034578/export</guid>
      <pubDate>Mon, 13 Jul 2026 22:00:05 +0000</pubDate>
    </item>
    <item>
      <title>b2297756-df3b-49fe-8507-bffaca9eacf1</title>
      <link>https://vulnerability.circl.lu/sighting/b2297756-df3b-49fe-8507-bffaca9eacf1/export</link>
      <description>{"uuid": "b2297756-df3b-49fe-8507-bffaca9eacf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpogcpwcqq2e", "content": "Apache HttpComponents Core vulnerabilities CVE-2026-54399 and CVE-2026-54428 allow remote denial of service through memory exhaustion. Upgrade now.\n\n#Apache #HttpComponents #DoS #CVE202654399 #CyberSecurity", "creation_timestamp": "2026-07-02T16:12:01.271217Z"}</description>
      <content:encoded>{"uuid": "b2297756-df3b-49fe-8507-bffaca9eacf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpogcpwcqq2e", "content": "Apache HttpComponents Core vulnerabilities CVE-2026-54399 and CVE-2026-54428 allow remote denial of service through memory exhaustion. Upgrade now.\n\n#Apache #HttpComponents #DoS #CVE202654399 #CyberSecurity", "creation_timestamp": "2026-07-02T16:12:01.271217Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b2297756-df3b-49fe-8507-bffaca9eacf1/export</guid>
      <pubDate>Thu, 02 Jul 2026 16:12:01 +0000</pubDate>
    </item>
    <item>
      <title>c456ca4a-3e5e-4ae8-9016-ba24460bf2bd</title>
      <link>https://vulnerability.circl.lu/sighting/c456ca4a-3e5e-4ae8-9016-ba24460bf2bd/export</link>
      <description>{"uuid": "c456ca4a-3e5e-4ae8-9016-ba24460bf2bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnk37xitn2q", "content": "\u0423\u0433\u0440\u043e\u0437\u0430 CVE-2026-54399: \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0432 HTTP/1.1 \u043f\u0430\u0440\u0441\u0435\u0440\u0435\n\n\n\nhttps://kripta.biz/posts/E6DCD7CA-ABB3-41A2-873F-E362DE2F35F0", "creation_timestamp": "2026-07-02T07:46:44.035221Z"}</description>
      <content:encoded>{"uuid": "c456ca4a-3e5e-4ae8-9016-ba24460bf2bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnk37xitn2q", "content": "\u0423\u0433\u0440\u043e\u0437\u0430 CVE-2026-54399: \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0432 HTTP/1.1 \u043f\u0430\u0440\u0441\u0435\u0440\u0435\n\n\n\nhttps://kripta.biz/posts/E6DCD7CA-ABB3-41A2-873F-E362DE2F35F0", "creation_timestamp": "2026-07-02T07:46:44.035221Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c456ca4a-3e5e-4ae8-9016-ba24460bf2bd/export</guid>
      <pubDate>Thu, 02 Jul 2026 07:46:44 +0000</pubDate>
    </item>
    <item>
      <title>ae254792-02cf-4c3d-98ff-3dcfaf87120e</title>
      <link>https://vulnerability.circl.lu/sighting/ae254792-02cf-4c3d-98ff-3dcfaf87120e/export</link>
      <description>{"uuid": "ae254792-02cf-4c3d-98ff-3dcfaf87120e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn7qpaahw2r", "content": "\u0423\u0433\u0440\u043e\u0437\u0430 CVE-2026-54399: \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 HTTP/1.1 \u043f\u0430\u0440\u0441\u0435\u0440\u0435 \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/60F73004-A079-4C01-8E9D-76E33144C704", "creation_timestamp": "2026-07-02T04:41:53.390015Z"}</description>
      <content:encoded>{"uuid": "ae254792-02cf-4c3d-98ff-3dcfaf87120e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn7qpaahw2r", "content": "\u0423\u0433\u0440\u043e\u0437\u0430 CVE-2026-54399: \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 HTTP/1.1 \u043f\u0430\u0440\u0441\u0435\u0440\u0435 \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/60F73004-A079-4C01-8E9D-76E33144C704", "creation_timestamp": "2026-07-02T04:41:53.390015Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ae254792-02cf-4c3d-98ff-3dcfaf87120e/export</guid>
      <pubDate>Thu, 02 Jul 2026 04:41:53 +0000</pubDate>
    </item>
    <item>
      <title>95455b5a-5a7b-4c20-8f2e-2eeee2b0a071</title>
      <link>https://vulnerability.circl.lu/sighting/95455b5a-5a7b-4c20-8f2e-2eeee2b0a071/export</link>
      <description>{"uuid": "95455b5a-5a7b-4c20-8f2e-2eeee2b0a071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mplydnj46p2w", "content": "CVE-2026-54399: Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration", "creation_timestamp": "2026-07-01T16:56:39.629479Z"}</description>
      <content:encoded>{"uuid": "95455b5a-5a7b-4c20-8f2e-2eeee2b0a071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54399", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mplydnj46p2w", "content": "CVE-2026-54399: Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration", "creation_timestamp": "2026-07-01T16:56:39.629479Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/95455b5a-5a7b-4c20-8f2e-2eeee2b0a071/export</guid>
      <pubDate>Wed, 01 Jul 2026 16:56:39 +0000</pubDate>
    </item>
    <item>
      <title>e55413bd-c550-432b-8c13-92a0211393f6</title>
      <link>https://vulnerability.circl.lu/sighting/e55413bd-c550-432b-8c13-92a0211393f6/export</link>
      <description>{"uuid": "e55413bd-c550-432b-8c13-92a0211393f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnkhesiv2m", "content": "\ud83d\udea8  ALERT: CVE-2026-54390\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nJTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. At", "creation_timestamp": "2026-06-22T00:39:42.945026Z"}</description>
      <content:encoded>{"uuid": "e55413bd-c550-432b-8c13-92a0211393f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnkhesiv2m", "content": "\ud83d\udea8  ALERT: CVE-2026-54390\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nJTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. At", "creation_timestamp": "2026-06-22T00:39:42.945026Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e55413bd-c550-432b-8c13-92a0211393f6/export</guid>
      <pubDate>Mon, 22 Jun 2026 00:39:42 +0000</pubDate>
    </item>
    <item>
      <title>81de25ff-d0d3-49fc-ad55-e6f7401ff04a</title>
      <link>https://vulnerability.circl.lu/sighting/81de25ff-d0d3-49fc-ad55-e6f7401ff04a/export</link>
      <description>{"uuid": "81de25ff-d0d3-49fc-ad55-e6f7401ff04a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3molrr3wyz52f", "content": "CVE-2026-54390 - JTL Shop\nCVE ID : CVE-2026-54390\n \n Published : June 18, 2026, 5:33 p.m. | 3\u00a0hours, 35\u00a0minutes ago\n \n Description : JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject ma...", "creation_timestamp": "2026-06-18T21:33:43.085836Z"}</description>
      <content:encoded>{"uuid": "81de25ff-d0d3-49fc-ad55-e6f7401ff04a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54390", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3molrr3wyz52f", "content": "CVE-2026-54390 - JTL Shop\nCVE ID : CVE-2026-54390\n \n Published : June 18, 2026, 5:33 p.m. | 3\u00a0hours, 35\u00a0minutes ago\n \n Description : JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject ma...", "creation_timestamp": "2026-06-18T21:33:43.085836Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/81de25ff-d0d3-49fc-ad55-e6f7401ff04a/export</guid>
      <pubDate>Thu, 18 Jun 2026 21:33:43 +0000</pubDate>
    </item>
    <item>
      <title>3beb0c21-6e0e-4f1d-94fe-0a72cdd71645</title>
      <link>https://vulnerability.circl.lu/sighting/3beb0c21-6e0e-4f1d-94fe-0a72cdd71645/export</link>
      <description>{"uuid": "3beb0c21-6e0e-4f1d-94fe-0a72cdd71645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54390", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116772530635095713", "content": "CRITICAL: CVE-2026-54390 in JTL Shop (5.2.0 \u2013 5.7.1) enables unauthenticated template injection. Attackers can extract secrets; RCE possible in 5.4.0+. No patch yet \u2014 restrict access &amp;amp; monitor logs. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #infosec #websecurity", "creation_timestamp": "2026-06-18T18:30:17.105039Z"}</description>
      <content:encoded>{"uuid": "3beb0c21-6e0e-4f1d-94fe-0a72cdd71645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54390", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116772530635095713", "content": "CRITICAL: CVE-2026-54390 in JTL Shop (5.2.0 \u2013 5.7.1) enables unauthenticated template injection. Attackers can extract secrets; RCE possible in 5.4.0+. No patch yet \u2014 restrict access &amp;amp; monitor logs. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #infosec #websecurity", "creation_timestamp": "2026-06-18T18:30:17.105039Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3beb0c21-6e0e-4f1d-94fe-0a72cdd71645/export</guid>
      <pubDate>Thu, 18 Jun 2026 18:30:17 +0000</pubDate>
    </item>
    <item>
      <title>29a61683-cd36-4ea8-9c07-e180fb539fc1</title>
      <link>https://vulnerability.circl.lu/sighting/29a61683-cd36-4ea8-9c07-e180fb539fc1/export</link>
      <description>{"uuid": "29a61683-cd36-4ea8-9c07-e180fb539fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54390", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3molhj2cqpl2v", "content": "CVE-2026-54390: CRITICAL template injection in JTL Shop 5.2.0 \u2013 5.7.1 lets attackers access secrets &amp;amp; achieve RCE. No patch \u2014 restrict access &amp;amp; monitor for abuse. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #websecurity", "creation_timestamp": "2026-06-18T18:30:15.890123Z"}</description>
      <content:encoded>{"uuid": "29a61683-cd36-4ea8-9c07-e180fb539fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54390", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3molhj2cqpl2v", "content": "CVE-2026-54390: CRITICAL template injection in JTL Shop 5.2.0 \u2013 5.7.1 lets attackers access secrets &amp;amp; achieve RCE. No patch \u2014 restrict access &amp;amp; monitor for abuse. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #websecurity", "creation_timestamp": "2026-06-18T18:30:15.890123Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/29a61683-cd36-4ea8-9c07-e180fb539fc1/export</guid>
      <pubDate>Thu, 18 Jun 2026 18:30:15 +0000</pubDate>
    </item>
  </channel>
</rss>
