<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 11 Jul 2026 19:05:33 +0000</lastBuildDate>
    <item>
      <title>646601be-33eb-4328-badc-aae997ed6dbf</title>
      <link>https://vulnerability.circl.lu/sighting/646601be-33eb-4328-badc-aae997ed6dbf/export</link>
      <description>{"uuid": "646601be-33eb-4328-badc-aae997ed6dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58174", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnei2e2a52k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58174 \u0432 Hermes WebUI: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/21857AA1-2B64-4265-8B64-8D977B904A3A", "creation_timestamp": "2026-07-02T06:06:31.772067Z"}</description>
      <content:encoded>{"uuid": "646601be-33eb-4328-badc-aae997ed6dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58174", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnei2e2a52k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58174 \u0432 Hermes WebUI: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/21857AA1-2B64-4265-8B64-8D977B904A3A", "creation_timestamp": "2026-07-02T06:06:31.772067Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/646601be-33eb-4328-badc-aae997ed6dbf/export</guid>
      <pubDate>Thu, 02 Jul 2026 06:06:31 +0000</pubDate>
    </item>
    <item>
      <title>a0defd4f-bf95-465a-a13a-d62bc569a533</title>
      <link>https://vulnerability.circl.lu/sighting/a0defd4f-bf95-465a-a13a-d62bc569a533/export</link>
      <description>{"uuid": "a0defd4f-bf95-465a-a13a-d62bc569a533", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58170", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpne2eai7z2m", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58170 \u0432 Vibe-Trading: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D108DB9F-B230-4BF8-AFB7-8C47416BA31E", "creation_timestamp": "2026-07-02T05:58:52.399011Z"}</description>
      <content:encoded>{"uuid": "a0defd4f-bf95-465a-a13a-d62bc569a533", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58170", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpne2eai7z2m", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58170 \u0432 Vibe-Trading: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D108DB9F-B230-4BF8-AFB7-8C47416BA31E", "creation_timestamp": "2026-07-02T05:58:52.399011Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a0defd4f-bf95-465a-a13a-d62bc569a533/export</guid>
      <pubDate>Thu, 02 Jul 2026 05:58:52 +0000</pubDate>
    </item>
    <item>
      <title>5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881</title>
      <link>https://vulnerability.circl.lu/sighting/5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881/export</link>
      <description>{"uuid": "5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58171", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpndtlgxfx26", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58171 \u0432 Vibe-Trading: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/5FC78C91-FE38-49B5-A89D-D13044CF2710", "creation_timestamp": "2026-07-02T05:55:05.120569Z"}</description>
      <content:encoded>{"uuid": "5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58171", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpndtlgxfx26", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-58171 \u0432 Vibe-Trading: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/5FC78C91-FE38-49B5-A89D-D13044CF2710", "creation_timestamp": "2026-07-02T05:55:05.120569Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5b5cacb8-a0cf-4a5c-a1b6-6fa62ffb5881/export</guid>
      <pubDate>Thu, 02 Jul 2026 05:55:05 +0000</pubDate>
    </item>
    <item>
      <title>32952501-6e3b-4775-b87c-fc115cb2c530</title>
      <link>https://vulnerability.circl.lu/sighting/32952501-6e3b-4775-b87c-fc115cb2c530/export</link>
      <description>{"uuid": "32952501-6e3b-4775-b87c-fc115cb2c530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58172", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpk4daew322l", "content": "CVE-2026-58172 - Critical security bypass in Ocelot \u226424.1.0. Denied clients exploit WebSocket upgrades to bypass IP restrictions, reaching downstream services. CVSS 9.1. No patch available; apply commit f156fd4 or restrict WebSocket access....\n\nhttps://www.valtersit.com/cve/CVE-2026-58172/", "creation_timestamp": "2026-06-30T23:02:41.412840Z"}</description>
      <content:encoded>{"uuid": "32952501-6e3b-4775-b87c-fc115cb2c530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58172", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpk4daew322l", "content": "CVE-2026-58172 - Critical security bypass in Ocelot \u226424.1.0. Denied clients exploit WebSocket upgrades to bypass IP restrictions, reaching downstream services. CVSS 9.1. No patch available; apply commit f156fd4 or restrict WebSocket access....\n\nhttps://www.valtersit.com/cve/CVE-2026-58172/", "creation_timestamp": "2026-06-30T23:02:41.412840Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/32952501-6e3b-4775-b87c-fc115cb2c530/export</guid>
      <pubDate>Tue, 30 Jun 2026 23:02:41 +0000</pubDate>
    </item>
    <item>
      <title>9896f158-57bc-4c99-8ec5-8e6f7b3745c0</title>
      <link>https://vulnerability.circl.lu/sighting/9896f158-57bc-4c99-8ec5-8e6f7b3745c0/export</link>
      <description>{"uuid": "9896f158-57bc-4c99-8ec5-8e6f7b3745c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58172", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjob4rvau2u", "content": "CVE-2026-58172 - Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests\nCVE ID : CVE-2026-58172\n \n Published : June 30, 2026, 3:54 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vuln...", "creation_timestamp": "2026-06-30T18:50:58.071448Z"}</description>
      <content:encoded>{"uuid": "9896f158-57bc-4c99-8ec5-8e6f7b3745c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58172", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjob4rvau2u", "content": "CVE-2026-58172 - Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests\nCVE ID : CVE-2026-58172\n \n Published : June 30, 2026, 3:54 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vuln...", "creation_timestamp": "2026-06-30T18:50:58.071448Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9896f158-57bc-4c99-8ec5-8e6f7b3745c0/export</guid>
      <pubDate>Tue, 30 Jun 2026 18:50:58 +0000</pubDate>
    </item>
    <item>
      <title>1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b</title>
      <link>https://vulnerability.circl.lu/sighting/1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b/export</link>
      <description>{"uuid": "1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58173", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjny6diht2p", "content": "CVE-2026-58173 - Vibe-Trading\nCVE ID : CVE-2026-58173\n \n Published : June 30, 2026, 3:55 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root dire...", "creation_timestamp": "2026-06-30T18:45:57.644244Z"}</description>
      <content:encoded>{"uuid": "1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58173", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjny6diht2p", "content": "CVE-2026-58173 - Vibe-Trading\nCVE ID : CVE-2026-58173\n \n Published : June 30, 2026, 3:55 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root dire...", "creation_timestamp": "2026-06-30T18:45:57.644244Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1cdf066a-f0af-40d3-a2de-08e7ee6ccc6b/export</guid>
      <pubDate>Tue, 30 Jun 2026 18:45:57 +0000</pubDate>
    </item>
    <item>
      <title>11d29c5b-c860-4ecb-af38-f9628a09d71f</title>
      <link>https://vulnerability.circl.lu/sighting/11d29c5b-c860-4ecb-af38-f9628a09d71f/export</link>
      <description>{"uuid": "11d29c5b-c860-4ecb-af38-f9628a09d71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58170", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjmmnwag72v", "content": "CVE-2026-58170 - Vibe-Trading\nCVE ID : CVE-2026-58170\n \n Published : June 30, 2026, 3:53 p.m. | 1\u00a0hour, 53\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory...", "creation_timestamp": "2026-06-30T18:21:37.650493Z"}</description>
      <content:encoded>{"uuid": "11d29c5b-c860-4ecb-af38-f9628a09d71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58170", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjmmnwag72v", "content": "CVE-2026-58170 - Vibe-Trading\nCVE ID : CVE-2026-58170\n \n Published : June 30, 2026, 3:53 p.m. | 1\u00a0hour, 53\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory...", "creation_timestamp": "2026-06-30T18:21:37.650493Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/11d29c5b-c860-4ecb-af38-f9628a09d71f/export</guid>
      <pubDate>Tue, 30 Jun 2026 18:21:37 +0000</pubDate>
    </item>
    <item>
      <title>182eb997-aebf-483e-a83d-d781b052400d</title>
      <link>https://vulnerability.circl.lu/sighting/182eb997-aebf-483e-a83d-d781b052400d/export</link>
      <description>{"uuid": "182eb997-aebf-483e-a83d-d781b052400d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58174", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjln3piyx2z", "content": "CVE-2026-58174 - Hermes WebUI\nCVE ID : CVE-2026-58174\n \n Published : June 30, 2026, 3:55 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object ...", "creation_timestamp": "2026-06-30T18:03:58.463690Z"}</description>
      <content:encoded>{"uuid": "182eb997-aebf-483e-a83d-d781b052400d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58174", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjln3piyx2z", "content": "CVE-2026-58174 - Hermes WebUI\nCVE ID : CVE-2026-58174\n \n Published : June 30, 2026, 3:55 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object ...", "creation_timestamp": "2026-06-30T18:03:58.463690Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/182eb997-aebf-483e-a83d-d781b052400d/export</guid>
      <pubDate>Tue, 30 Jun 2026 18:03:58 +0000</pubDate>
    </item>
    <item>
      <title>983187d6-b43e-4dc2-a848-683f68ff04b7</title>
      <link>https://vulnerability.circl.lu/sighting/983187d6-b43e-4dc2-a848-683f68ff04b7/export</link>
      <description>{"uuid": "983187d6-b43e-4dc2-a848-683f68ff04b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58176", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjlccebvu23", "content": "CVE-2026-58176 - RuoYi-Vue-Plus - Missing Authorization on Workflow Task Management Endpoints\nCVE ID : CVE-2026-58176\n \n Published : June 30, 2026, 3:56 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task ...", "creation_timestamp": "2026-06-30T17:57:56.292941Z"}</description>
      <content:encoded>{"uuid": "983187d6-b43e-4dc2-a848-683f68ff04b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58176", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjlccebvu23", "content": "CVE-2026-58176 - RuoYi-Vue-Plus - Missing Authorization on Workflow Task Management Endpoints\nCVE ID : CVE-2026-58176\n \n Published : June 30, 2026, 3:56 p.m. | 1\u00a0hour, 50\u00a0minutes ago\n \n Description : RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task ...", "creation_timestamp": "2026-06-30T17:57:56.292941Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/983187d6-b43e-4dc2-a848-683f68ff04b7/export</guid>
      <pubDate>Tue, 30 Jun 2026 17:57:56 +0000</pubDate>
    </item>
    <item>
      <title>d040322c-9962-46f4-9019-4156d2c55b2b</title>
      <link>https://vulnerability.circl.lu/sighting/d040322c-9962-46f4-9019-4156d2c55b2b/export</link>
      <description>{"uuid": "d040322c-9962-46f4-9019-4156d2c55b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58171", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjkzcp3tf2u", "content": "CVE-2026-58171 - Vibe-Trading\nCVE ID : CVE-2026-58171\n \n Published : June 30, 2026, 3:54 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory withou...", "creation_timestamp": "2026-06-30T17:52:54.540048Z"}</description>
      <content:encoded>{"uuid": "d040322c-9962-46f4-9019-4156d2c55b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58171", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpjkzcp3tf2u", "content": "CVE-2026-58171 - Vibe-Trading\nCVE ID : CVE-2026-58171\n \n Published : June 30, 2026, 3:54 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory withou...", "creation_timestamp": "2026-06-30T17:52:54.540048Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d040322c-9962-46f4-9019-4156d2c55b2b/export</guid>
      <pubDate>Tue, 30 Jun 2026 17:52:54 +0000</pubDate>
    </item>
  </channel>
</rss>
