<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 19 Jul 2026 04:50:55 +0000</lastBuildDate>
    <item>
      <title>6d503815-ba92-40a0-9dbc-da1c122896f4</title>
      <link>https://vulnerability.circl.lu/sighting/6d503815-ba92-40a0-9dbc-da1c122896f4/export</link>
      <description>{"uuid": "6d503815-ba92-40a0-9dbc-da1c122896f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mquxoxe52g2e", "content": "Critical CVE landed today in WireGuard:\n\nCVE-2026-63089. WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-63089", "creation_timestamp": "2026-07-18T00:04:14.641843Z"}</description>
      <content:encoded>{"uuid": "6d503815-ba92-40a0-9dbc-da1c122896f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mquxoxe52g2e", "content": "Critical CVE landed today in WireGuard:\n\nCVE-2026-63089. WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-63089", "creation_timestamp": "2026-07-18T00:04:14.641843Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6d503815-ba92-40a0-9dbc-da1c122896f4/export</guid>
      <pubDate>Sat, 18 Jul 2026 00:04:14 +0000</pubDate>
    </item>
    <item>
      <title>ee756506-6b5a-4033-9a2b-47f884873ae7</title>
      <link>https://vulnerability.circl.lu/sighting/ee756506-6b5a-4033-9a2b-47f884873ae7/export</link>
      <description>{"uuid": "ee756506-6b5a-4033-9a2b-47f884873ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3320", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Grafana OnCall \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-09904\nCVE-2026-63087\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.vulncheck.com/advisories/grafana-oncall-unauthenticated-token-hijack-via-plugin-install-endpoint", "creation_timestamp": "2026-07-18T00:00:29.489617Z"}</description>
      <content:encoded>{"uuid": "ee756506-6b5a-4033-9a2b-47f884873ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3320", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Grafana OnCall \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-09904\nCVE-2026-63087\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.vulncheck.com/advisories/grafana-oncall-unauthenticated-token-hijack-via-plugin-install-endpoint", "creation_timestamp": "2026-07-18T00:00:29.489617Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ee756506-6b5a-4033-9a2b-47f884873ae7/export</guid>
      <pubDate>Sat, 18 Jul 2026 00:00:29 +0000</pubDate>
    </item>
    <item>
      <title>83b24616-bb5e-4152-bcee-c8509e62a556</title>
      <link>https://vulnerability.circl.lu/sighting/83b24616-bb5e-4152-bcee-c8509e62a556/export</link>
      <description>{"uuid": "83b24616-bb5e-4152-bcee-c8509e62a556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3320", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Grafana OnCall \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-09904\nCVE-2026-63087\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.vulncheck.com/advisories/grafana-oncall-unauthenticated-token-hijack-via-plugin-install-endpoint", "creation_timestamp": "2026-07-17T14:00:05.991296Z"}</description>
      <content:encoded>{"uuid": "83b24616-bb5e-4152-bcee-c8509e62a556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3320", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Grafana OnCall \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\n\nBDU:2026-09904\nCVE-2026-63087\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.vulncheck.com/advisories/grafana-oncall-unauthenticated-token-hijack-via-plugin-install-endpoint", "creation_timestamp": "2026-07-17T14:00:05.991296Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/83b24616-bb5e-4152-bcee-c8509e62a556/export</guid>
      <pubDate>Fri, 17 Jul 2026 14:00:05 +0000</pubDate>
    </item>
    <item>
      <title>8304f7a7-56e1-430a-9594-a00b6fd8102b</title>
      <link>https://vulnerability.circl.lu/sighting/8304f7a7-56e1-430a-9594-a00b6fd8102b/export</link>
      <description>{"uuid": "8304f7a7-56e1-430a-9594-a00b6fd8102b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqsdq7xadj2u", "content": "CVE-2026-63089 - WireGuard Easy Weak Token Generation Information Disclosure via OTL Route\nCVE ID : CVE-2026-63089\n \n Published : July 16, 2026, 8:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographi...", "creation_timestamp": "2026-07-16T23:01:42.797335Z"}</description>
      <content:encoded>{"uuid": "8304f7a7-56e1-430a-9594-a00b6fd8102b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqsdq7xadj2u", "content": "CVE-2026-63089 - WireGuard Easy Weak Token Generation Information Disclosure via OTL Route\nCVE ID : CVE-2026-63089\n \n Published : July 16, 2026, 8:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographi...", "creation_timestamp": "2026-07-16T23:01:42.797335Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8304f7a7-56e1-430a-9594-a00b6fd8102b/export</guid>
      <pubDate>Thu, 16 Jul 2026 23:01:42 +0000</pubDate>
    </item>
    <item>
      <title>dd5d424d-47a7-4364-9e18-57d65b78b746</title>
      <link>https://vulnerability.circl.lu/sighting/dd5d424d-47a7-4364-9e18-57d65b78b746/export</link>
      <description>{"uuid": "dd5d424d-47a7-4364-9e18-57d65b78b746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrz54phnl2w", "content": "CVE-2026-63089 - wg-easy\nWireGuard Easy, a VPN software, allows attackers to guess weak tokens and gain access to VPN credentials. This vulnerability affects users who rely on WireGuard Easy for secure VPN\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wgeasy #CVE #infosec", "creation_timestamp": "2026-07-16T19:52:04.237974Z"}</description>
      <content:encoded>{"uuid": "dd5d424d-47a7-4364-9e18-57d65b78b746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63089", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrz54phnl2w", "content": "CVE-2026-63089 - wg-easy\nWireGuard Easy, a VPN software, allows attackers to guess weak tokens and gain access to VPN credentials. This vulnerability affects users who rely on WireGuard Easy for secure VPN\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wgeasy #CVE #infosec", "creation_timestamp": "2026-07-16T19:52:04.237974Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/dd5d424d-47a7-4364-9e18-57d65b78b746/export</guid>
      <pubDate>Thu, 16 Jul 2026 19:52:04 +0000</pubDate>
    </item>
    <item>
      <title>bc083d7a-65bc-4efa-b003-cf62d4c85fd7</title>
      <link>https://vulnerability.circl.lu/sighting/bc083d7a-65bc-4efa-b003-cf62d4c85fd7/export</link>
      <description>{"uuid": "bc083d7a-65bc-4efa-b003-cf62d4c85fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63088", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrxeesimu22", "content": "CVE-2026-63088 - stoatchat\nCVE ID : CVE-2026-63088\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to ...", "creation_timestamp": "2026-07-16T19:20:20.216733Z"}</description>
      <content:encoded>{"uuid": "bc083d7a-65bc-4efa-b003-cf62d4c85fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63088", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrxeesimu22", "content": "CVE-2026-63088 - stoatchat\nCVE ID : CVE-2026-63088\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : stoatchat before 0.14.0 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated network-accessible attackers to ...", "creation_timestamp": "2026-07-16T19:20:20.216733Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bc083d7a-65bc-4efa-b003-cf62d4c85fd7/export</guid>
      <pubDate>Thu, 16 Jul 2026 19:20:20 +0000</pubDate>
    </item>
    <item>
      <title>77de3884-472e-45b6-a965-4d8e1ada6fd8</title>
      <link>https://vulnerability.circl.lu/sighting/77de3884-472e-45b6-a965-4d8e1ada6fd8/export</link>
      <description>{"uuid": "77de3884-472e-45b6-a965-4d8e1ada6fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrwqns4ep22", "content": "CVE-2026-63087 - Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint\nCVE ID : CVE-2026-63087\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerab...", "creation_timestamp": "2026-07-16T19:09:18.701284Z"}</description>
      <content:encoded>{"uuid": "77de3884-472e-45b6-a965-4d8e1ada6fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrwqns4ep22", "content": "CVE-2026-63087 - Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint\nCVE ID : CVE-2026-63087\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Grafana OnCall through 1.16.11 contains an unauthenticated access vulnerab...", "creation_timestamp": "2026-07-16T19:09:18.701284Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/77de3884-472e-45b6-a965-4d8e1ada6fd8/export</guid>
      <pubDate>Thu, 16 Jul 2026 19:09:18 +0000</pubDate>
    </item>
    <item>
      <title>83c09fd7-5424-4e19-9c58-2e9ad452cdeb</title>
      <link>https://vulnerability.circl.lu/sighting/83c09fd7-5424-4e19-9c58-2e9ad452cdeb/export</link>
      <description>{"uuid": "83c09fd7-5424-4e19-9c58-2e9ad452cdeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63086", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrwhp7yyy22", "content": "CVE-2026-63086 - text-generation-inference 3.3.7 SSRF via fetch_image in multimodal chat completions\nCVE ID : CVE-2026-63086\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : text-generation-inference through 3.3.7 contains a server-side request...", "creation_timestamp": "2026-07-16T19:04:18.468906Z"}</description>
      <content:encoded>{"uuid": "83c09fd7-5424-4e19-9c58-2e9ad452cdeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63086", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrwhp7yyy22", "content": "CVE-2026-63086 - text-generation-inference 3.3.7 SSRF via fetch_image in multimodal chat completions\nCVE ID : CVE-2026-63086\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : text-generation-inference through 3.3.7 contains a server-side request...", "creation_timestamp": "2026-07-16T19:04:18.468906Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/83c09fd7-5424-4e19-9c58-2e9ad452cdeb/export</guid>
      <pubDate>Thu, 16 Jul 2026 19:04:18 +0000</pubDate>
    </item>
    <item>
      <title>1f8fdabd-af79-48de-a24f-9998c996d82c</title>
      <link>https://vulnerability.circl.lu/sighting/1f8fdabd-af79-48de-a24f-9998c996d82c/export</link>
      <description>{"uuid": "1f8fdabd-af79-48de-a24f-9998c996d82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63085", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrvo47kg32s", "content": "CVE-2026-63085 - Axelor Open Platform 8.x\nCVE ID : CVE-2026-63085\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-adm...", "creation_timestamp": "2026-07-16T18:49:59.374671Z"}</description>
      <content:encoded>{"uuid": "1f8fdabd-af79-48de-a24f-9998c996d82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63085", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrvo47kg32s", "content": "CVE-2026-63085 - Axelor Open Platform 8.x\nCVE ID : CVE-2026-63085\n \n Published : July 16, 2026, 5:16 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Axelor Open Platform versions 8.x prior to 8.2.2 contains an authorization bypass vulnerability that allows authenticated non-adm...", "creation_timestamp": "2026-07-16T18:49:59.374671Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1f8fdabd-af79-48de-a24f-9998c996d82c/export</guid>
      <pubDate>Thu, 16 Jul 2026 18:49:59 +0000</pubDate>
    </item>
    <item>
      <title>09338e0c-e913-452a-bf5f-b834ce11494d</title>
      <link>https://vulnerability.circl.lu/sighting/09338e0c-e913-452a-bf5f-b834ce11494d/export</link>
      <description>{"uuid": "09338e0c-e913-452a-bf5f-b834ce11494d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqromxze3h2c", "content": "CVE-2026-63087 - oncall\nAn attacker can access Grafana OnCall without a password by sending a specific request to the plugin install endpoint. This allows them to create new users, revoke legitimate access, and\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#oncall #CVE #infosec", "creation_timestamp": "2026-07-16T16:44:05.680111Z"}</description>
      <content:encoded>{"uuid": "09338e0c-e913-452a-bf5f-b834ce11494d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63087", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqromxze3h2c", "content": "CVE-2026-63087 - oncall\nAn attacker can access Grafana OnCall without a password by sending a specific request to the plugin install endpoint. This allows them to create new users, revoke legitimate access, and\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#oncall #CVE #infosec", "creation_timestamp": "2026-07-16T16:44:05.680111Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/09338e0c-e913-452a-bf5f-b834ce11494d/export</guid>
      <pubDate>Thu, 16 Jul 2026 16:44:05 +0000</pubDate>
    </item>
  </channel>
</rss>
