<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-08T21:53:12.071129+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e9a574fc-5527-4351-a3d5-9e83c36a7512/export</id>
    <title>e9a574fc-5527-4351-a3d5-9e83c36a7512</title>
    <updated>2026-07-08T21:53:12.096682+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e9a574fc-5527-4351-a3d5-9e83c36a7512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11856", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mpzpwrjcgc22", "content": "Critical CVE landed today in libcurl:\n\nCVE-2026-11856. Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, r\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-11856", "creation_timestamp": "2026-07-07T04:03:34.221466Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e9a574fc-5527-4351-a3d5-9e83c36a7512/export"/>
    <published>2026-07-07T04:03:34.221466+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/50df245e-ccd4-43d4-9f64-330191cd5ed2/export</id>
    <title>50df245e-ccd4-43d4-9f64-330191cd5ed2</title>
    <updated>2026-07-08T21:53:12.098143+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "50df245e-ccd4-43d4-9f64-330191cd5ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11855", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mpzcdreeve2x", "content": "CVE-2026-11855. Simple Membership before 4.7.5. Admin accounts hijacked via unvalidated Stripe webhooks. Script injection in notices. CVSS 8.8.\n\nNo patch available. Disable the plugin now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-07T00:00:17.926873Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/50df245e-ccd4-43d4-9f64-330191cd5ed2/export"/>
    <published>2026-07-07T00:00:17.926873+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/690d218e-889f-4083-811b-b69291fd38aa/export</id>
    <title>690d218e-889f-4083-811b-b69291fd38aa</title>
    <updated>2026-07-08T21:53:12.098227+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "690d218e-889f-4083-811b-b69291fd38aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11855", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpxn2h5nrc23", "content": "CVE-2026-11855 - Simple Membership\nCVE ID : CVE-2026-11855\n \n Published : July 6, 2026, 6 a.m. | 1\u00a0hour, 48\u00a0minutes ago\n \n Description : The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is co...", "creation_timestamp": "2026-07-06T08:06:36.701639Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/690d218e-889f-4083-811b-b69291fd38aa/export"/>
    <published>2026-07-06T08:06:36.701639+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/508724c2-934e-4f8f-b6fb-e99f23cdbca6/export</id>
    <title>508724c2-934e-4f8f-b6fb-e99f23cdbca6</title>
    <updated>2026-07-08T21:53:12.098293+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "508724c2-934e-4f8f-b6fb-e99f23cdbca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11856", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpriqx7mx42d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11856 \u0432 libcurl: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/51242BA7-9404-4277-9943-5274A5597234", "creation_timestamp": "2026-07-03T21:33:44.602153Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/508724c2-934e-4f8f-b6fb-e99f23cdbca6/export"/>
    <published>2026-07-03T21:33:44.602153+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/607b3d05-bf78-4a37-9ff8-a54dbb24f690/export</id>
    <title>607b3d05-bf78-4a37-9ff8-a54dbb24f690</title>
    <updated>2026-07-08T21:53:12.098356+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "607b3d05-bf78-4a37-9ff8-a54dbb24f690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11857", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moihyy3gvl2j", "content": "CVE-2026-11857 - Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalation\nCVE ID : CVE-2026-11857\n \n Published : June 17, 2026, 11:42 a.m. | 1\u00a0hour, 27\u00a0minutes ago\n \n Description : Quanos SCHEMA ST4 on-premises contain...", "creation_timestamp": "2026-06-17T14:01:10.748238Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/607b3d05-bf78-4a37-9ff8-a54dbb24f690/export"/>
    <published>2026-06-17T14:01:10.748238+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a2a8ac99-e2e9-4780-8cd0-12e61b2704e7/export</id>
    <title>a2a8ac99-e2e9-4780-8cd0-12e61b2704e7</title>
    <updated>2026-07-08T21:53:12.098423+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a2a8ac99-e2e9-4780-8cd0-12e61b2704e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11858", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moihmi6ezz2j", "content": "CVE-2026-11858 - Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM\nCVE ID : CVE-2026-11858\n \n Published : June 17, 2026, 11:50 a.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : Quanos SCHEMA ST4 on-premises contains a local...", "creation_timestamp": "2026-06-17T13:54:11.505101Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a2a8ac99-e2e9-4780-8cd0-12e61b2704e7/export"/>
    <published>2026-06-17T13:54:11.505101+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cff2b912-a184-4ec2-a24a-68ade4f5c230/export</id>
    <title>cff2b912-a184-4ec2-a24a-68ade4f5c230</title>
    <updated>2026-07-08T21:53:12.098484+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cff2b912-a184-4ec2-a24a-68ade4f5c230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11850", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3moee4eyg372o", "content": "krb5: patch CVE-2026-11850\n\nhttps://github.com/NixOS/nixpkgs/pull/531513\n\nhttps://tracker.security.nixos.org/issues/NIXPKGS-2026-1911\n\n#security", "creation_timestamp": "2026-06-15T22:40:51.239474Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cff2b912-a184-4ec2-a24a-68ade4f5c230/export"/>
    <published>2026-06-15T22:40:51.239474+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8b2541ab-db16-4cdc-b333-722181f01d04/export</id>
    <title>8b2541ab-db16-4cdc-b333-722181f01d04</title>
    <updated>2026-07-08T21:53:12.098547+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8b2541ab-db16-4cdc-b333-722181f01d04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11859", "type": "seen", "source": "https://bsky.app/profile/cybersecinsight.bsky.social/post/3mnz5ceuvon23", "content": "\ud83d\udd0d Vulnerability Spotlight | Part 2/3\n\n\u26a0\ufe0f CVE-2026-11859\n\nAn HTML injection vulnerability in the \"fetch links\" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Si...", "creation_timestamp": "2026-06-11T11:39:39.003006Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8b2541ab-db16-4cdc-b333-722181f01d04/export"/>
    <published>2026-06-11T11:39:39.003006+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4f6d8752-eb17-4cb0-997f-3984f7ebaf4e/export</id>
    <title>4f6d8752-eb17-4cb0-997f-3984f7ebaf4e</title>
    <updated>2026-07-08T21:53:12.098616+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4f6d8752-eb17-4cb0-997f-3984f7ebaf4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11853", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkznj3r72m", "content": "CVE-2026-11853 - Debusine Arbitrary File Overwrite via Path Traversal\nCVE ID : CVE-2026-11853\n \n Published : June 10, 2026, 10:16 a.m. | 22\u00a0minutes ago\n \n Description : Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian sou...", "creation_timestamp": "2026-06-10T11:07:21.255248Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4f6d8752-eb17-4cb0-997f-3984f7ebaf4e/export"/>
    <published>2026-06-10T11:07:21.255248+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e8ebe703-348e-4d7a-adaa-9a8c545c6cb3/export</id>
    <title>e8ebe703-348e-4d7a-adaa-9a8c545c6cb3</title>
    <updated>2026-07-08T21:53:12.098680+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e8ebe703-348e-4d7a-adaa-9a8c545c6cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11852", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkmx4jsw2r", "content": "CVE-2026-11852 - Debusine Artifact Relationship Management Insecure Access Control\nCVE ID : CVE-2026-11852\n \n Published : June 10, 2026, 10:16 a.m. | 22\u00a0minutes ago\n \n Description : Debusine is an integrated solution to build, distribute and maintain a Debian-based distributio...", "creation_timestamp": "2026-06-10T11:00:12.914333Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e8ebe703-348e-4d7a-adaa-9a8c545c6cb3/export"/>
    <published>2026-06-10T11:00:12.914333+00:00</published>
  </entry>
</feed>
