https://vulnerability.circl.lu/sightings/feed 2026-05-31T20:45:08.561158+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/a9b2e4e6-6522-4db4-b1d0-7e4a819515a3/export 2026-05-31T20:45:08.923099+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a9b2e4e6-6522-4db4-b1d0-7e4a819515a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3891", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116221046168571316", "content": "", "creation_timestamp": "2026-03-13T09:00:34.937705Z"} 2026-03-13T09:00:34.937705+00:00 https://vulnerability.circl.lu/sighting/9cbca2fb-d0e2-469a-b7f8-1aa2b742ce49/export 2026-05-31T20:45:08.923017+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "9cbca2fb-d0e2-469a-b7f8-1aa2b742ce49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77374", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-3891\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a vladimirmanylobed451\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-26 15:48:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDemonstrate an unauthenticated arbitrary file upload exploit in Pix for WooCommerce plugin versions up to 1.5.0 using exposed AJAX endpoints.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-26T16:00:05.000000Z"} 2026-03-26T16:00:05+00:00 https://vulnerability.circl.lu/sighting/160a1be0-1de2-4d05-b18d-e974267b348a/export 2026-05-31T20:45:08.922937+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "160a1be0-1de2-4d05-b18d-e974267b348a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "published-proof-of-concept", "source": "Telegram/_y8q98W_wDj_9gSWJ4DtvUkEf6LNgZKpsKCz5PdNB84x25Q", "content": "", "creation_timestamp": "2026-03-27T07:00:14.000000Z"} 2026-03-27T07:00:14+00:00 https://vulnerability.circl.lu/sighting/7fcb3f06-d7b8-4ec4-a592-f58c12cac6f9/export 2026-05-31T20:45:08.922855+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7fcb3f06-d7b8-4ec4-a592-f58c12cac6f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "published-proof-of-concept", "source": "Telegram/8LISbnUQFWA86ak3ubyaCZMxs8RQbiaZ8ONexaBDd7tfzQU", "content": "", "creation_timestamp": "2026-03-27T09:00:13.000000Z"} 2026-03-27T09:00:13+00:00 https://vulnerability.circl.lu/sighting/c60a6021-8415-4da3-bd30-10cbd3d36afe/export 2026-05-31T20:45:08.922776+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c60a6021-8415-4da3-bd30-10cbd3d36afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "seen", "source": "https://bsky.app/profile/secqube.com/post/3midhax55tf2g", "content": "", "creation_timestamp": "2026-03-31T05:33:16.227032Z"} 2026-03-31T05:33:16.227032+00:00 https://vulnerability.circl.lu/sighting/48644387-3ff5-4ac3-ba4c-d25d170f8bcb/export 2026-05-31T20:45:08.922686+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "48644387-3ff5-4ac3-ba4c-d25d170f8bcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/80516", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a Mass-Scanner-CVE-2026-3891\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a AnggaTechI\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-16 06:46:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-3891 Mass Scanning\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-16T07:00:04.000000Z"} 2026-04-16T07:00:04+00:00 https://vulnerability.circl.lu/sighting/e60822dd-0153-405d-b01a-90a3f2d408a0/export 2026-05-31T20:45:08.922592+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e60822dd-0153-405d-b01a-90a3f2d408a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "seen", "source": "Telegram/yG0q3IpDztUHkWGWcBfSkFN1RblCcRFZP5pQldEwVfp_P8g", "content": "", "creation_timestamp": "2026-04-16T09:00:04.000000Z"} 2026-04-16T09:00:04+00:00 https://vulnerability.circl.lu/sighting/dea3362d-7860-4457-8ba7-c51db8f130fe/export 2026-05-31T20:45:08.922464+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "dea3362d-7860-4457-8ba7-c51db8f130fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "seen", "source": "https://t.me/htfgtps/1093", "content": "CVE-2026-3891\nThe Pix for WooCommerce plugin for\nWordPress is vulnerable to arbitrary file\nuploads due to missing capability check\nand missing file type validation in the\n'Iknpixforwoocommercec6savesettings'\nfunction in all versions up to, and including,\n1.5.0. This makes it possible for\nunauthenticated attackers to upload\narbitrary files on the affected site's server\nwhich may make remote code execution\npossible.\nGitHub Link:\nhttps://github.com/AnggaTechl/Mass-Scanner-CVE-2026-3891", "creation_timestamp": "2026-05-09T14:47:51.000000Z"} 2026-05-09T14:47:51+00:00 https://vulnerability.circl.lu/sighting/fb9f6ce7-2687-4207-9fbd-3e0323cbfd33/export 2026-05-31T20:45:08.920166+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "fb9f6ce7-2687-4207-9fbd-3e0323cbfd33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3891", "type": "seen", "source": "https://t.me/GithubRedTeam/86650", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-3891-Linux\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a willygailo\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-31 09:49:21\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u26a1 This tool exploits CVE-2026-3891, a critical unauthenticated arbitrary file upload vulnerability found in the Pix for WooCommerce WordPress plugin (versions \u2264 1.5.0).\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-31T10:00:04.000000Z"} 2026-05-31T10:00:04+00:00