https://vulnerability.circl.lu/sightings/feed 2026-05-30T11:21:36.749985+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/dbf54f76-9f2f-4168-b475-b469a067e68c/export 2026-05-30T11:21:37.072163+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "dbf54f76-9f2f-4168-b475-b469a067e68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42298", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleuu5h24l2e", "content": "\ud83d\udd34 CVE-2026-42298 - Critical (10)\n\nPostiz is an AI social media scheduling tool. Prior to commit da44801, a \"Pwn Request\" vulnerabil...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42298/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T23:24:54.093009Z"} 2026-05-08T23:24:54.093009+00:00 https://vulnerability.circl.lu/sighting/e7081d68-007a-479e-9800-ae41263235c9/export 2026-05-30T11:21:37.072087+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e7081d68-007a-479e-9800-ae41263235c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42298", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlf2wfsfch2p", "content": "CVE-2026-42298 - Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev\nCVE ID : CVE-2026-42298\n \n Published : May 8, 2026, 11:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Postiz is an AI social media scheduling tool. Pr...", "creation_timestamp": "2026-05-09T01:13:31.914252Z"} 2026-05-09T01:13:31.914252+00:00 https://vulnerability.circl.lu/sighting/eed0238f-d852-424f-a744-3065fcd3b3cf/export 2026-05-30T11:21:37.071994+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "eed0238f-d852-424f-a744-3065fcd3b3cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42298", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlfavp7yjp2g", "content": "CRITICAL: gitroomhq postiz-app (< da44801) lets attackers run code & steal GITHUB_TOKEN via PRs. Patch to commit da44801 now to stay secure! https://radar.offseq.com/threat/cve-2026-42298-cwe-94-improper-control-of-generati-f33886f6 #OffSeq #CVE202642298 #DevSecOps", "creation_timestamp": "2026-05-09T03:00:31.240331Z"} 2026-05-09T03:00:31.240331+00:00 https://vulnerability.circl.lu/sighting/80625606-0433-4655-8a83-43121525f675/export 2026-05-30T11:21:37.069349+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "80625606-0433-4655-8a83-43121525f675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42298", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116542382305810919", "content": "\ud83d\udd34 CRITICAL: gitroomhq postiz-app (< da44801) code injection (CVE-2026-42298, CVSS 10). PRs with malicious Dockerfiles can steal privileged GITHUB_TOKEN. Patch to commit da44801 now! https://radar.offseq.com/threat/cve-2026-42298-cwe-94-improper-control-of-generati-f33886f6 #OffSeq #CVE202642298 #GitHub #Security", "creation_timestamp": "2026-05-09T03:00:45.764968Z"} 2026-05-09T03:00:45.764968+00:00