<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-08T20:56:57.960672+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/37b24005-93e4-4784-b009-b5dbfa00dd7a/export</id>
    <title>37b24005-93e4-4784-b009-b5dbfa00dd7a</title>
    <updated>2026-07-08T20:56:57.988037+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "37b24005-93e4-4784-b009-b5dbfa00dd7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2olleolc2s", "content": "CVE-2026-53913 - apache camel keycloak\nIn the default configuration of Apache Camel Keycloak, access tokens are not verified, allowing any non-null value in the Authorization: Bearer header to pass. This\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-07T13:12:04.326285Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/37b24005-93e4-4784-b009-b5dbfa00dd7a/export"/>
    <published>2026-07-07T13:12:04.326285+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d5d68964-bd47-4f9c-a07c-be144341d3d0/export</id>
    <title>d5d68964-bd47-4f9c-a07c-be144341d3d0</title>
    <updated>2026-07-08T20:56:57.991211+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d5d68964-bd47-4f9c-a07c-be144341d3d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2hxlw5o2w", "content": "CVE-2026-53913 - Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted\nCVE ID : CVE-2026-53913\n \n Publishe...", "creation_timestamp": "2026-07-06T12:06:48.802068Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d5d68964-bd47-4f9c-a07c-be144341d3d0/export"/>
    <published>2026-07-06T12:06:48.802068+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a/export</id>
    <title>44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a</title>
    <updated>2026-07-08T20:56:57.991419+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpy24owhaq2i", "content": "CRITICAL: Apache Camel Keycloak improper authentication (CVE-2026-53913) lets attackers bypass auth &amp;amp; gain access in default configs. Upgrade to 4.21.0/4.18.3 or fix policy settings. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #Apach...", "creation_timestamp": "2026-07-06T12:00:30.754195Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a/export"/>
    <published>2026-07-06T12:00:30.754195+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/774d8fb4-e59f-4e9b-83e0-e612d7c455b6/export</id>
    <title>774d8fb4-e59f-4e9b-83e0-e612d7c455b6</title>
    <updated>2026-07-08T20:56:57.991584+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "774d8fb4-e59f-4e9b-83e0-e612d7c455b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116872919680337020", "content": "CVE-2026-53913 | CRITICAL | Apache Camel Keycloak: Default KeycloakSecurityPolicy skips token verification, enabling unauthenticated access and possible RCE on 4.15.0 \u2013 4.18.2 &amp;amp; 4.19.0 \u2013 4.20.x. Upgrade to 4.21.0/4.18.3. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #ApacheCamel #CVE202653913", "creation_timestamp": "2026-07-06T12:00:29.420516Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/774d8fb4-e59f-4e9b-83e0-e612d7c455b6/export"/>
    <published>2026-07-06T12:00:29.420516+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f569d979-7748-4816-a0c7-bffbfadab314/export</id>
    <title>f569d979-7748-4816-a0c7-bffbfadab314</title>
    <updated>2026-07-08T20:56:57.991729+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f569d979-7748-4816-a0c7-bffbfadab314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwhr67bwy2o", "content": "CVE-2026-53913: Apache Camel: Camel-Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration (no required roles or permissions) the token is never verified and any non-null bearer value is accepted - a", "creation_timestamp": "2026-07-05T20:59:16.938386Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f569d979-7748-4816-a0c7-bffbfadab314/export"/>
    <published>2026-07-05T20:59:16.938386+00:00</published>
  </entry>
</feed>
