<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-12T11:06:33.902832+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/54433f20-a05c-487e-81d4-185c7df43815/export</id>
    <title>54433f20-a05c-487e-81d4-185c7df43815</title>
    <updated>2026-07-12T11:06:33.923235+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "54433f20-a05c-487e-81d4-185c7df43815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-61447", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqfuoz6eil2g", "content": "PraisonAI &amp;lt;1.6.78 hit by CRITICAL CVE-2026-61447: unauthenticated RCE via prompt injection allows code execution &amp;amp; secret exfiltration. No fix yet \u2014 restrict access, monitor usage. https://radar.offseq.com/threat/cve-2026-61447-improper-control-of-generation-of-c-51bde3fa75b4e680 #OffSeq #CVE2026...", "creation_timestamp": "2026-07-12T00:00:39.660973Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/54433f20-a05c-487e-81d4-185c7df43815/export"/>
    <published>2026-07-12T00:00:39.660973+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/31c5354d-78c4-4eb0-9e70-99d7664ef9f0/export</id>
    <title>31c5354d-78c4-4eb0-9e70-99d7664ef9f0</title>
    <updated>2026-07-12T11:06:33.924845+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "31c5354d-78c4-4eb0-9e70-99d7664ef9f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-61447", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116904062949725994", "content": "CVE-2026-61447: CRITICAL RCE in MervinPraison PraisonAI (&amp;lt;1.6.78). Unauthenticated attackers can exploit prompt injection to run arbitrary Python, risking system compromise &amp;amp; secret leaks. No patch yet \u2014 restrict exposure &amp;amp; monitor use. https://radar.offseq.com/threat/cve-2026-61447-improper-control-of-generation-of-c-51bde3fa75b4e680 #OffSeq #CVE202661447 #infosec #RCE", "creation_timestamp": "2026-07-12T00:00:37.795198Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/31c5354d-78c4-4eb0-9e70-99d7664ef9f0/export"/>
    <published>2026-07-12T00:00:37.795198+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/aee72f21-7cd9-46d2-be08-6a28613cf2ee/export</id>
    <title>aee72f21-7cd9-46d2-be08-6a28613cf2ee</title>
    <updated>2026-07-12T11:06:33.924992+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "aee72f21-7cd9-46d2-be08-6a28613cf2ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61447", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mqf5o6os3s2j", "content": "\ud83d\udc1b VULNERABILITIES CVE Notify: \ud83d\udea8 [CVE-2026-61447](https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2xv2-w8cq-5g...\nhttps://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2xv2-w8cq-5gxw #PatchManagement #Vulnerability #CVE", "creation_timestamp": "2026-07-11T17:08:35.322377Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/aee72f21-7cd9-46d2-be08-6a28613cf2ee/export"/>
    <published>2026-07-11T17:08:35.322377+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4960fa18-31e7-4581-bb02-fd765a52f1be/export</id>
    <title>4960fa18-31e7-4581-bb02-fd765a52f1be</title>
    <updated>2026-07-12T11:06:33.925102+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4960fa18-31e7-4581-bb02-fd765a52f1be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61447", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqey52ii3c2e", "content": "CVE-2026-61447 - PraisonAI before 1.6.78 Remote Code Execution via CodeAgent\nCVE ID : CVE-2026-61447\n \n Published : July 11, 2026, 2:16 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_py...", "creation_timestamp": "2026-07-11T15:29:31.906431Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4960fa18-31e7-4581-bb02-fd765a52f1be/export"/>
    <published>2026-07-11T15:29:31.906431+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/73946f03-bc79-4eb0-a9f4-6eb7c4897e14/export</id>
    <title>73946f03-bc79-4eb0-a9f4-6eb7c4897e14</title>
    <updated>2026-07-12T11:06:33.925205+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "73946f03-bc79-4eb0-a9f4-6eb7c4897e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61447", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqewjtit5p25", "content": "\ud83d\udd34 CVE-2026-61447 - Critical (10)\n\nPraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_pyth...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-61447/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-11T15:00:53.535797Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/73946f03-bc79-4eb0-a9f4-6eb7c4897e14/export"/>
    <published>2026-07-11T15:00:53.535797+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bcdf794f-549c-4533-b44a-482307baecfe/export</id>
    <title>bcdf794f-549c-4533-b44a-482307baecfe</title>
    <updated>2026-07-12T11:06:33.925316+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bcdf794f-549c-4533-b44a-482307baecfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61447", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqev5jlzua2c", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61447 \u0432 PraisonAI: \u0443\u0433\u0440\u043e\u0437\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/8E1F4B34-D2B6-47CA-8519-4CC45C4520D2", "creation_timestamp": "2026-07-11T14:36:06.445143Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bcdf794f-549c-4533-b44a-482307baecfe/export"/>
    <published>2026-07-11T14:36:06.445143+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/41486b02-b320-4658-adcc-b5373d9fe8ad/export</id>
    <title>41486b02-b320-4658-adcc-b5373d9fe8ad</title>
    <updated>2026-07-12T11:06:33.925420+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "41486b02-b320-4658-adcc-b5373d9fe8ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61447", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqeup5otvv2b", "content": "CVE-2026-61447\nPraisonAI versions prior to 1.6.78 are at risk of attackers executing malicious code on the host system. This is due to a lack of validation and restrictions on Python code generated by the Large Language Model\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-11T14:28:04.214435Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/41486b02-b320-4658-adcc-b5373d9fe8ad/export"/>
    <published>2026-07-11T14:28:04.214435+00:00</published>
  </entry>
</feed>
