Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-12T04:51:37.509043+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/ff61b99b-d95a-4fce-b9b1-b9a350db18e1/export ff61b99b-d95a-4fce-b9b1-b9a350db18e1 2026-06-12T04:51:37.905641+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ff61b99b-d95a-4fce-b9b1-b9a350db18e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10584", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndijydnwa2f", "content": "CVE-2026-10584 - HTTPS Fallback to HTTP in Graph Explorer\nCVE ID : CVE-2026-10584\n \n Published : June 2, 2026, 7:08 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might all...", "creation_timestamp": "2026-06-02T21:02:11.210530Z"} 2026-06-02T21:02:11.210530+00:00 https://vulnerability.circl.lu/sighting/5d323a04-6b74-4c78-861e-e0311120e435/export 5d323a04-6b74-4c78-861e-e0311120e435 2026-06-12T04:51:37.905549+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "5d323a04-6b74-4c78-861e-e0311120e435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10586", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mniyhk3bqm2d", "content": "HIGH severity SSRF in Gutenberg Essential Blocks (WordPress plugin) lets Authors+ send arbitrary server requests. No patch yet \u2014 restrict Author access & monitor activity. https://radar.offseq.com/threat/cve-2026-10586-cwe-918-server-side-request-forgery-f1206b69 #OffSeq #WordPress #SSRF", "creation_timestamp": "2026-06-05T01:30:28.744138Z"} 2026-06-05T01:30:28.744138+00:00 https://vulnerability.circl.lu/sighting/4244681f-08ee-4b77-9640-b485285c6212/export 4244681f-08ee-4b77-9640-b485285c6212 2026-06-12T04:51:37.905458+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "4244681f-08ee-4b77-9640-b485285c6212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-10586", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116694910594929909", "content": "\u26a0\ufe0f CVE-2026-10586: HIGH severity SSRF in Gutenberg Essential Blocks for WordPress (\u22646.1.3). Authors+ can send arbitrary server requests via save_ai_generated_image(). No patch yet \u2014 restrict access & monitor. https://radar.offseq.com/threat/cve-2026-10586-cwe-918-server-side-request-forgery-f1206b69 #OffSeq #WordPress #SSRF", "creation_timestamp": "2026-06-05T01:30:40.994823Z"} 2026-06-05T01:30:40.994823+00:00 https://vulnerability.circl.lu/sighting/587c84e6-830a-4859-b938-a3d787f8d28c/export 587c84e6-830a-4859-b938-a3d787f8d28c 2026-06-12T04:51:37.905368+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "587c84e6-830a-4859-b938-a3d787f8d28c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10586", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnjhjxnha72r", "content": "Gutenberg Essential Blocks lets authenticated users make arbitrary web requests from your server. SSRF at 7.2/10 (CVE-2026-10586). They grab wp-config, internal APIs, cloud metadata. Update to 6.1.3 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-05T06:00:15.181956Z"} 2026-06-05T06:00:15.181956+00:00 https://vulnerability.circl.lu/sighting/0e161c6e-6b86-419b-a05c-46827e3e1a90/export 0e161c6e-6b86-419b-a05c-46827e3e1a90 2026-06-12T04:51:37.905270+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "0e161c6e-6b86-419b-a05c-46827e3e1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnkwkmd32g2p", "content": "\ud83d\udd34 CVE-2026-10580 - Critical (9.8)\n\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10580/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T20:01:43.987860Z"} 2026-06-05T20:01:43.987860+00:00 https://vulnerability.circl.lu/sighting/e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73/export e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73 2026-06-12T04:51:37.905164+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnldv3nnpv2c", "content": "CVE-2026-10580. CVSS 9.8. Hippoo Mobile App for WooCommerce lets any visitor take over admin accounts. No authentication required. Update to 1.9.4 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-06T00:00:12.942192Z"} 2026-06-06T00:00:12.942192+00:00 https://vulnerability.circl.lu/sighting/a2cc85d3-ae1c-4675-908b-ec1755bcdc17/export a2cc85d3-ae1c-4675-908b-ec1755bcdc17 2026-06-12T04:51:37.904882+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a2cc85d3-ae1c-4675-908b-ec1755bcdc17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnpdq65dfl2s", "content": "CVE-2026-10580 - Critical Authentication Bypass in Hippoo WordPress plugin. Flaw conflates admin and unauthenticated user permissions, allowing full admin takeover. CVSS 9.8. No patch available. Disable plugin now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-10580/", "creation_timestamp": "2026-06-07T14:08:08.097746Z"} 2026-06-07T14:08:08.097746+00:00 https://vulnerability.circl.lu/sighting/45e0fd84-668c-4bac-9106-7072019098f8/export 45e0fd84-668c-4bac-9106-7072019098f8 2026-06-12T04:51:37.901283+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "45e0fd84-668c-4bac-9106-7072019098f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-10580.yaml", "content": "", "creation_timestamp": "2026-06-10T19:03:51.000000Z"} 2026-06-10T19:03:51+00:00