<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-05T09:16:22.514036+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cd55e9f2-1312-46ab-bc36-11a18a341614/export</id>
    <title>cd55e9f2-1312-46ab-bc36-11a18a341614</title>
    <updated>2026-07-05T09:16:22.537309+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cd55e9f2-1312-46ab-bc36-11a18a341614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22874", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpspsu2h3f23", "content": "CVE-2026-22874 - Critical SSRF in Gitea &amp;lt;=1.26.2. Incomplete webhook/migration filtering. CVSS 9.6. Upgrade immediately. #CVE #Gitea #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-22874/", "creation_timestamp": "2026-07-04T09:12:44.562518Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cd55e9f2-1312-46ab-bc36-11a18a341614/export"/>
    <published>2026-07-04T09:12:44.562518+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a23e1a34-d736-431b-8a79-9d044977dd78/export</id>
    <title>a23e1a34-d736-431b-8a79-9d044977dd78</title>
    <updated>2026-07-05T09:16:22.539359+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a23e1a34-d736-431b-8a79-9d044977dd78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22874", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mprl4nq3wo2z", "content": "CVE-2026-22874 - gitea open source git server\nGitea versions up to 1.26.2 have a security issue that could allow an attacker to access unintended servers. This affects Gitea webhooks and migration processes. To protect\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#gitea #CVE #infosec", "creation_timestamp": "2026-07-03T22:16:04.840044Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a23e1a34-d736-431b-8a79-9d044977dd78/export"/>
    <published>2026-07-03T22:16:04.840044+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5e16e231-441e-4935-baaf-3bbbf43a0c41/export</id>
    <title>5e16e231-441e-4935-baaf-3bbbf43a0c41</title>
    <updated>2026-07-05T09:16:22.539565+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5e16e231-441e-4935-baaf-3bbbf43a0c41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22879", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5rysxvey2q", "content": "CVE-2026-22879 - VTK vtk-dicom heap-based buffer overflow\nCVE ID : CVE-2026-22879\n \n Published : June 25, 2026, 9:46 p.m. | 3\u00a0hours, 25\u00a0minutes ago\n \n Description : vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability\n \n Severity: 8.1 | HIGH\n \n V...", "creation_timestamp": "2026-06-26T01:25:57.502060Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5e16e231-441e-4935-baaf-3bbbf43a0c41/export"/>
    <published>2026-06-26T01:25:57.502060+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c957f34b-5def-4426-80b6-30c6fbc5650b/export</id>
    <title>c957f34b-5def-4426-80b6-30c6fbc5650b</title>
    <updated>2026-07-05T09:16:22.539729+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c957f34b-5def-4426-80b6-30c6fbc5650b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22879", "type": "seen", "source": "https://infosec.place/objects/5a167243-0f80-4bda-b99d-a113e8cf5868", "content": "New vulnerability report from Talos:vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerabilityhttps://talosintelligence.com/vulnerability_reports/TALOS-2026-2366CVE-2026-22879", "creation_timestamp": "2026-06-25T22:00:13.686484Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c957f34b-5def-4426-80b6-30c6fbc5650b/export"/>
    <published>2026-06-25T22:00:13.686484+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/145aeff0-f8ce-4682-968e-6ccc5bb4ea4e/export</id>
    <title>145aeff0-f8ce-4682-968e-6ccc5bb4ea4e</title>
    <updated>2026-07-05T09:16:22.539901+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "145aeff0-f8ce-4682-968e-6ccc5bb4ea4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22872", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobw3vpzl22j", "content": "\ud83d\udea8  ALERT: CVE-2026-22872\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\n\n\n\ud83c\udfaf WHO'S AFFECTED:\n  \u2022 Unknown\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown vector\nImpact: high impact on confidentiality, integrity, availability\n\n\u2705 WHAT TO DO:\n  1. Check if you're running affected software NOW\n  2. Apply patches immediately ", "creation_timestamp": "2026-06-14T23:24:43.211089Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/145aeff0-f8ce-4682-968e-6ccc5bb4ea4e/export"/>
    <published>2026-06-14T23:24:43.211089+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4a1f024a-8a25-42ab-a28b-0a4a31195405/export</id>
    <title>4a1f024a-8a25-42ab-a28b-0a4a31195405</title>
    <updated>2026-07-05T09:16:22.540067+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4a1f024a-8a25-42ab-a28b-0a4a31195405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22872", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mo7q2adu6z2y", "content": "Top 3 CVE for last 7 days:\nCVE-2026-35273: 50 interactions\nCVE-2026-11645: 30 interactions\nCVE-2025-10263: 25 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-22872: 8 interactions\nCVE-2026-50751: 4 interactions\nCVE-2026-53608: 4 interactions\n", "creation_timestamp": "2026-06-14T02:39:19.879266Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4a1f024a-8a25-42ab-a28b-0a4a31195405/export"/>
    <published>2026-06-14T02:39:19.879266+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3dbe776b-16ac-4a01-832d-61dc7ef2be3d/export</id>
    <title>3dbe776b-16ac-4a01-832d-61dc7ef2be3d</title>
    <updated>2026-07-05T09:16:22.540201+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3dbe776b-16ac-4a01-832d-61dc7ef2be3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22872", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mo75l6slp22l", "content": "\ud83d\udea8 CRITICAL ALERT: CVE-2026-22872\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nCapsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for clu", "creation_timestamp": "2026-06-13T21:01:20.544590Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3dbe776b-16ac-4a01-832d-61dc7ef2be3d/export"/>
    <published>2026-06-13T21:01:20.544590+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/83b4afdb-623c-42ae-8612-84d918e4c84f/export</id>
    <title>83b4afdb-623c-42ae-8612-84d918e4c84f</title>
    <updated>2026-07-05T09:16:22.540346+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "83b4afdb-623c-42ae-8612-84d918e4c84f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22872", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mo643hhhgt2g", "content": "\ud83d\udea8 CRITICAL ALERT: CVE-2026-22872\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nCapsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for clu", "creation_timestamp": "2026-06-13T11:01:11.627332Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/83b4afdb-623c-42ae-8612-84d918e4c84f/export"/>
    <published>2026-06-13T11:01:11.627332+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/070534db-13d7-4468-a698-1555bfae948e/export</id>
    <title>070534db-13d7-4468-a698-1555bfae948e</title>
    <updated>2026-07-05T09:16:22.540495+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "070534db-13d7-4468-a698-1555bfae948e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22872", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mo4hqoxhvg2x", "content": "\ud83d\udea8 CRITICAL ALERT: CVE-2026-22872\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nCapsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for clu", "creation_timestamp": "2026-06-12T19:24:35.822172Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/070534db-13d7-4468-a698-1555bfae948e/export"/>
    <published>2026-06-12T19:24:35.822172+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0c940816-5f0c-47eb-b9a4-b524d2c0cf14/export</id>
    <title>0c940816-5f0c-47eb-b9a4-b524d2c0cf14</title>
    <updated>2026-07-05T09:16:22.540640+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0c940816-5f0c-47eb-b9a4-b524d2c0cf14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-22872", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mo4hl7tkp32x", "content": "\ud83d\udea8 CRITICAL: CVE-2026-22872 \u2014 CVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nCapsule Kubernetes Controller &amp;lt; 0.13.0 \u2014 Tenant namespace isolation bypass. Capsule Controller runs with cluster-admin privileges but fails to enforce namespace restrictions on cluster-scoped resources. Tenant admins can escalate to full cluste", "creation_timestamp": "2026-06-12T19:21:32.114556Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0c940816-5f0c-47eb-b9a4-b524d2c0cf14/export"/>
    <published>2026-06-12T19:21:32.114556+00:00</published>
  </entry>
</feed>
