<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-08T19:53:33.325615+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7438ba62-ee7e-4528-ab45-a6e84892da7b/export</id>
    <title>7438ba62-ee7e-4528-ab45-a6e84892da7b</title>
    <updated>2026-07-08T19:53:33.347125+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7438ba62-ee7e-4528-ab45-a6e84892da7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2z7dj6b22i", "content": "CVE-2026-33264 - apache airflow\nA bug in Apache Airflow allowed malicious DAG authors to execute code on the Airflow server, potentially leading to unauthorized access or data breaches. To\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apacheairflow #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-07T16:22:04.705363Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7438ba62-ee7e-4528-ab45-a6e84892da7b/export"/>
    <published>2026-07-07T16:22:04.705363+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0ec945df-5467-4913-a299-a1ccd45ef6da/export</id>
    <title>0ec945df-5467-4913-a299-a1ccd45ef6da</title>
    <updated>2026-07-08T19:53:33.349904+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0ec945df-5467-4913-a299-a1ccd45ef6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq2k4insdp2w", "content": "CVE-2026-33264 - Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()\nCVE ID : CVE-2026-33264\n \n Published : July 7, 2026, 10:16 a.m. | 1\u00a0hour, 31\u00a0minutes ago\n \n Description : A bug in `BaseSerialization.deserialize()`...", "creation_timestamp": "2026-07-07T11:52:06.860608Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0ec945df-5467-4913-a299-a1ccd45ef6da/export"/>
    <published>2026-07-07T11:52:06.860608+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f9bc7807-3cae-4760-a1f7-838499005021/export</id>
    <title>f9bc7807-3cae-4760-a1f7-838499005021</title>
    <updated>2026-07-08T19:53:33.350085+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f9bc7807-3cae-4760-a1f7-838499005021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq2jez5o4b27", "content": "CVE-2026-33264: Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()", "creation_timestamp": "2026-07-07T11:38:55.238434Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f9bc7807-3cae-4760-a1f7-838499005021/export"/>
    <published>2026-07-07T11:38:55.238434+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f726afa5-65ce-4b64-bdc6-25b05107873e/export</id>
    <title>f726afa5-65ce-4b64-bdc6-25b05107873e</title>
    <updated>2026-07-08T19:53:33.350186+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f726afa5-65ce-4b64-bdc6-25b05107873e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq2fkleckz23", "content": "CVE-2026-33264: Apache Airflow &amp;lt;3.3.0 has a CRITICAL deserialization bug \u2014 DAG authors could trigger RCE on Scheduler/API Server. Upgrade to 3.3.0+ and restrict deserialization classes now. https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq...", "creation_timestamp": "2026-07-07T10:30:27.679495Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f726afa5-65ce-4b64-bdc6-25b05107873e/export"/>
    <published>2026-07-07T10:30:27.679495+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/40625e39-10fd-4ea9-862c-e87809332be5/export</id>
    <title>40625e39-10fd-4ea9-862c-e87809332be5</title>
    <updated>2026-07-08T19:53:33.350250+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "40625e39-10fd-4ea9-862c-e87809332be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116878227880912732", "content": "CVE-2026-33264: Apache Airflow &amp;lt;3.3.0 has a CRITICAL deserialization flaw. DAG authors can trigger remote code execution on Scheduler/API Server. Upgrade to 3.3.0+ and restrict allowed_deserialization_classes. Details: https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq #Airflow #Infosec #CVE202633264", "creation_timestamp": "2026-07-07T10:30:26.100516Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/40625e39-10fd-4ea9-862c-e87809332be5/export"/>
    <published>2026-07-07T10:30:26.100516+00:00</published>
  </entry>
</feed>
