https://vulnerability.circl.lu/sightings/feed 2026-06-07T01:34:10.625034+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/836c6e3f-68c0-4fee-8b95-de3327387d79/export 2026-06-07T01:34:10.649491+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "836c6e3f-68c0-4fee-8b95-de3327387d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40934", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml5ku6mloc2e", "content": "CVE-2026-40934 - jupyter-server authentication cookies remain valid after password reset due to static cookie secret\nCVE ID : CVE-2026-40934\n \n Published : May 5, 2026, 10:16 p.m. | 2\u00a0hours, 6\u00a0minutes ago\n \n Description : Jupyter Server is the backend for Jupyter web applicati...", "creation_timestamp": "2026-05-06T01:37:19.136388Z"} 2026-05-06T01:37:19.136388+00:00 https://vulnerability.circl.lu/sighting/8a3ed6dd-97df-4b68-919e-841527ce32ca/export 2026-06-07T01:34:10.649416+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8a3ed6dd-97df-4b68-919e-841527ce32ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40930", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116598142822807698", "content": "It is possible to see elevated activities targeting libpng (CVE-2026-40930) https://vuldb.com/vuln/364452/cti", "creation_timestamp": "2026-05-18T23:21:06.874226Z"} 2026-05-18T23:21:06.874226+00:00 https://vulnerability.circl.lu/sighting/6028c491-1c0f-416c-aaa5-c4b28ee1c35c/export 2026-06-07T01:34:10.649332+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "6028c491-1c0f-416c-aaa5-c4b28ee1c35c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40933", "type": "published-proof-of-concept", "source": "https://www.obsidiansecurity.com/blog/when-is-stdio-mcp-actually-a-vulnerability", "content": "", "creation_timestamp": "2026-05-28T12:00:00.000000Z"} 2026-05-28T12:00:00+00:00 https://vulnerability.circl.lu/sighting/d6891699-d72f-4961-9733-9f97185ffe07/export 2026-06-07T01:34:10.649256+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d6891699-d72f-4961-9733-9f97185ffe07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40933", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mn3h4gl5qm2a", "content": "CVE-2026-40933 enables command injection via Anthropic MCP stdio serialization, letting attackers execute arbitrary OS commands through crafted Flowise chatflow imports.\n", "creation_timestamp": "2026-05-30T16:15:25.241488Z"} 2026-05-30T16:15:25.241488+00:00 https://vulnerability.circl.lu/sighting/bfb71f17-6d0f-4942-b045-860728d47ac3/export 2026-06-07T01:34:10.649159+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "bfb71f17-6d0f-4942-b045-860728d47ac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40933", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116664923372628918", "content": "\ud83d\udcf0 PoC Exploit Released for Critical 9.9 CVSS RCE Flaw in Flowise AI Platform\n\ud83d\udd25 CRITICAL RCE in Flowise AI! A 9.9 CVSS flaw (CVE-2026-40933) allows takeover of self-hosted servers with one click. PoC exploit is public. Patch now! #RCE #Vulnerability #AI #Cybersecurity\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/exploit-code-published-for-critical-rce-vulnerability-in-flowise-ai-platform/?utm_source=mastodon&utm_medium=social&utm_campaign=daily", "creation_timestamp": "2026-05-30T18:24:45.172500Z"} 2026-05-30T18:24:45.172500+00:00 https://vulnerability.circl.lu/sighting/6496d01f-9056-499f-841d-6964c3cd0684/export 2026-06-07T01:34:10.649036+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "6496d01f-9056-499f-841d-6964c3cd0684", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40933", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mn3oe2aeru26", "content": "\ud83d\udd25 CRITICAL RCE in Flowise AI! A 9.9 CVSS flaw (CVE-2026-40933) allows takeover of self-hosted servers with one click. PoC exploit is public. Patch now! #RCE #Vulnerability #AI #Cybersecurity\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-05-30T18:24:56.737015Z"} 2026-05-30T18:24:56.737015+00:00 https://vulnerability.circl.lu/sighting/90df2b1b-fb2f-41f7-991a-9c1b73765594/export 2026-06-07T01:34:10.648907+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "90df2b1b-fb2f-41f7-991a-9c1b73765594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40933", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116666245643817162", "content": "\ud83d\udea8 Exploit code for CRITICAL Flowise RCE (CVE-2026-40933) is public. Attackers can execute arbitrary code on self-hosted Flowise servers by tricking users into importing malicious chatflows. Restrict chatflow edits & imports until a patch lands. https://radar.offseq.com/threat/exploit-code-published-for-critical-flowise-rce-vu-ae84d042 #OffSeq #Flowise #RCE #infosec", "creation_timestamp": "2026-05-31T00:00:39.882127Z"} 2026-05-31T00:00:39.882127+00:00 https://vulnerability.circl.lu/sighting/a15bfd29-3241-4a65-adcd-137df3a5dc43/export 2026-06-07T01:34:10.648728+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a15bfd29-3241-4a65-adcd-137df3a5dc43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40933", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mn4nocgkh225", "content": "Obsidian Security published PoC code for CVE-2026-40933, a critical 9.9 RCE in Flowise. Crafted chatflow imports can trigger command execution in self-hosted deployments via Anthropic MCP. #Flowise #MCP #ObsidianSecurity", "creation_timestamp": "2026-05-31T03:45:26.946523Z"} 2026-05-31T03:45:26.946523+00:00 https://vulnerability.circl.lu/sighting/23ec08b9-d12b-4ae4-94a1-58b162b3d506/export 2026-06-07T01:34:10.647445+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "23ec08b9-d12b-4ae4-94a1-58b162b3d506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40933", "type": "seen", "source": "https://www.acn.gov.it/portale/w/flowiseai-poc-pubblico-per-lo-sfruttamento-della-cve-2026-40933", "content": "", "creation_timestamp": "2026-06-01T01:37:37.000000Z"} 2026-06-01T01:37:37+00:00 https://vulnerability.circl.lu/sighting/3256cdc5-3fec-42c5-a23f-c57ebe5635f9/export 2026-06-07T01:34:10.645021+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3256cdc5-3fec-42c5-a23f-c57ebe5635f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40931", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mnfbmwaha72h", "content": "Silent Supply Chain Break: CVE-2026-40931 Uncovers a Dangerous Patch Bypass in Nodejs Compressing Library +\u00a0Video\n\n\ud83e\udde0 Introduction: When a Fixed Bug Comes Back Stronger A vulnerability that was once believed to be fully resolved has resurfaced in a far more dangerous form. CVE-2026-40931 reveals\u2026", "creation_timestamp": "2026-06-03T14:03:53.927777Z"} 2026-06-03T14:03:53.927777+00:00