https://vulnerability.circl.lu/sightings/feed 2026-06-02T11:23:01.110632+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/8c30ab16-7e27-447a-a83f-31c03183106f/export 2026-06-02T11:23:01.126342+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8c30ab16-7e27-447a-a83f-31c03183106f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42354", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116541675237436780", "content": "\ud83d\udea8 CRITICAL: Sentry SAML SSO auth bypass (CVE-2026-42354) affects 21.12.0 - 26.4.0. Attackers w/ malicious SAML IdP & another org can fully compromise user accounts. Upgrade to 26.4.1 ASAP! https://radar.offseq.com/threat/cve-2026-42354-cwe-290-authentication-bypass-by-sp-32bd5f55 #OffSeq #Sentry #Vuln #Security", "creation_timestamp": "2026-05-09T00:00:40.703877Z"} 2026-05-09T00:00:40.703877+00:00 https://vulnerability.circl.lu/sighting/7bf1e7da-8074-40a3-8a80-4713b114cc77/export 2026-06-02T11:23:01.126271+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7bf1e7da-8074-40a3-8a80-4713b114cc77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42354", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlewu65dad2v", "content": "Sentry SAML SSO CRITICAL vuln (CVE-2026-42354): 21.12.0 - 26.4.0 allows account takeover via malicious SAML IdP if victim email is known. Upgrade to 26.4.1+ now! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-42354-cwe-290-authentication-bypass-by-sp-32bd5f55 #OffSeq #Sentry #Security", "creation_timestamp": "2026-05-09T00:00:42.179611Z"} 2026-05-09T00:00:42.179611+00:00 https://vulnerability.circl.lu/sighting/c1e14af9-395b-44dd-8ca9-e0a798467d1d/export 2026-06-02T11:23:01.126207+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c1e14af9-395b-44dd-8ca9-e0a798467d1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42352", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlezw4c6mx2o", "content": "CVE-2026-42352 - pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber\nCVE ID : CVE-2026-42352\n \n Published : May 8, 2026, 11:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : pygeoapi is a Python server implementation of the OGC API suite of standards. From ...", "creation_timestamp": "2026-05-09T00:55:28.075118Z"} 2026-05-09T00:55:28.075118+00:00 https://vulnerability.circl.lu/sighting/f216a2ce-2f48-4b6b-af91-01117c45851f/export 2026-06-02T11:23:01.126141+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f216a2ce-2f48-4b6b-af91-01117c45851f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42354", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlf37earic2r", "content": "CVE-2026-42354 - Sentry: Improper authentication on SAML SSO process allows user identity linking\nCVE ID : CVE-2026-42354\n \n Published : May 8, 2026, 11:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Sentry is an error tracking and performance monitoring tool. From version 2...", "creation_timestamp": "2026-05-09T01:18:32.312351Z"} 2026-05-09T01:18:32.312351+00:00 https://vulnerability.circl.lu/sighting/3d5baa4b-48b2-4392-8dce-d5f3fe54b48d/export 2026-06-02T11:23:01.126078+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3d5baa4b-48b2-4392-8dce-d5f3fe54b48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42350", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116545697527370018", "content": "A lot of offensive activities were identified targeting akuity kargo (CVE-2026-42350) https://vuldb.com/vuln/362396/cti", "creation_timestamp": "2026-05-09T17:03:37.111826Z"} 2026-05-09T17:03:37.111826+00:00 https://vulnerability.circl.lu/sighting/e38764cb-5e09-459a-a78e-d0fbbbebb52a/export 2026-06-02T11:23:01.126011+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e38764cb-5e09-459a-a78e-d0fbbbebb52a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42354", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mm5b2mh5z52p", "content": "\ud83d\udccc CVE-2026-42354 - Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in... https://www.cyberhub.blog/cves/CVE-2026-42354", "creation_timestamp": "2026-05-18T16:07:09.730954Z"} 2026-05-18T16:07:09.730954+00:00 https://vulnerability.circl.lu/sighting/d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10/export 2026-06-02T11:23:01.125942+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d35eafb3-e61a-4eb6-a7dc-6a29aadcbc10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42359", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5nw4nzo32u", "content": "CVE-2026-42359: Apache Airflow: Authenticated RCE via XCom PATCH endpoint \u2014 XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator", "creation_timestamp": "2026-05-31T13:22:28.619981Z"} 2026-05-31T13:22:28.619981+00:00 https://vulnerability.circl.lu/sighting/7e406bcf-4e46-4603-aec2-0850312521b1/export 2026-06-02T11:23:01.125871+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7e406bcf-4e46-4603-aec2-0850312521b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42358", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5oi3cac32a", "content": "CVE-2026-42358: Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets", "creation_timestamp": "2026-05-31T13:32:31.212465Z"} 2026-05-31T13:32:31.212465+00:00 https://vulnerability.circl.lu/sighting/e5a23430-65cc-44d5-968f-a893605c30c1/export 2026-06-02T11:23:01.125778+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e5a23430-65cc-44d5-968f-a893605c30c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mn7urgkev32g", "content": "Apache Airflow 3.2.0 has a CRITICAL XCom PATCH deserialization bug (CVE-2026-42359). Authenticated users with write rights risk RCE. Upgrade to 3.2.2+ and restrict permissions. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #Vuln", "creation_timestamp": "2026-06-01T10:30:27.322316Z"} 2026-06-01T10:30:27.322316+00:00 https://vulnerability.circl.lu/sighting/f9b3e178-12cf-470b-9440-113ce4e3a821/export 2026-06-02T11:23:01.124687+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f9b3e178-12cf-470b-9440-113ce4e3a821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42359", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116674384679698884", "content": "\ud83d\udea9 CVE-2026-42359 (CRITICAL): Apache Airflow 3.2.0 XCom PATCH deserialization flaw enables authenticated users with XCom write to execute code remotely. Upgrade to 3.2.2+ to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-42359-cwe-502-deserialization-of-untruste-34c6b2b1 #OffSeq #ApacheAirflow #RCE #Security", "creation_timestamp": "2026-06-01T10:30:34.741044Z"} 2026-06-01T10:30:34.741044+00:00