<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T23:37:49.803784+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a33dd92f-4f07-4ac5-ad7c-944d0de44976/export</id>
    <title>a33dd92f-4f07-4ac5-ad7c-944d0de44976</title>
    <updated>2026-07-09T23:37:49.833477+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a33dd92f-4f07-4ac5-ad7c-944d0de44976", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42496", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpywt27xh32s", "content": "CVE-2026-42496 - rootio-perl\nThe rootio-perl package in Debian 12 had a security issue that allowed unauthorized access to sensitive information. This has been fixed by Root in a recent update, and\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#rootioperl #RootDebian12 #CVE #infosec", "creation_timestamp": "2026-07-06T20:34:05.614362Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a33dd92f-4f07-4ac5-ad7c-944d0de44976/export"/>
    <published>2026-07-06T20:34:05.614362+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/28b59b8e-9efe-4598-93b0-433c30f1795b/export</id>
    <title>28b59b8e-9efe-4598-93b0-433c30f1795b</title>
    <updated>2026-07-09T23:37:49.835747+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "28b59b8e-9efe-4598-93b0-433c30f1795b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy3dicdxy2n", "content": "CVE-2026-4249 - Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption\nCVE ID : CVE-2026-4249\n \n Published : July 6, 2026, 11:16 a.m. | 31\u00a0minutes ago\n \n Description : The throttling event handling mec...", "creation_timestamp": "2026-07-06T12:22:12.107001Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/28b59b8e-9efe-4598-93b0-433c30f1795b/export"/>
    <published>2026-07-06T12:22:12.107001+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/dc876ac8-040d-47e0-85ec-708dc41d505b/export</id>
    <title>dc876ac8-040d-47e0-85ec-708dc41d505b</title>
    <updated>2026-07-09T23:37:49.835879+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "dc876ac8-040d-47e0-85ec-708dc41d505b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42496", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmrathgt2r", "content": "\ud83d\udea8  ALERT: CVE-2026-42496\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nArchive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.\n\n_make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. s", "creation_timestamp": "2026-06-22T00:26:01.719855Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/dc876ac8-040d-47e0-85ec-708dc41d505b/export"/>
    <published>2026-06-22T00:26:01.719855+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1f3e7427-8be4-4224-843f-05d7ad70e51c/export</id>
    <title>1f3e7427-8be4-4224-843f-05d7ad70e51c</title>
    <updated>2026-07-09T23:37:49.835986+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://vulnerability.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "1f3e7427-8be4-4224-843f-05d7ad70e51c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42490", "type": "seen", "source": "https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-xen", "content": "", "creation_timestamp": "2026-06-10T04:24:52.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1f3e7427-8be4-4224-843f-05d7ad70e51c/export"/>
    <published>2026-06-10T04:24:52+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/113925f8-77bb-4e40-a554-a256f813abf5/export</id>
    <title>113925f8-77bb-4e40-a554-a256f813abf5</title>
    <updated>2026-07-09T23:37:49.837650+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "113925f8-77bb-4e40-a554-a256f813abf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42490", "type": "seen", "source": "https://infosec.exchange/users/andersonc0d3/statuses/116720431315436112", "content": "Xen Security Advisory 491 v2 (CVE-2026-42487) - x86 HVM I/O port list traversal\nhttps://seclists.org/oss-sec/2026/q2/857\nXen Security Advisory 492 v3 (CVE-2026-42489,CVE-2026-42490) - domctl lock open to abuse\nhttps://seclists.org/oss-sec/2026/q2/858\nXen Security Advisory 493 v2 (CVE-2025-10263) - Arm: Completion of memory accesses not guaranteed by completion of a TLBI\nhttps://seclists.org/oss-sec/2026/q2/859", "creation_timestamp": "2026-06-09T13:41:01.482582Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/113925f8-77bb-4e40-a554-a256f813abf5/export"/>
    <published>2026-06-09T13:41:01.482582+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fa297b20-70ab-4da8-91e8-87a356f425b1/export</id>
    <title>fa297b20-70ab-4da8-91e8-87a356f425b1</title>
    <updated>2026-07-09T23:37:49.837791+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fa297b20-70ab-4da8-91e8-87a356f425b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42490", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnucoaa2ss26", "content": "Xen Security Advisory 492 v3 (CVE-2026-42489,CVE-2026-42490) - domctl lock open to abuse", "creation_timestamp": "2026-06-09T13:32:26.981926Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fa297b20-70ab-4da8-91e8-87a356f425b1/export"/>
    <published>2026-06-09T13:32:26.981926+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ba8aff35-4b2b-47c2-a02a-507558aadbad/export</id>
    <title>ba8aff35-4b2b-47c2-a02a-507558aadbad</title>
    <updated>2026-07-09T23:37:49.837902+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ba8aff35-4b2b-47c2-a02a-507558aadbad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42499", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mmyigxrm6r2h", "content": "\ud83d\udd0d Lambda Watchdog detected that CVE-2026-42499 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/537 #AWS #Lambda #Security #CVE #DevOps #SecOps", "creation_timestamp": "2026-05-29T12:01:13.125008Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ba8aff35-4b2b-47c2-a02a-507558aadbad/export"/>
    <published>2026-05-29T12:01:13.125008+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/be5fb371-194e-401c-9c22-5404cbcbbaad/export</id>
    <title>be5fb371-194e-401c-9c22-5404cbcbbaad</title>
    <updated>2026-07-09T23:37:49.838002+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "be5fb371-194e-401c-9c22-5404cbcbbaad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42499", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mmvxxxwjde2y", "content": "\n\ud83d\udea8 New HIGH CVE detected in AWS Lambda \ud83d\udea8\nCVE-2026-42499 impacts libcap in 20 Lambda base images.\n\nDetails: https://github.com/aws/aws-lambda-base-images/issues/537\nMore: https://lambdawatchdog.com/\n\n#AWS #Lambda #CVE #CloudSecurity #Serverless", "creation_timestamp": "2026-05-28T12:01:10.362856Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/be5fb371-194e-401c-9c22-5404cbcbbaad/export"/>
    <published>2026-05-28T12:01:10.362856+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/82e6f1b7-06c9-43bb-9675-b331cf02161e/export</id>
    <title>82e6f1b7-06c9-43bb-9675-b331cf02161e</title>
    <updated>2026-07-09T23:37:49.838104+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "82e6f1b7-06c9-43bb-9675-b331cf02161e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42497", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqmnt47gt2b", "content": "CVE-2026-42497: Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory", "creation_timestamp": "2026-05-26T08:55:19.933305Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/82e6f1b7-06c9-43bb-9675-b331cf02161e/export"/>
    <published>2026-05-26T08:55:19.933305+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1842dca3-967f-48d4-90bf-aa52d7960cd5/export</id>
    <title>1842dca3-967f-48d4-90bf-aa52d7960cd5</title>
    <updated>2026-07-09T23:37:49.838199+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1842dca3-967f-48d4-90bf-aa52d7960cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42496", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqmdp566n25", "content": "CVE-2026-42496: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory", "creation_timestamp": "2026-05-26T08:49:40.075365Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1842dca3-967f-48d4-90bf-aa52d7960cd5/export"/>
    <published>2026-05-26T08:49:40.075365+00:00</published>
  </entry>
</feed>
