Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-01T01:34:50.768842+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f5e537dd-f190-4d94-872f-d8c2f4e5ed93/export f5e537dd-f190-4d94-872f-d8c2f4e5ed93 2026-06-01T01:34:51.141994+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f5e537dd-f190-4d94-872f-d8c2f4e5ed93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4852", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjxj2wb56l2i", "content": "", "creation_timestamp": "2026-04-20T22:24:09.518271Z"} 2026-04-20T22:24:09.518271+00:00 https://vulnerability.circl.lu/sighting/bb7c428f-9007-4a4f-90e2-0fac2e5174f5/export bb7c428f-9007-4a4f-90e2-0fac2e5174f5 2026-06-01T01:34:51.141113+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "bb7c428f-9007-4a4f-90e2-0fac2e5174f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48527", "type": "published-proof-of-concept", "source": "https://github.com/haxtheweb/issues/security/advisories/GHSA-g2g8-95qg-v35h", "content": "", "creation_timestamp": "2026-05-21T20:37:15.000000Z"} 2026-05-21T20:37:15+00:00 https://vulnerability.circl.lu/sighting/0dccc110-b203-4a63-b2bc-5ddccbf57c49/export 0dccc110-b203-4a63-b2bc-5ddccbf57c49 2026-06-01T01:34:51.140990+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "0dccc110-b203-4a63-b2bc-5ddccbf57c49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48524", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwjprwno32c", "content": "CVE-2026-48524 - PyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)\nCVE ID : CVE-2026-48524\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, P...", "creation_timestamp": "2026-05-28T17:18:42.980532Z"} 2026-05-28T17:18:42.980532+00:00 https://vulnerability.circl.lu/sighting/c45639e4-1719-4798-a87d-e4f9e0da5462/export c45639e4-1719-4798-a87d-e4f9e0da5462 2026-06-01T01:34:51.140840+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "c45639e4-1719-4798-a87d-e4f9e0da5462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48526", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwksx74os2e", "content": "CVE-2026-48526 - PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed\nCVE ID : CVE-2026-48526\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : PyJWT is a JSON Web Token implementation in Python. Prior...", "creation_timestamp": "2026-05-28T17:38:22.790548Z"} 2026-05-28T17:38:22.790548+00:00 https://vulnerability.circl.lu/sighting/ea056b43-3f36-4023-b0c2-be8378982c6d/export ea056b43-3f36-4023-b0c2-be8378982c6d 2026-06-01T01:34:51.140658+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ea056b43-3f36-4023-b0c2-be8378982c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48523", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwl3vmqup2r", "content": "CVE-2026-48523 - PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys\nCVE ID : CVE-2026-48523\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there ...", "creation_timestamp": "2026-05-28T17:43:23.255339Z"} 2026-05-28T17:43:23.255339+00:00 https://vulnerability.circl.lu/sighting/6120e7f4-67dc-4baa-9b25-dde308a13b94/export 6120e7f4-67dc-4baa-9b25-dde308a13b94 2026-06-01T01:34:51.140509+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "6120e7f4-67dc-4baa-9b25-dde308a13b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48525", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwleu26lh2k", "content": "CVE-2026-48525 - PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS\nCVE ID : CVE-2026-48525\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : PyJWT is a JSON Web Token implementation in Python....", "creation_timestamp": "2026-05-28T17:48:23.732898Z"} 2026-05-28T17:48:23.732898+00:00 https://vulnerability.circl.lu/sighting/d412ee9d-9fef-437a-a608-1ad70b95b8e4/export d412ee9d-9fef-437a-a608-1ad70b95b8e4 2026-06-01T01:34:51.140340+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d412ee9d-9fef-437a-a608-1ad70b95b8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48522", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwlnshmtl2k", "content": "CVE-2026-48522 - PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes\nCVE ID : CVE-2026-48522\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : PyJWT is a JSON Web Token implementation in Python. Prior to ...", "creation_timestamp": "2026-05-28T17:53:23.839388Z"} 2026-05-28T17:53:23.839388+00:00 https://vulnerability.circl.lu/sighting/181f84c1-b0ec-4f00-bf6c-d4800f998861/export 181f84c1-b0ec-4f00-bf6c-d4800f998861 2026-06-01T01:34:51.140134+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "181f84c1-b0ec-4f00-bf6c-d4800f998861", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48527", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmyuju2ije22", "content": "CVE-2026-48527 - HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint\nCVE ID : CVE-2026-48527\n \n Published : May 29, 2026, 1:16 p.m. | 1\u00a0hour, 55\u00a0minutes ago\n \n Description : HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up...", "creation_timestamp": "2026-05-29T15:37:37.120252Z"} 2026-05-29T15:37:37.120252+00:00 https://vulnerability.circl.lu/sighting/e21227da-aaa1-48de-afda-d908512fbc23/export e21227da-aaa1-48de-afda-d908512fbc23 2026-06-01T01:34:51.137850+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e21227da-aaa1-48de-afda-d908512fbc23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48527", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mn45s4mkta2s", "content": "\ud83d\udfe0 CVE-2026-48527 - High (8.7)\n\nHAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48527/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-30T23:01:15.705522Z"} 2026-05-30T23:01:15.705522+00:00