Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-05T06:43:02.882168+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/a97caeaf-1a82-40e4-8b31-dcd8a4b6002c/export a97caeaf-1a82-40e4-8b31-dcd8a4b6002c 2026-06-05T06:43:02.887706+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a97caeaf-1a82-40e4-8b31-dcd8a4b6002c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49185", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116689956169057665", "content": "\u26a0\ufe0f CVE-2026-49185: Acer Connect M6E 5G WiFi Router has a CRITICAL OS command injection bug (CVSS 10). Remote, unauthenticated exploitation possible. No patch available \u2014 limit exposure & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-49185-cwe-78-improper-neutralization-of-s-b208b2de #OffSeq #CVE202649185 #Infosec #Vuln", "creation_timestamp": "2026-06-04T04:30:27.623306Z"} 2026-06-04T04:30:27.623306+00:00 https://vulnerability.circl.lu/sighting/1a346873-c7a9-47b4-9801-e38ea1e407f2/export 1a346873-c7a9-47b4-9801-e38ea1e407f2 2026-06-05T06:43:02.887612+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "1a346873-c7a9-47b4-9801-e38ea1e407f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49185", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mngs2jmfpk2q", "content": "CRITICAL: Acer Connect M6E 5G Router has a CVSS 10 OS command injection flaw. Remote attackers can run arbitrary OS commands. No patch \u2014 restrict device from untrusted networks & watch for updates. https://radar.offseq.com/threat/cve-2026-49185-cwe-78-improper-neutralization-of-s-b208b2de #OffSeq...", "creation_timestamp": "2026-06-04T04:30:29.809522Z"} 2026-06-04T04:30:29.809522+00:00 https://vulnerability.circl.lu/sighting/e5286442-8783-4b15-ad83-50152662f3af/export e5286442-8783-4b15-ad83-50152662f3af 2026-06-05T06:43:02.887526+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e5286442-8783-4b15-ad83-50152662f3af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh23det5u2k", "content": "CVE-2026-49185 - Instruction Injection via FieldX MDM\nCVE ID : CVE-2026-49185\n \n Published : June 4, 2026, 4:17 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : The FieldX MDM adb messaging topic passes unverified payloads directly into\u00a0Runtime.exec(), allowing command/instruct...", "creation_timestamp": "2026-06-04T06:54:06.177011Z"} 2026-06-04T06:54:06.177011+00:00 https://vulnerability.circl.lu/sighting/a81a7a63-56f6-469c-b559-143d8b71dd92/export a81a7a63-56f6-469c-b559-143d8b71dd92 2026-06-05T06:43:02.887443+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a81a7a63-56f6-469c-b559-143d8b71dd92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49187", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh3hnyo5s2x", "content": "CVE-2026-49187 - Hard-coded APK Resource Credentials & Scepters\nCVE ID : CVE-2026-49187\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misu...", "creation_timestamp": "2026-06-04T07:18:53.954770Z"} 2026-06-04T07:18:53.954770+00:00 https://vulnerability.circl.lu/sighting/7a0aee5a-1fac-4904-b63b-1be8f2d93368/export 7a0aee5a-1fac-4904-b63b-1be8f2d93368 2026-06-05T06:43:02.887357+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "7a0aee5a-1fac-4904-b63b-1be8f2d93368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49186", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh3yc4mof24", "content": "CVE-2026-49186 - Lack of MQTT Broker Topic Access Control Lists\nCVE ID : CVE-2026-49186\n \n Published : June 4, 2026, 4:17 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to s...", "creation_timestamp": "2026-06-04T07:28:11.928680Z"} 2026-06-04T07:28:11.928680+00:00 https://vulnerability.circl.lu/sighting/1bc7acba-4f2b-42f4-9ab6-9bfd1298d37e/export 1bc7acba-4f2b-42f4-9ab6-9bfd1298d37e 2026-06-05T06:43:02.887279+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "1bc7acba-4f2b-42f4-9ab6-9bfd1298d37e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49189", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnh44fcjsw2f", "content": "Acer Connect M6E 5G WiFi Router faces a HIGH severity flaw (CVE-2026-49189): local apps can gain admin control. No patch yet \u2014 restrict device access & monitor updates. https://radar.offseq.com/threat/cve-2026-49189-cwe-269-improper-privilege-manageme-7d497fd8 #OffSeq #Acer #Security", "creation_timestamp": "2026-06-04T07:30:29.694579Z"} 2026-06-04T07:30:29.694579+00:00 https://vulnerability.circl.lu/sighting/24f57448-f025-40c8-99fa-53008d235119/export 24f57448-f025-40c8-99fa-53008d235119 2026-06-05T06:43:02.887200+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "24f57448-f025-40c8-99fa-53008d235119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49189", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116690663960529131", "content": "HIGH severity: CVE-2026-49189 in Acer Connect M6E 5G WiFi Router lets unauthorized local apps invoke admin ops via improper privilege management. No patch yet \u2014 restrict local access & monitor for updates. Details: https://radar.offseq.com/threat/cve-2026-49189-cwe-269-improper-privilege-manageme-7d497fd8 #OffSeq #Acer #Vuln #Cybersecurity", "creation_timestamp": "2026-06-04T07:30:37.582621Z"} 2026-06-04T07:30:37.582621+00:00 https://vulnerability.circl.lu/sighting/af38c5e8-b352-4856-ad9e-4cd6199ac3b4/export af38c5e8-b352-4856-ad9e-4cd6199ac3b4 2026-06-05T06:43:02.887116+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "af38c5e8-b352-4856-ad9e-4cd6199ac3b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49188", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh4k7b65v2k", "content": "CVE-2026-49188 - Elevated Root Command Execution via ai_cmd Sockets\nCVE ID : CVE-2026-49188\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : The\u00a0ai_cmd\u00a0utility executes with full root permissions. It pipes socket inputs directly to\u00a0popen(), paving the w...", "creation_timestamp": "2026-06-04T07:38:12.592103Z"} 2026-06-04T07:38:12.592103+00:00 https://vulnerability.circl.lu/sighting/566597f6-334e-4fb1-b709-139ced411ce1/export 566597f6-334e-4fb1-b709-139ced411ce1 2026-06-05T06:43:02.886996+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "566597f6-334e-4fb1-b709-139ced411ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49189", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh4t5pwyz2g", "content": "CVE-2026-49189 - Broadcast Receiver Privilege Escalation\nCVE ID : CVE-2026-49189\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke adm...", "creation_timestamp": "2026-06-04T07:43:12.921302Z"} 2026-06-04T07:43:12.921302+00:00 https://vulnerability.circl.lu/sighting/512ac5d8-86d5-497a-ba0a-b98cbb6fe03d/export 512ac5d8-86d5-497a-ba0a-b98cbb6fe03d 2026-06-05T06:43:02.885348+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "512ac5d8-86d5-497a-ba0a-b98cbb6fe03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116693678894328091", "content": "It is possible to see elevated activities targeting Acer Connect M6E 5G Portable WiFi Router (CVE-2026-49185) https://vuldb.com/vuln/368247/cti", "creation_timestamp": "2026-06-04T20:17:22.686276Z"} 2026-06-04T20:17:22.686276+00:00