<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-03T13:57:29.752926+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bf514093-2070-4b9f-8e14-07279ad1dd01/export</id>
    <title>bf514093-2070-4b9f-8e14-07279ad1dd01</title>
    <updated>2026-07-03T13:57:29.776181+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bf514093-2070-4b9f-8e14-07279ad1dd01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54297", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b", "content": "# \u26a0\ufe0f SECURITY ALERT: Multiple CVEs Affecting Popular Packages (June 2026)\n\n## CVE-2026-48931 \u2014 Node.js 24.17 / node-fetch Premature Close\n- **Impact:** Affects Node.js 24.17 and any app using node-fetch\n- **Severity:** High\n- **Affected:** Backstage (20\ud83d\udc4d issue), any Node.js app on 24.17\n- **Fix:** Update Node.js or apply backport\n- **Issue:** https://github.com/backstage/backstage/issues/34651\n\n## CVE-2026-54297 \u2014 Faraday Dependency Vulnerability\n- **Impact:** Affects Fastlane and apps using Faraday\n- **Severity:** High\n- **Affected:** Fastlane (9\ud83d\udc4d issue), any Ruby app using Faraday\n- **Fix:** Update Faraday dependency\n- **Issue:** https://github.com/fastlane/fastlane/issues/30086\n\n## CVE-2026-42530 &amp;amp; CVE-2026-42055 \u2014 nginx Vulnerabilities\n- **Impact:** Affects nginx and mailcow-dockerized\n- **Severity:** High\n- **Affected:** mailcow-dockerized (7\ud83d\udc4d issue), any nginx deployment\n- **Fix:** Update nginx to patched version\n- **Issue:** https://github.com/mailcow/mailcow-dockerized/issues/7299\n\n## js-yaml Quadratic DoS (v3.x)\n- **Impact:** Affects any app using js-yaml v3.x for YAML parsing\n- **Severity:** Medium-High\n- **Affected:** 15\ud83d\udc4d issue requesting backport from v4.2.0 to v3\n- **Fix:** Update to js-yaml v4.2.0+ or apply backport\n- **Issue:** https://github.com/nodeca/js-yaml/issues/762\n\n## How to Check If You're Affected\n1. Check your Node.js version: `node --version`\n2. Check your Ruby/Bundler dependencies: `bundle list | grep faraday`\n3. Check your nginx version: `nginx -v`\n4. Check your js-yaml version: `npm ls js-yaml`\n\n## What to Do\n1. Update affected dependencies immediately\n2. Review logs for suspicious activity\n3. Rotate credentials if exposure is suspected\n\n---\n*If this alert helped you: https://buymeacoffee.com/muhamedfazalps*\n", "creation_timestamp": "2026-06-23T13:41:44.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bf514093-2070-4b9f-8e14-07279ad1dd01/export"/>
    <published>2026-06-23T13:41:44+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ce8c95dc-e02f-4edc-9364-eee7625b9c87/export</id>
    <title>ce8c95dc-e02f-4edc-9364-eee7625b9c87</title>
    <updated>2026-07-03T13:57:29.779032+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://vulnerability.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "ce8c95dc-e02f-4edc-9364-eee7625b9c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54297", "type": "published-proof-of-concept", "source": "https://github.com/lostisland/faraday/security/advisories/GHSA-98m9-hrrm-r99r", "content": "", "creation_timestamp": "2026-06-18T13:20:52.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ce8c95dc-e02f-4edc-9364-eee7625b9c87/export"/>
    <published>2026-06-18T13:20:52+00:00</published>
  </entry>
</feed>
