<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-16T19:38:39.419157+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6c046487-4782-4aeb-ab2c-576ece65e858/export</id>
    <title>6c046487-4782-4aeb-ab2c-576ece65e858</title>
    <updated>2026-07-16T19:38:39.443995+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6c046487-4782-4aeb-ab2c-576ece65e858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqpzsv2mre2s", "content": "CVE-2026-54458 - AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin\nCVE ID : CVE-2026-54458\n \n Published : July 15, 2026, 10:17 p.m. | 17\u00a0minutes ago\n \n Description : WWBN AVideo is an open source video platform. Versi...", "creation_timestamp": "2026-07-16T00:58:55.212411Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6c046487-4782-4aeb-ab2c-576ece65e858/export"/>
    <published>2026-07-16T00:58:55.212411+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f57c96d1-7a6e-4c7b-beb6-d75677c92d2a/export</id>
    <title>f57c96d1-7a6e-4c7b-beb6-d75677c92d2a</title>
    <updated>2026-07-16T19:38:39.447572+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f57c96d1-7a6e-4c7b-beb6-d75677c92d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54458", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqpwktbn4u2k", "content": "WWBN AVideo &amp;lt;29.0 hit by CRITICAL XSS (CVE-2026-54458). Unauthenticated attackers can hijack admin sessions via YPTSocket plugin. Upgrade to v29.0 ASAP. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-54458-cwe-79-improper-neutralization-of-i-57743e6d03256988 #OffSeq #XSS #AppSec", "creation_timestamp": "2026-07-16T00:00:44.539848Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f57c96d1-7a6e-4c7b-beb6-d75677c92d2a/export"/>
    <published>2026-07-16T00:00:44.539848+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00/export</id>
    <title>29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00</title>
    <updated>2026-07-16T19:38:39.447686+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54458", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116926712479422983", "content": "CVE-2026-54458 (CRITICAL, CVSS 9.6): WWBN AVideo (&amp;lt;29.0) suffers stored DOM XSS in YPTSocket plugin. Unauthenticated attackers can hijack admin sessions. Patch now \u2014 upgrade to v29.0. https://radar.offseq.com/threat/cve-2026-54458-cwe-79-improper-neutralization-of-i-57743e6d03256988 #OffSeq #XSS #WWBNA Video #infosec", "creation_timestamp": "2026-07-16T00:00:43.633185Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00/export"/>
    <published>2026-07-16T00:00:43.633185+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c/export</id>
    <title>ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c</title>
    <updated>2026-07-16T19:38:39.447777+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpta3kei225", "content": "\ud83d\udd34 CVE-2026-54458 - Critical (9.6)\n\nWWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-S...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-54458/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-15T23:01:02.355479Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c/export"/>
    <published>2026-07-15T23:01:02.355479+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/452d3b45-2d89-4193-861a-74ba5bc2c092/export</id>
    <title>452d3b45-2d89-4193-861a-74ba5bc2c092</title>
    <updated>2026-07-16T19:38:39.447856+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "452d3b45-2d89-4193-861a-74ba5bc2c092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqpq2bpz642l", "content": "CVE-2026-54458 - wwbn/avideo\nThe AVideo YPTSocket plugin has a security flaw that allows an attacker to inject malicious code into the website's content, potentially affecting administrators viewing the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wwbn #PHP #CVE #infosec", "creation_timestamp": "2026-07-15T22:04:05.762137Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/452d3b45-2d89-4193-861a-74ba5bc2c092/export"/>
    <published>2026-07-15T22:04:05.762137+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/384291cc-4796-4d4d-b8cb-d809ef562c4f/export</id>
    <title>384291cc-4796-4d4d-b8cb-d809ef562c4f</title>
    <updated>2026-07-16T19:38:39.447932+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://vulnerability.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "384291cc-4796-4d4d-b8cb-d809ef562c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54458", "type": "published-proof-of-concept", "source": "https://github.com/WWBN/AVideo/security/advisories/GHSA-8whc-2wmv-ww35", "content": "", "creation_timestamp": "2026-06-04T14:49:58.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/384291cc-4796-4d4d-b8cb-d809ef562c4f/export"/>
    <published>2026-06-04T14:49:58+00:00</published>
  </entry>
</feed>
