<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-10T15:21:28.294439+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/739119cd-9f52-4270-9eaf-8ef6d44f4acf/export</id>
    <title>739119cd-9f52-4270-9eaf-8ef6d44f4acf</title>
    <updated>2026-07-10T15:21:28.313490+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "739119cd-9f52-4270-9eaf-8ef6d44f4acf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116870089136632895", "content": "CVE-2026-59509 (CRITICAL): cve-search POST /fetch_cve_data allows unauth'd access to arbitrary MongoDB collections, exposing admin creds for offline cracking. Restrict endpoint, monitor activity, check vendor updates. https://radar.offseq.com/threat/ghsa-3fmp-59v6-4qw2-ddbb46f84ba1bbe2 #OffSeq #infosec #CVE202659509", "creation_timestamp": "2026-07-06T00:00:38.620312Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/739119cd-9f52-4270-9eaf-8ef6d44f4acf/export"/>
    <published>2026-07-06T00:00:38.620312+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/feb228e7-b3d7-4206-a841-ccdf714db306/export</id>
    <title>feb228e7-b3d7-4206-a841-ccdf714db306</title>
    <updated>2026-07-10T15:21:28.315591+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "feb228e7-b3d7-4206-a841-ccdf714db306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpvp4ane5k23", "content": "CVE-2026-59509 - cve-search\nCVE-Search, a tool for searching CVEs, has a flaw that allows attackers to access any MongoDB collection without logging in. This could lead to sensitive data being exposed, including\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#cvesearch #CVE #infosec", "creation_timestamp": "2026-07-05T13:38:04.817891Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/feb228e7-b3d7-4206-a841-ccdf714db306/export"/>
    <published>2026-07-05T13:38:04.817891+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/edc6f2c1-e63e-4967-9a26-1cfd9f8792d2/export</id>
    <title>edc6f2c1-e63e-4967-9a26-1cfd9f8792d2</title>
    <updated>2026-07-10T15:21:28.315733+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "edc6f2c1-e63e-4967-9a26-1cfd9f8792d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59509", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpvo7623bw2o", "content": "CVE-2026-59509 - Unauthenticated arbitrary MongoDB collection read in cve-search\nCVE ID : CVE-2026-59509\n \n Published : July 5, 2026, 12:02 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data end...", "creation_timestamp": "2026-07-05T13:21:49.188761Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/edc6f2c1-e63e-4967-9a26-1cfd9f8792d2/export"/>
    <published>2026-07-05T13:21:49.188761+00:00</published>
  </entry>
</feed>
