<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 08 Jul 2026 21:53:11 +0000</lastBuildDate>
    <item>
      <title>e9a574fc-5527-4351-a3d5-9e83c36a7512</title>
      <link>https://vulnerability.circl.lu/sighting/e9a574fc-5527-4351-a3d5-9e83c36a7512/export</link>
      <description>{"uuid": "e9a574fc-5527-4351-a3d5-9e83c36a7512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11856", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mpzpwrjcgc22", "content": "Critical CVE landed today in libcurl:\n\nCVE-2026-11856. Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, r\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-11856", "creation_timestamp": "2026-07-07T04:03:34.221466Z"}</description>
      <content:encoded>{"uuid": "e9a574fc-5527-4351-a3d5-9e83c36a7512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11856", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mpzpwrjcgc22", "content": "Critical CVE landed today in libcurl:\n\nCVE-2026-11856. Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, r\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-11856", "creation_timestamp": "2026-07-07T04:03:34.221466Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e9a574fc-5527-4351-a3d5-9e83c36a7512/export</guid>
      <pubDate>Tue, 07 Jul 2026 04:03:34 +0000</pubDate>
    </item>
    <item>
      <title>50df245e-ccd4-43d4-9f64-330191cd5ed2</title>
      <link>https://vulnerability.circl.lu/sighting/50df245e-ccd4-43d4-9f64-330191cd5ed2/export</link>
      <description>{"uuid": "50df245e-ccd4-43d4-9f64-330191cd5ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11855", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mpzcdreeve2x", "content": "CVE-2026-11855. Simple Membership before 4.7.5. Admin accounts hijacked via unvalidated Stripe webhooks. Script injection in notices. CVSS 8.8.\n\nNo patch available. Disable the plugin now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-07T00:00:17.926873Z"}</description>
      <content:encoded>{"uuid": "50df245e-ccd4-43d4-9f64-330191cd5ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11855", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mpzcdreeve2x", "content": "CVE-2026-11855. Simple Membership before 4.7.5. Admin accounts hijacked via unvalidated Stripe webhooks. Script injection in notices. CVSS 8.8.\n\nNo patch available. Disable the plugin now.\n\nScan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-07-07T00:00:17.926873Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/50df245e-ccd4-43d4-9f64-330191cd5ed2/export</guid>
      <pubDate>Tue, 07 Jul 2026 00:00:17 +0000</pubDate>
    </item>
    <item>
      <title>690d218e-889f-4083-811b-b69291fd38aa</title>
      <link>https://vulnerability.circl.lu/sighting/690d218e-889f-4083-811b-b69291fd38aa/export</link>
      <description>{"uuid": "690d218e-889f-4083-811b-b69291fd38aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11855", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpxn2h5nrc23", "content": "CVE-2026-11855 - Simple Membership\nCVE ID : CVE-2026-11855\n \n Published : July 6, 2026, 6 a.m. | 1\u00a0hour, 48\u00a0minutes ago\n \n Description : The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is co...", "creation_timestamp": "2026-07-06T08:06:36.701639Z"}</description>
      <content:encoded>{"uuid": "690d218e-889f-4083-811b-b69291fd38aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11855", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpxn2h5nrc23", "content": "CVE-2026-11855 - Simple Membership\nCVE ID : CVE-2026-11855\n \n Published : July 6, 2026, 6 a.m. | 1\u00a0hour, 48\u00a0minutes ago\n \n Description : The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is co...", "creation_timestamp": "2026-07-06T08:06:36.701639Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/690d218e-889f-4083-811b-b69291fd38aa/export</guid>
      <pubDate>Mon, 06 Jul 2026 08:06:36 +0000</pubDate>
    </item>
    <item>
      <title>508724c2-934e-4f8f-b6fb-e99f23cdbca6</title>
      <link>https://vulnerability.circl.lu/sighting/508724c2-934e-4f8f-b6fb-e99f23cdbca6/export</link>
      <description>{"uuid": "508724c2-934e-4f8f-b6fb-e99f23cdbca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11856", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpriqx7mx42d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11856 \u0432 libcurl: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/51242BA7-9404-4277-9943-5274A5597234", "creation_timestamp": "2026-07-03T21:33:44.602153Z"}</description>
      <content:encoded>{"uuid": "508724c2-934e-4f8f-b6fb-e99f23cdbca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11856", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpriqx7mx42d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11856 \u0432 libcurl: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/51242BA7-9404-4277-9943-5274A5597234", "creation_timestamp": "2026-07-03T21:33:44.602153Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/508724c2-934e-4f8f-b6fb-e99f23cdbca6/export</guid>
      <pubDate>Fri, 03 Jul 2026 21:33:44 +0000</pubDate>
    </item>
    <item>
      <title>607b3d05-bf78-4a37-9ff8-a54dbb24f690</title>
      <link>https://vulnerability.circl.lu/sighting/607b3d05-bf78-4a37-9ff8-a54dbb24f690/export</link>
      <description>{"uuid": "607b3d05-bf78-4a37-9ff8-a54dbb24f690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11857", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moihyy3gvl2j", "content": "CVE-2026-11857 - Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalation\nCVE ID : CVE-2026-11857\n \n Published : June 17, 2026, 11:42 a.m. | 1\u00a0hour, 27\u00a0minutes ago\n \n Description : Quanos SCHEMA ST4 on-premises contain...", "creation_timestamp": "2026-06-17T14:01:10.748238Z"}</description>
      <content:encoded>{"uuid": "607b3d05-bf78-4a37-9ff8-a54dbb24f690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11857", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moihyy3gvl2j", "content": "CVE-2026-11857 - Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalation\nCVE ID : CVE-2026-11857\n \n Published : June 17, 2026, 11:42 a.m. | 1\u00a0hour, 27\u00a0minutes ago\n \n Description : Quanos SCHEMA ST4 on-premises contain...", "creation_timestamp": "2026-06-17T14:01:10.748238Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/607b3d05-bf78-4a37-9ff8-a54dbb24f690/export</guid>
      <pubDate>Wed, 17 Jun 2026 14:01:10 +0000</pubDate>
    </item>
    <item>
      <title>a2a8ac99-e2e9-4780-8cd0-12e61b2704e7</title>
      <link>https://vulnerability.circl.lu/sighting/a2a8ac99-e2e9-4780-8cd0-12e61b2704e7/export</link>
      <description>{"uuid": "a2a8ac99-e2e9-4780-8cd0-12e61b2704e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11858", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moihmi6ezz2j", "content": "CVE-2026-11858 - Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM\nCVE ID : CVE-2026-11858\n \n Published : June 17, 2026, 11:50 a.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : Quanos SCHEMA ST4 on-premises contains a local...", "creation_timestamp": "2026-06-17T13:54:11.505101Z"}</description>
      <content:encoded>{"uuid": "a2a8ac99-e2e9-4780-8cd0-12e61b2704e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11858", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moihmi6ezz2j", "content": "CVE-2026-11858 - Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM\nCVE ID : CVE-2026-11858\n \n Published : June 17, 2026, 11:50 a.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : Quanos SCHEMA ST4 on-premises contains a local...", "creation_timestamp": "2026-06-17T13:54:11.505101Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a2a8ac99-e2e9-4780-8cd0-12e61b2704e7/export</guid>
      <pubDate>Wed, 17 Jun 2026 13:54:11 +0000</pubDate>
    </item>
    <item>
      <title>cff2b912-a184-4ec2-a24a-68ade4f5c230</title>
      <link>https://vulnerability.circl.lu/sighting/cff2b912-a184-4ec2-a24a-68ade4f5c230/export</link>
      <description>{"uuid": "cff2b912-a184-4ec2-a24a-68ade4f5c230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11850", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3moee4eyg372o", "content": "krb5: patch CVE-2026-11850\n\nhttps://github.com/NixOS/nixpkgs/pull/531513\n\nhttps://tracker.security.nixos.org/issues/NIXPKGS-2026-1911\n\n#security", "creation_timestamp": "2026-06-15T22:40:51.239474Z"}</description>
      <content:encoded>{"uuid": "cff2b912-a184-4ec2-a24a-68ade4f5c230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11850", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3moee4eyg372o", "content": "krb5: patch CVE-2026-11850\n\nhttps://github.com/NixOS/nixpkgs/pull/531513\n\nhttps://tracker.security.nixos.org/issues/NIXPKGS-2026-1911\n\n#security", "creation_timestamp": "2026-06-15T22:40:51.239474Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cff2b912-a184-4ec2-a24a-68ade4f5c230/export</guid>
      <pubDate>Mon, 15 Jun 2026 22:40:51 +0000</pubDate>
    </item>
    <item>
      <title>8b2541ab-db16-4cdc-b333-722181f01d04</title>
      <link>https://vulnerability.circl.lu/sighting/8b2541ab-db16-4cdc-b333-722181f01d04/export</link>
      <description>{"uuid": "8b2541ab-db16-4cdc-b333-722181f01d04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11859", "type": "seen", "source": "https://bsky.app/profile/cybersecinsight.bsky.social/post/3mnz5ceuvon23", "content": "\ud83d\udd0d Vulnerability Spotlight | Part 2/3\n\n\u26a0\ufe0f CVE-2026-11859\n\nAn HTML injection vulnerability in the \"fetch links\" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Si...", "creation_timestamp": "2026-06-11T11:39:39.003006Z"}</description>
      <content:encoded>{"uuid": "8b2541ab-db16-4cdc-b333-722181f01d04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11859", "type": "seen", "source": "https://bsky.app/profile/cybersecinsight.bsky.social/post/3mnz5ceuvon23", "content": "\ud83d\udd0d Vulnerability Spotlight | Part 2/3\n\n\u26a0\ufe0f CVE-2026-11859\n\nAn HTML injection vulnerability in the \"fetch links\" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Si...", "creation_timestamp": "2026-06-11T11:39:39.003006Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8b2541ab-db16-4cdc-b333-722181f01d04/export</guid>
      <pubDate>Thu, 11 Jun 2026 11:39:39 +0000</pubDate>
    </item>
    <item>
      <title>4f6d8752-eb17-4cb0-997f-3984f7ebaf4e</title>
      <link>https://vulnerability.circl.lu/sighting/4f6d8752-eb17-4cb0-997f-3984f7ebaf4e/export</link>
      <description>{"uuid": "4f6d8752-eb17-4cb0-997f-3984f7ebaf4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11853", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkznj3r72m", "content": "CVE-2026-11853 - Debusine Arbitrary File Overwrite via Path Traversal\nCVE ID : CVE-2026-11853\n \n Published : June 10, 2026, 10:16 a.m. | 22\u00a0minutes ago\n \n Description : Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian sou...", "creation_timestamp": "2026-06-10T11:07:21.255248Z"}</description>
      <content:encoded>{"uuid": "4f6d8752-eb17-4cb0-997f-3984f7ebaf4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11853", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkznj3r72m", "content": "CVE-2026-11853 - Debusine Arbitrary File Overwrite via Path Traversal\nCVE ID : CVE-2026-11853\n \n Published : June 10, 2026, 10:16 a.m. | 22\u00a0minutes ago\n \n Description : Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian sou...", "creation_timestamp": "2026-06-10T11:07:21.255248Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4f6d8752-eb17-4cb0-997f-3984f7ebaf4e/export</guid>
      <pubDate>Wed, 10 Jun 2026 11:07:21 +0000</pubDate>
    </item>
    <item>
      <title>e8ebe703-348e-4d7a-adaa-9a8c545c6cb3</title>
      <link>https://vulnerability.circl.lu/sighting/e8ebe703-348e-4d7a-adaa-9a8c545c6cb3/export</link>
      <description>{"uuid": "e8ebe703-348e-4d7a-adaa-9a8c545c6cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11852", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkmx4jsw2r", "content": "CVE-2026-11852 - Debusine Artifact Relationship Management Insecure Access Control\nCVE ID : CVE-2026-11852\n \n Published : June 10, 2026, 10:16 a.m. | 22\u00a0minutes ago\n \n Description : Debusine is an integrated solution to build, distribute and maintain a Debian-based distributio...", "creation_timestamp": "2026-06-10T11:00:12.914333Z"}</description>
      <content:encoded>{"uuid": "e8ebe703-348e-4d7a-adaa-9a8c545c6cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11852", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnwkmx4jsw2r", "content": "CVE-2026-11852 - Debusine Artifact Relationship Management Insecure Access Control\nCVE ID : CVE-2026-11852\n \n Published : June 10, 2026, 10:16 a.m. | 22\u00a0minutes ago\n \n Description : Debusine is an integrated solution to build, distribute and maintain a Debian-based distributio...", "creation_timestamp": "2026-06-10T11:00:12.914333Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e8ebe703-348e-4d7a-adaa-9a8c545c6cb3/export</guid>
      <pubDate>Wed, 10 Jun 2026 11:00:12 +0000</pubDate>
    </item>
  </channel>
</rss>
