<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Tue, 14 Jul 2026 08:07:17 +0000</lastBuildDate>
    <item>
      <title>fb692df5-f467-4793-836d-8eb3cafc0328</title>
      <link>https://vulnerability.circl.lu/sighting/fb692df5-f467-4793-836d-8eb3cafc0328/export</link>
      <description>{"uuid": "fb692df5-f467-4793-836d-8eb3cafc0328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &amp;lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:08.045703Z"}</description>
      <content:encoded>{"uuid": "fb692df5-f467-4793-836d-8eb3cafc0328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &amp;lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:08.045703Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fb692df5-f467-4793-836d-8eb3cafc0328/export</guid>
      <pubDate>Tue, 14 Jul 2026 00:00:08 +0000</pubDate>
    </item>
    <item>
      <title>57927adf-3556-402e-a0c6-dc119851d727</title>
      <link>https://vulnerability.circl.lu/sighting/57927adf-3556-402e-a0c6-dc119851d727/export</link>
      <description>{"uuid": "57927adf-3556-402e-a0c6-dc119851d727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &amp;lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:04.851312Z"}</description>
      <content:encoded>{"uuid": "57927adf-3556-402e-a0c6-dc119851d727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://t.me/GithubRedTeam/92960", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-15282\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-11 10:37:44\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nInstant Appointment &amp;lt;= 1.2 \u2014 Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:04.851312Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/57927adf-3556-402e-a0c6-dc119851d727/export</guid>
      <pubDate>Mon, 13 Jul 2026 22:00:04 +0000</pubDate>
    </item>
    <item>
      <title>b5fda2d6-ff1d-4b54-a3e4-727102c3180a</title>
      <link>https://vulnerability.circl.lu/sighting/b5fda2d6-ff1d-4b54-a3e4-727102c3180a/export</link>
      <description>{"uuid": "b5fda2d6-ff1d-4b54-a3e4-727102c3180a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqiikeondb2b", "content": "\ud83d\udd34 CVE-2026-15282 - Critical (9.8)\n\nThe Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-15282/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-13T01:01:18.260449Z"}</description>
      <content:encoded>{"uuid": "b5fda2d6-ff1d-4b54-a3e4-727102c3180a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqiikeondb2b", "content": "\ud83d\udd34 CVE-2026-15282 - Critical (9.8)\n\nThe Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-15282/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-13T01:01:18.260449Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b5fda2d6-ff1d-4b54-a3e4-727102c3180a/export</guid>
      <pubDate>Mon, 13 Jul 2026 01:01:18 +0000</pubDate>
    </item>
    <item>
      <title>bfffd313-f35a-4061-b0f4-e5874b03e128</title>
      <link>https://vulnerability.circl.lu/sighting/bfffd313-f35a-4061-b0f4-e5874b03e128/export</link>
      <description>{"uuid": "bfffd313-f35a-4061-b0f4-e5874b03e128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j", "content": "CVE-2026-15282. CVSS 9.8. Instant Appointment plugin lets anyone upload files. wp-config.php. Database dumps. Shell code. All unauth. Update to 1.2 now. Scan: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-11T00:00:32.636759Z"}</description>
      <content:encoded>{"uuid": "bfffd313-f35a-4061-b0f4-e5874b03e128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j", "content": "CVE-2026-15282. CVSS 9.8. Instant Appointment plugin lets anyone upload files. wp-config.php. Database dumps. Shell code. All unauth. Update to 1.2 now. Scan: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-11T00:00:32.636759Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bfffd313-f35a-4061-b0f4-e5874b03e128/export</guid>
      <pubDate>Sat, 11 Jul 2026 00:00:32 +0000</pubDate>
    </item>
    <item>
      <title>6a97e3cb-7d82-4d92-934c-386ee349b568</title>
      <link>https://vulnerability.circl.lu/sighting/6a97e3cb-7d82-4d92-934c-386ee349b568/export</link>
      <description>{"uuid": "6a97e3cb-7d82-4d92-934c-386ee349b568", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z", "content": "CVE-2026-15282 - instant appointment\nAn outdated version of the Instant Appointment plugin for WordPress allows unauthorized users to upload any file to the server. This could potentially\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#instantappointment #tenteeglobal #CVE #infosec", "creation_timestamp": "2026-07-10T05:16:07.130906Z"}</description>
      <content:encoded>{"uuid": "6a97e3cb-7d82-4d92-934c-386ee349b568", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15282", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z", "content": "CVE-2026-15282 - instant appointment\nAn outdated version of the Instant Appointment plugin for WordPress allows unauthorized users to upload any file to the server. This could potentially\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#instantappointment #tenteeglobal #CVE #infosec", "creation_timestamp": "2026-07-10T05:16:07.130906Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6a97e3cb-7d82-4d92-934c-386ee349b568/export</guid>
      <pubDate>Fri, 10 Jul 2026 05:16:07 +0000</pubDate>
    </item>
  </channel>
</rss>
