https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 31 May 2026 10:14:04 +0000 https://vulnerability.circl.lu/sighting/f1fa7190-e0d5-4428-b652-43fc02e6c3a5/export {"uuid": "f1fa7190-e0d5-4428-b652-43fc02e6c3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml6gnh5gim2i", "content": "CVE-2026-23926 - Stored XSS vulnerability in Host navigator widget maintenance tooltip\nCVE ID : CVE-2026-23926\n \n Published : May 6, 2026, 6:58 a.m. | 1\u00a0hour, 40\u00a0minutes ago\n \n Description : An authenticated (non-super) administrator can create a maintenance period with a Java...", "creation_timestamp": "2026-05-06T09:54:38.180130Z"} {"uuid": "f1fa7190-e0d5-4428-b652-43fc02e6c3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml6gnh5gim2i", "content": "CVE-2026-23926 - Stored XSS vulnerability in Host navigator widget maintenance tooltip\nCVE ID : CVE-2026-23926\n \n Published : May 6, 2026, 6:58 a.m. | 1\u00a0hour, 40\u00a0minutes ago\n \n Description : An authenticated (non-super) administrator can create a maintenance period with a Java...", "creation_timestamp": "2026-05-06T09:54:38.180130Z"} https://vulnerability.circl.lu/sighting/f1fa7190-e0d5-4428-b652-43fc02e6c3a5/export Wed, 06 May 2026 09:54:38 +0000 https://vulnerability.circl.lu/sighting/04231ee2-0ec3-4cdb-8d0f-a1373bb73b1d/export {"uuid": "04231ee2-0ec3-4cdb-8d0f-a1373bb73b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23926", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3ml6w2c6y7n2q", "content": "\ud83d\udd17 CVE : CVE-2026-23926, CVE-2026-23927, CVE-2026-23928", "creation_timestamp": "2026-05-06T14:30:15.168692Z"} {"uuid": "04231ee2-0ec3-4cdb-8d0f-a1373bb73b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23926", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3ml6w2c6y7n2q", "content": "\ud83d\udd17 CVE : CVE-2026-23926, CVE-2026-23927, CVE-2026-23928", "creation_timestamp": "2026-05-06T14:30:15.168692Z"} https://vulnerability.circl.lu/sighting/04231ee2-0ec3-4cdb-8d0f-a1373bb73b1d/export Wed, 06 May 2026 14:30:15 +0000 https://vulnerability.circl.lu/sighting/1b921c7d-d425-436f-8dd2-4811f823e462/export {"uuid": "1b921c7d-d425-436f-8dd2-4811f823e462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-23926", "type": "seen", "source": "https://gist.github.com/ichintu/132149d58c5ff9f9c5a0edbb57b66395", "content": "**1. Multiple Critical Vulnerabilities Patched in Next.js and React Server Components** \nVercel issued advisories covering over a dozen CVEs in Next.js, including DoS, middleware bypass, and SSRF. The notes also address issues in React Server Components. Read more: (May\u202f08\u202f2026). \n\n**2. Critical 9.9 CVSS Rancher Fleet Flaw Grants Full Cluster\u2011Admin Access** \nA pair of high\u2011severity bugs (CVSS\u202f9.9) in Rancher Fleet\u2019s GitOps engine let attackers gain unrestricted cluster\u2011admin rights. Reported by the SUSE Rancher Security team. Details:\u202f (May\u202f08\u202f2026). \n\n**3. Zabbix Flaws Allow Monitored Hosts to Hijack Admin Dashboards** \nThree critical flaws\u2014including XSS and an Oracle injection\u2014can allow compromised monitored hosts to take over Zabbix admin dashboards. Patch released May\u202f08\u202f2026; CVE\u20112026\u201123926 among them. More: . \n\n**4. Canvas Breach Disrupts Schools & Colleges Nationwide** \nAn extortion campaign defaced Canvas ESL login pages, demanding ransom and threatening data release. Roughly 275\u202fmillion students and faculty across 9,000 U.S. institutions are affected, causing widespread academic disruption. \n\n**5. Palo Alto Networks Firewall Flaw Exploited for Weeks** \nA critical zero\u2011day (CVE\u20112026\u20110300) in PAN\u2011OS\u2019s Captive Portal allows root\u2011level code execution without authentication. Already abused by state\u2011sponsored actors; >5,400 internet\u2011exposed firewalls at risk. Interim advice: restrict or disable the portal. \n\n**6. Become a Millionaire by Bug Hunting on Android** \nGoogle\u2019s bug bounty now rewards up to $1.5\u202fmillion for critical Android vulnerabilities (Pixel\u202fTitan\u202fM2) and $250,000 for Chrome. Total payouts to date exceed $81.6\u202fmillion. \n\n**7. 13 New Critical Holes in JavaScript Sandbox (vm2) Allow Arbitrary Code Execution** \nSuspected sandbox escapes in vm2 (CVE\u20112026\u201126956, 44007, etc.) enabling OS\u2011level command execution under specific conditions. Immediate upgrade to v3.11.2 (or at least v3.11.1) is required; otherwise use containment or hardened containers.", "creation_timestamp": "2026-05-08T04:00:39.000000Z"} {"uuid": "1b921c7d-d425-436f-8dd2-4811f823e462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-23926", "type": "seen", "source": "https://gist.github.com/ichintu/132149d58c5ff9f9c5a0edbb57b66395", "content": "**1. Multiple Critical Vulnerabilities Patched in Next.js and React Server Components** \nVercel issued advisories covering over a dozen CVEs in Next.js, including DoS, middleware bypass, and SSRF. The notes also address issues in React Server Components. Read more: (May\u202f08\u202f2026). \n\n**2. Critical 9.9 CVSS Rancher Fleet Flaw Grants Full Cluster\u2011Admin Access** \nA pair of high\u2011severity bugs (CVSS\u202f9.9) in Rancher Fleet\u2019s GitOps engine let attackers gain unrestricted cluster\u2011admin rights. Reported by the SUSE Rancher Security team. Details:\u202f (May\u202f08\u202f2026). \n\n**3. Zabbix Flaws Allow Monitored Hosts to Hijack Admin Dashboards** \nThree critical flaws\u2014including XSS and an Oracle injection\u2014can allow compromised monitored hosts to take over Zabbix admin dashboards. Patch released May\u202f08\u202f2026; CVE\u20112026\u201123926 among them. More: . \n\n**4. Canvas Breach Disrupts Schools & Colleges Nationwide** \nAn extortion campaign defaced Canvas ESL login pages, demanding ransom and threatening data release. Roughly 275\u202fmillion students and faculty across 9,000 U.S. institutions are affected, causing widespread academic disruption. \n\n**5. Palo Alto Networks Firewall Flaw Exploited for Weeks** \nA critical zero\u2011day (CVE\u20112026\u20110300) in PAN\u2011OS\u2019s Captive Portal allows root\u2011level code execution without authentication. Already abused by state\u2011sponsored actors; >5,400 internet\u2011exposed firewalls at risk. Interim advice: restrict or disable the portal. \n\n**6. Become a Millionaire by Bug Hunting on Android** \nGoogle\u2019s bug bounty now rewards up to $1.5\u202fmillion for critical Android vulnerabilities (Pixel\u202fTitan\u202fM2) and $250,000 for Chrome. Total payouts to date exceed $81.6\u202fmillion. \n\n**7. 13 New Critical Holes in JavaScript Sandbox (vm2) Allow Arbitrary Code Execution** \nSuspected sandbox escapes in vm2 (CVE\u20112026\u201126956, 44007, etc.) enabling OS\u2011level command execution under specific conditions. Immediate upgrade to v3.11.2 (or at least v3.11.1) is required; otherwise use containment or hardened containers.", "creation_timestamp": "2026-05-08T04:00:39.000000Z"} https://vulnerability.circl.lu/sighting/1b921c7d-d425-436f-8dd2-4811f823e462/export Fri, 08 May 2026 04:00:39 +0000