<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 08 Jul 2026 23:47:15 +0000</lastBuildDate>
    <item>
      <title>32e02b42-d9ef-48e6-9b5c-b6bf25431622</title>
      <link>https://vulnerability.circl.lu/sighting/32e02b42-d9ef-48e6-9b5c-b6bf25431622/export</link>
      <description>{"uuid": "32e02b42-d9ef-48e6-9b5c-b6bf25431622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34048", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116877166458368676", "content": "CVE-2026-34048 (CRITICAL, CVSS 9.9): improper auth in coollabsio Coolify (&amp;lt;4.0.0-beta.471) lets low-priv users execute commands via terminal websockets. Update to 4.0.0-beta.471 ASAP. https://radar.offseq.com/threat/cve-2026-34048-cwe-285-improper-authorization-in-c-485c49c27b765944 #OffSeq #Coolify #CVE202634048 #infosec", "creation_timestamp": "2026-07-07T06:00:35.020591Z"}</description>
      <content:encoded>{"uuid": "32e02b42-d9ef-48e6-9b5c-b6bf25431622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34048", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116877166458368676", "content": "CVE-2026-34048 (CRITICAL, CVSS 9.9): improper auth in coollabsio Coolify (&amp;lt;4.0.0-beta.471) lets low-priv users execute commands via terminal websockets. Update to 4.0.0-beta.471 ASAP. https://radar.offseq.com/threat/cve-2026-34048-cwe-285-improper-authorization-in-c-485c49c27b765944 #OffSeq #Coolify #CVE202634048 #infosec", "creation_timestamp": "2026-07-07T06:00:35.020591Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/32e02b42-d9ef-48e6-9b5c-b6bf25431622/export</guid>
      <pubDate>Tue, 07 Jul 2026 06:00:35 +0000</pubDate>
    </item>
    <item>
      <title>57aa6359-f720-4da6-a356-edb74b14d859</title>
      <link>https://vulnerability.circl.lu/sighting/57aa6359-f720-4da6-a356-edb74b14d859/export</link>
      <description>{"uuid": "57aa6359-f720-4da6-a356-edb74b14d859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34048", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpzwhvprga2r", "content": "CVE-2026-34048: CRITICAL in coollabsio Coolify (&amp;lt;4.0.0-beta.471) enables low-priv team members to run commands on servers. Patch to 4.0.0-beta.471 now. https://radar.offseq.com/threat/cve-2026-34048-cwe-285-improper-authorization-in-c-485c49c27b765944 #OffSeq #Coolify #CVE202634048", "creation_timestamp": "2026-07-07T06:00:31.913927Z"}</description>
      <content:encoded>{"uuid": "57aa6359-f720-4da6-a356-edb74b14d859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34048", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpzwhvprga2r", "content": "CVE-2026-34048: CRITICAL in coollabsio Coolify (&amp;lt;4.0.0-beta.471) enables low-priv team members to run commands on servers. Patch to 4.0.0-beta.471 now. https://radar.offseq.com/threat/cve-2026-34048-cwe-285-improper-authorization-in-c-485c49c27b765944 #OffSeq #Coolify #CVE202634048", "creation_timestamp": "2026-07-07T06:00:31.913927Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/57aa6359-f720-4da6-a356-edb74b14d859/export</guid>
      <pubDate>Tue, 07 Jul 2026 06:00:31 +0000</pubDate>
    </item>
    <item>
      <title>2a9d818f-867b-468e-a7d1-e88053e86763</title>
      <link>https://vulnerability.circl.lu/sighting/2a9d818f-867b-468e-a7d1-e88053e86763/export</link>
      <description>{"uuid": "2a9d818f-867b-468e-a7d1-e88053e86763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzqfksntd2a", "content": "CVE-2026-34048 - Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers\nCVE ID : CVE-2026-34048\n \n Published : July 7, 2026, 3:19 a.m. | 28\u00a0minutes ago\n \n Description : Coolify is an open-source a...", "creation_timestamp": "2026-07-07T04:11:50.423686Z"}</description>
      <content:encoded>{"uuid": "2a9d818f-867b-468e-a7d1-e88053e86763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzqfksntd2a", "content": "CVE-2026-34048 - Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers\nCVE ID : CVE-2026-34048\n \n Published : July 7, 2026, 3:19 a.m. | 28\u00a0minutes ago\n \n Description : Coolify is an open-source a...", "creation_timestamp": "2026-07-07T04:11:50.423686Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2a9d818f-867b-468e-a7d1-e88053e86763/export</guid>
      <pubDate>Tue, 07 Jul 2026 04:11:50 +0000</pubDate>
    </item>
    <item>
      <title>21424613-cf7d-4858-a7ba-76506fe1c07f</title>
      <link>https://vulnerability.circl.lu/sighting/21424613-cf7d-4858-a7ba-76506fe1c07f/export</link>
      <description>{"uuid": "21424613-cf7d-4858-a7ba-76506fe1c07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34048", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpzpxol2362e", "content": "CVE-2026-34048 - coolify\nA security issue in Coolify's terminal feature allows team members with limited access to run server commands on other team members' servers. This could lead to unintended changes\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#coolify #coollabsio #CVE #infosec", "creation_timestamp": "2026-07-07T04:04:04.310184Z"}</description>
      <content:encoded>{"uuid": "21424613-cf7d-4858-a7ba-76506fe1c07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34048", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpzpxol2362e", "content": "CVE-2026-34048 - coolify\nA security issue in Coolify's terminal feature allows team members with limited access to run server commands on other team members' servers. This could lead to unintended changes\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#coolify #coollabsio #CVE #infosec", "creation_timestamp": "2026-07-07T04:04:04.310184Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/21424613-cf7d-4858-a7ba-76506fe1c07f/export</guid>
      <pubDate>Tue, 07 Jul 2026 04:04:04 +0000</pubDate>
    </item>
  </channel>
</rss>
