https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 31 May 2026 21:07:30 +0000 https://vulnerability.circl.lu/sighting/224d7489-aee1-496c-b925-02e7705571c0/export {"uuid": "224d7489-aee1-496c-b925-02e7705571c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42571", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlhhd4dhnd2p", "content": "\u26a0\ufe0f CRITICAL: PelicanPlatform pelican OAuth bug allows privilege escalation to admin in several versions. Update to 7.21.5, 7.22.3, 7.23.3, or 7.24.2 ASAP. More info: https://radar.offseq.com/threat/cve-2026-42571-cwe-863-incorrect-authorization-in--97117d66 #OffSeq #Security #Vulnerability", "creation_timestamp": "2026-05-10T00:00:43.148815Z"} {"uuid": "224d7489-aee1-496c-b925-02e7705571c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42571", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlhhd4dhnd2p", "content": "\u26a0\ufe0f CRITICAL: PelicanPlatform pelican OAuth bug allows privilege escalation to admin in several versions. Update to 7.21.5, 7.22.3, 7.23.3, or 7.24.2 ASAP. More info: https://radar.offseq.com/threat/cve-2026-42571-cwe-863-incorrect-authorization-in--97117d66 #OffSeq #Security #Vulnerability", "creation_timestamp": "2026-05-10T00:00:43.148815Z"} https://vulnerability.circl.lu/sighting/224d7489-aee1-496c-b925-02e7705571c0/export Sun, 10 May 2026 00:00:43 +0000 https://vulnerability.circl.lu/sighting/ae0593be-ac37-452f-acb0-a5b84952d71a/export {"uuid": "ae0593be-ac37-452f-acb0-a5b84952d71a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42571", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116547337599753045", "content": "\ud83d\udea8 CRITICAL: CVE-2026-42571 in PelicanPlatform pelican (7.21.0 \u2013 7.21.4, 7.22.0 \u2013 7.22.2, 7.23.0 \u2013 7.23.2, 7.24.0 \u2013 7.24.1) lets OAuth users escalate to admin. Patch to 7.21.5/7.22.3/7.23.3/7.24.2. Details: https://radar.offseq.com/threat/cve-2026-42571-cwe-863-incorrect-authorization-in--97117d66 #OffSeq #Vuln #PelicanPlatform", "creation_timestamp": "2026-05-10T00:01:03.105060Z"} {"uuid": "ae0593be-ac37-452f-acb0-a5b84952d71a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42571", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116547337599753045", "content": "\ud83d\udea8 CRITICAL: CVE-2026-42571 in PelicanPlatform pelican (7.21.0 \u2013 7.21.4, 7.22.0 \u2013 7.22.2, 7.23.0 \u2013 7.23.2, 7.24.0 \u2013 7.24.1) lets OAuth users escalate to admin. Patch to 7.21.5/7.22.3/7.23.3/7.24.2. Details: https://radar.offseq.com/threat/cve-2026-42571-cwe-863-incorrect-authorization-in--97117d66 #OffSeq #Vuln #PelicanPlatform", "creation_timestamp": "2026-05-10T00:01:03.105060Z"} https://vulnerability.circl.lu/sighting/ae0593be-ac37-452f-acb0-a5b84952d71a/export Sun, 10 May 2026 00:01:03 +0000 https://vulnerability.circl.lu/sighting/fdedbfcf-f32e-4cf9-b213-224281bcd3c6/export {"uuid": "fdedbfcf-f32e-4cf9-b213-224281bcd3c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42575", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116548044393536365", "content": "\u26a0\ufe0f HIGH severity: chainguard-dev apko (<1.2.7) doesn't verify downloaded .apk checksums vs signed index. Attackers can inject rogue packages into OCI images if download sources are compromised. Patch: upgrade to 1.2.7. CVE-2026-42575 https://radar.offseq.com/threat/cve-2026-42575-cwe-345-insufficient-verification-o-918c9a44 #OffSeq #ContainerSecurity", "creation_timestamp": "2026-05-10T03:00:27.075159Z"} {"uuid": "fdedbfcf-f32e-4cf9-b213-224281bcd3c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42575", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116548044393536365", "content": "\u26a0\ufe0f HIGH severity: chainguard-dev apko (<1.2.7) doesn't verify downloaded .apk checksums vs signed index. Attackers can inject rogue packages into OCI images if download sources are compromised. Patch: upgrade to 1.2.7. CVE-2026-42575 https://radar.offseq.com/threat/cve-2026-42575-cwe-345-insufficient-verification-o-918c9a44 #OffSeq #ContainerSecurity", "creation_timestamp": "2026-05-10T03:00:27.075159Z"} https://vulnerability.circl.lu/sighting/fdedbfcf-f32e-4cf9-b213-224281bcd3c6/export Sun, 10 May 2026 03:00:27 +0000 https://vulnerability.circl.lu/sighting/97b96810-a9c8-417b-99d1-4df9378e18cb/export {"uuid": "97b96810-a9c8-417b-99d1-4df9378e18cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42575", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlhreji2nc2l", "content": "HIGH severity: chainguard-dev apko (<1.2.7) skips verifying .apk checksums, risking rogue package injection if downloads are tampered. Upgrade to 1.2.7 now! https://radar.offseq.com/threat/cve-2026-42575-cwe-345-insufficient-verification-o-918c9a44 #OffSeq #ContainerSecurity", "creation_timestamp": "2026-05-10T03:00:31.650581Z"} {"uuid": "97b96810-a9c8-417b-99d1-4df9378e18cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42575", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlhreji2nc2l", "content": "HIGH severity: chainguard-dev apko (<1.2.7) skips verifying .apk checksums, risking rogue package injection if downloads are tampered. Upgrade to 1.2.7 now! https://radar.offseq.com/threat/cve-2026-42575-cwe-345-insufficient-verification-o-918c9a44 #OffSeq #ContainerSecurity", "creation_timestamp": "2026-05-10T03:00:31.650581Z"} https://vulnerability.circl.lu/sighting/97b96810-a9c8-417b-99d1-4df9378e18cb/export Sun, 10 May 2026 03:00:31 +0000 https://vulnerability.circl.lu/sighting/77cfb4ef-f6db-4282-80c5-e1eebdcbba85/export {"uuid": "77cfb4ef-f6db-4282-80c5-e1eebdcbba85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42574", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlhwfje37k2y", "content": "\u26a0\ufe0f HIGH severity: Path traversal in chainguard-dev apko (0.14.8 \u2013 1.2.4) lets attackers write outside build root with crafted .apk files. Upgrade to 1.2.5+ and avoid untrusted .apk packages. Details: https://radar.offseq.com/threat/cve-2026-42574-cwe-22-improper-limitation-of-a-pat-9650dedf #OffS...", "creation_timestamp": "2026-05-10T04:30:29.769038Z"} {"uuid": "77cfb4ef-f6db-4282-80c5-e1eebdcbba85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42574", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlhwfje37k2y", "content": "\u26a0\ufe0f HIGH severity: Path traversal in chainguard-dev apko (0.14.8 \u2013 1.2.4) lets attackers write outside build root with crafted .apk files. Upgrade to 1.2.5+ and avoid untrusted .apk packages. Details: https://radar.offseq.com/threat/cve-2026-42574-cwe-22-improper-limitation-of-a-pat-9650dedf #OffS...", "creation_timestamp": "2026-05-10T04:30:29.769038Z"} https://vulnerability.circl.lu/sighting/77cfb4ef-f6db-4282-80c5-e1eebdcbba85/export Sun, 10 May 2026 04:30:29 +0000 https://vulnerability.circl.lu/sighting/49cdf2c7-d70c-401d-aa3d-213d432c587d/export {"uuid": "49cdf2c7-d70c-401d-aa3d-213d432c587d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42574", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116548398424487044", "content": "\ud83d\udea8 HIGH severity in chainguard-dev apko (v0.14.8 \u2013 1.2.4): Path traversal via crafted .apk symlinks (CVE-2026-42574) risks file writes outside the build root. Patch in v1.2.5. Upgrade ASAP & avoid untrusted .apk! https://radar.offseq.com/threat/cve-2026-42574-cwe-22-improper-limitation-of-a-pat-9650dedf #OffSeq #cybersecurity #linux #containers", "creation_timestamp": "2026-05-10T04:30:40.356356Z"} {"uuid": "49cdf2c7-d70c-401d-aa3d-213d432c587d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42574", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116548398424487044", "content": "\ud83d\udea8 HIGH severity in chainguard-dev apko (v0.14.8 \u2013 1.2.4): Path traversal via crafted .apk symlinks (CVE-2026-42574) risks file writes outside the build root. Patch in v1.2.5. Upgrade ASAP & avoid untrusted .apk! https://radar.offseq.com/threat/cve-2026-42574-cwe-22-improper-limitation-of-a-pat-9650dedf #OffSeq #cybersecurity #linux #containers", "creation_timestamp": "2026-05-10T04:30:40.356356Z"} https://vulnerability.circl.lu/sighting/49cdf2c7-d70c-401d-aa3d-213d432c587d/export Sun, 10 May 2026 04:30:40 +0000 https://vulnerability.circl.lu/sighting/18ea256a-3bd2-4500-943b-f2586a41395e/export {"uuid": "18ea256a-3bd2-4500-943b-f2586a41395e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "https://t.me/GithubRedTeam/83760", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-4257\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shootcannon\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-11 05:26:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nSSTI contact form to rce\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-11T06:00:04.000000Z"} {"uuid": "18ea256a-3bd2-4500-943b-f2586a41395e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "https://t.me/GithubRedTeam/83760", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-4257\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shootcannon\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-11 05:26:48\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nSSTI contact form to rce\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-11T06:00:04.000000Z"} https://vulnerability.circl.lu/sighting/18ea256a-3bd2-4500-943b-f2586a41395e/export Mon, 11 May 2026 06:00:04 +0000 https://vulnerability.circl.lu/sighting/d50688db-8ebb-4dd7-b148-20ae28132fe9/export {"uuid": "d50688db-8ebb-4dd7-b148-20ae28132fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "Telegram/mQRcWYV3RpmllzBMUDvWcp1GmVWqzNCK3wJkik9yPjInnYI", "content": "", "creation_timestamp": "2026-05-11T07:00:14.000000Z"} {"uuid": "d50688db-8ebb-4dd7-b148-20ae28132fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "Telegram/mQRcWYV3RpmllzBMUDvWcp1GmVWqzNCK3wJkik9yPjInnYI", "content": "", "creation_timestamp": "2026-05-11T07:00:14.000000Z"} https://vulnerability.circl.lu/sighting/d50688db-8ebb-4dd7-b148-20ae28132fe9/export Mon, 11 May 2026 07:00:14 +0000 https://vulnerability.circl.lu/sighting/4194b4ef-f080-462b-b797-04b83a0f270a/export {"uuid": "4194b4ef-f080-462b-b797-04b83a0f270a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "Telegram/9XqhTISUbDUPo_c26c1BEinqDeNjvDc1gYqinuT1sIOuN_4", "content": "", "creation_timestamp": "2026-05-11T09:00:05.000000Z"} {"uuid": "4194b4ef-f080-462b-b797-04b83a0f270a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "Telegram/9XqhTISUbDUPo_c26c1BEinqDeNjvDc1gYqinuT1sIOuN_4", "content": "", "creation_timestamp": "2026-05-11T09:00:05.000000Z"} https://vulnerability.circl.lu/sighting/4194b4ef-f080-462b-b797-04b83a0f270a/export Mon, 11 May 2026 09:00:05 +0000 https://vulnerability.circl.lu/sighting/c2823eec-9b45-44b4-a37b-aaac3d07658a/export {"uuid": "c2823eec-9b45-44b4-a37b-aaac3d07658a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_plugin_supsystic_contact_form_rce.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"Azril Fathoni\", \"bootstrapbool \"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This module performs SSTI achieving RCE in webpages containing the\\n Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and\\n before.\", \"disclosure_date\": \"2026-03-30\", \"fullname\": \"exploit/multi/http/wp_plugin_supsystic_contact_form_rce\", \"is_install_path\": true, \"mod_time\": \"2026-05-24 20:43:09 +0000\", \"name\": \"Supsystic Contact Form Wordpress Plugin SSTI RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/wp_plugin_supsystic_contact_form_rce.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/wp_plugin_supsystic_contact_form_rce\", \"references\": [\"CVE-2026-4257\", \"URL-https://github.com/bootstrapbool/cve-2026-4257\"], \"rport\": 80, \"session_types\": false, \"targets\": [\"Unix/Linux Command Shell\", \"Windows Command Shell\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-05-26T00:19:39.000000Z"} {"uuid": "c2823eec-9b45-44b4-a37b-aaac3d07658a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4257", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_plugin_supsystic_contact_form_rce.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"Azril Fathoni\", \"bootstrapbool \"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This module performs SSTI achieving RCE in webpages containing the\\n Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and\\n before.\", \"disclosure_date\": \"2026-03-30\", \"fullname\": \"exploit/multi/http/wp_plugin_supsystic_contact_form_rce\", \"is_install_path\": true, \"mod_time\": \"2026-05-24 20:43:09 +0000\", \"name\": \"Supsystic Contact Form Wordpress Plugin SSTI RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/wp_plugin_supsystic_contact_form_rce.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/wp_plugin_supsystic_contact_form_rce\", \"references\": [\"CVE-2026-4257\", \"URL-https://github.com/bootstrapbool/cve-2026-4257\"], \"rport\": 80, \"session_types\": false, \"targets\": [\"Unix/Linux Command Shell\", \"Windows Command Shell\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-05-26T00:19:39.000000Z"} https://vulnerability.circl.lu/sighting/c2823eec-9b45-44b4-a37b-aaac3d07658a/export Tue, 26 May 2026 00:19:39 +0000