<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 16 Jul 2026 08:01:44 +0000</lastBuildDate>
    <item>
      <title>09f20922-00b1-4158-b476-7bafa649e71c</title>
      <link>https://vulnerability.circl.lu/sighting/09f20922-00b1-4158-b476-7bafa649e71c/export</link>
      <description>{"uuid": "09f20922-00b1-4158-b476-7bafa649e71c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqnwy4trhl2f", "content": "Daily IT Security Digest \u2014 2026-07-15\nPatch Yet\n\nA critical authentication bypass vulnerability (CVE-2026-57807) was discovered in miniOrange OAuth SSO plugins (versions \u2264 38.5.8), particularly those integrating with Microsoft Copilot and SharePoint for Drupal. The flaw can be exploited via the", "creation_timestamp": "2026-07-15T05:02:50.246964Z"}</description>
      <content:encoded>{"uuid": "09f20922-00b1-4158-b476-7bafa649e71c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqnwy4trhl2f", "content": "Daily IT Security Digest \u2014 2026-07-15\nPatch Yet\n\nA critical authentication bypass vulnerability (CVE-2026-57807) was discovered in miniOrange OAuth SSO plugins (versions \u2264 38.5.8), particularly those integrating with Microsoft Copilot and SharePoint for Drupal. The flaw can be exploited via the", "creation_timestamp": "2026-07-15T05:02:50.246964Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/09f20922-00b1-4158-b476-7bafa649e71c/export</guid>
      <pubDate>Wed, 15 Jul 2026 05:02:50 +0000</pubDate>
    </item>
    <item>
      <title>e498a2d0-d080-468b-ac06-d41a7e8e8a9e</title>
      <link>https://vulnerability.circl.lu/sighting/e498a2d0-d080-468b-ac06-d41a7e8e8a9e/export</link>
      <description>{"uuid": "e498a2d0-d080-468b-ac06-d41a7e8e8a9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqlgjyftrh2p", "content": "Daily IT Security Digest \u2014 2026-07-14\nor later as soon as possible to close this attack vector.\nSources: https://infosec.exchange/@offseq/116887783224020082\n\n## 6. CRITICAL \u2014 miniOrange OAuth SSO Auth Bypass (CVE-2026-57807)\nAn authentication bypass flaw in miniOrange OAuth SSO (versions \u226438.5.8)", "creation_timestamp": "2026-07-14T05:03:16.829011Z"}</description>
      <content:encoded>{"uuid": "e498a2d0-d080-468b-ac06-d41a7e8e8a9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqlgjyftrh2p", "content": "Daily IT Security Digest \u2014 2026-07-14\nor later as soon as possible to close this attack vector.\nSources: https://infosec.exchange/@offseq/116887783224020082\n\n## 6. CRITICAL \u2014 miniOrange OAuth SSO Auth Bypass (CVE-2026-57807)\nAn authentication bypass flaw in miniOrange OAuth SSO (versions \u226438.5.8)", "creation_timestamp": "2026-07-14T05:03:16.829011Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e498a2d0-d080-468b-ac06-d41a7e8e8a9e/export</guid>
      <pubDate>Tue, 14 Jul 2026 05:03:16 +0000</pubDate>
    </item>
    <item>
      <title>a0bf5c5c-da3e-48d7-a4a9-f29ec8d3faf1</title>
      <link>https://vulnerability.circl.lu/sighting/a0bf5c5c-da3e-48d7-a4a9-f29ec8d3faf1/export</link>
      <description>{"uuid": "a0bf5c5c-da3e-48d7-a4a9-f29ec8d3faf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqivyorz2o23", "content": "Daily IT Security Digest \u2014 2026-07-13\nOrganizations should monitor for vendor updates and consider compensating controls.\nSource: https://radar.offseq.com/threat/cve-2026-57807, https://infosec.exchange/@offseq/116899107707038521\n\n## 3. Microsoft Defender Zero-Day (RoguePlanet) \u2014 SYSTEM Access\nA", "creation_timestamp": "2026-07-13T05:01:58.877182Z"}</description>
      <content:encoded>{"uuid": "a0bf5c5c-da3e-48d7-a4a9-f29ec8d3faf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqivyorz2o23", "content": "Daily IT Security Digest \u2014 2026-07-13\nOrganizations should monitor for vendor updates and consider compensating controls.\nSource: https://radar.offseq.com/threat/cve-2026-57807, https://infosec.exchange/@offseq/116899107707038521\n\n## 3. Microsoft Defender Zero-Day (RoguePlanet) \u2014 SYSTEM Access\nA", "creation_timestamp": "2026-07-13T05:01:58.877182Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a0bf5c5c-da3e-48d7-a4a9-f29ec8d3faf1/export</guid>
      <pubDate>Mon, 13 Jul 2026 05:01:58 +0000</pubDate>
    </item>
    <item>
      <title>9b3e0671-cf2e-404b-ac48-2f7f53c8b3d6</title>
      <link>https://vulnerability.circl.lu/sighting/9b3e0671-cf2e-404b-ac48-2f7f53c8b3d6/export</link>
      <description>{"uuid": "9b3e0671-cf2e-404b-ac48-2f7f53c8b3d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqivyojcz72x", "content": "Daily IT Security Digest \u2014 2026-07-13\nCRITICAL: miniOrange OAuth SSO Authentication Bypass \u2014 CVE-2026-57807\nA critical authentication bypass in miniOrange OAuth SSO (versions \u2264 38.5.8) can be exploited through the password recovery flow, enabling full account compromise. No patch has been released", "creation_timestamp": "2026-07-13T05:01:58.341540Z"}</description>
      <content:encoded>{"uuid": "9b3e0671-cf2e-404b-ac48-2f7f53c8b3d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqivyojcz72x", "content": "Daily IT Security Digest \u2014 2026-07-13\nCRITICAL: miniOrange OAuth SSO Authentication Bypass \u2014 CVE-2026-57807\nA critical authentication bypass in miniOrange OAuth SSO (versions \u2264 38.5.8) can be exploited through the password recovery flow, enabling full account compromise. No patch has been released", "creation_timestamp": "2026-07-13T05:01:58.341540Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9b3e0671-cf2e-404b-ac48-2f7f53c8b3d6/export</guid>
      <pubDate>Mon, 13 Jul 2026 05:01:58 +0000</pubDate>
    </item>
    <item>
      <title>916eb27d-ceed-4277-8f6d-1472b08f32c6</title>
      <link>https://vulnerability.circl.lu/sighting/916eb27d-ceed-4277-8f6d-1472b08f32c6/export</link>
      <description>{"uuid": "916eb27d-ceed-4277-8f6d-1472b08f32c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mqginknoyn22", "content": "CVE-2026-57807: Bypass total en plugin OAuth de WordPress\n\n#cve202657807 #miniorangeoauth #wordpresssso #bypassautenticacion #seguridadwordpress", "creation_timestamp": "2026-07-12T05:57:45.926871Z"}</description>
      <content:encoded>{"uuid": "916eb27d-ceed-4277-8f6d-1472b08f32c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mqginknoyn22", "content": "CVE-2026-57807: Bypass total en plugin OAuth de WordPress\n\n#cve202657807 #miniorangeoauth #wordpresssso #bypassautenticacion #seguridadwordpress", "creation_timestamp": "2026-07-12T05:57:45.926871Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/916eb27d-ceed-4277-8f6d-1472b08f32c6/export</guid>
      <pubDate>Sun, 12 Jul 2026 05:57:45 +0000</pubDate>
    </item>
    <item>
      <title>3f69f339-da84-49f3-a516-e5bbf59e83f4</title>
      <link>https://vulnerability.circl.lu/sighting/3f69f339-da84-49f3-a516-e5bbf59e83f4/export</link>
      <description>{"uuid": "3f69f339-da84-49f3-a516-e5bbf59e83f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqgfl4ieaj2e", "content": "Daily IT Security Digest \u2014 2026-07-12\nsystems.\nSources: [The Hacker Wire](https://www.thehackerwire.com/vulnerability/CVE-2026-61444/)\n\n## 6. miniOrange OAuth SSO: Critical Auth Bypass \u2014 CVE-2026-57807\nA CRITICAL authentication bypass vulnerability (CVE-2026-57807) exists in miniOrange OAuth SSO", "creation_timestamp": "2026-07-12T05:02:41.977829Z"}</description>
      <content:encoded>{"uuid": "3f69f339-da84-49f3-a516-e5bbf59e83f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mqgfl4ieaj2e", "content": "Daily IT Security Digest \u2014 2026-07-12\nsystems.\nSources: [The Hacker Wire](https://www.thehackerwire.com/vulnerability/CVE-2026-61444/)\n\n## 6. miniOrange OAuth SSO: Critical Auth Bypass \u2014 CVE-2026-57807\nA CRITICAL authentication bypass vulnerability (CVE-2026-57807) exists in miniOrange OAuth SSO", "creation_timestamp": "2026-07-12T05:02:41.977829Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3f69f339-da84-49f3-a516-e5bbf59e83f4/export</guid>
      <pubDate>Sun, 12 Jul 2026 05:02:41 +0000</pubDate>
    </item>
    <item>
      <title>d1bd056c-5392-46f5-83c9-ea2e583ec713</title>
      <link>https://vulnerability.circl.lu/sighting/d1bd056c-5392-46f5-83c9-ea2e583ec713/export</link>
      <description>{"uuid": "d1bd056c-5392-46f5-83c9-ea2e583ec713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqdobmy6nq2d", "content": "miniOrange OAuth SSO (&amp;lt;=38.5.8) is affected by CRITICAL CVE-2026-57807: authentication bypass via password recovery. No patch \u2014 watch for updates and secure affected systems. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #OAuth #Vulner...", "creation_timestamp": "2026-07-11T03:00:28.627120Z"}</description>
      <content:encoded>{"uuid": "d1bd056c-5392-46f5-83c9-ea2e583ec713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqdobmy6nq2d", "content": "miniOrange OAuth SSO (&amp;lt;=38.5.8) is affected by CRITICAL CVE-2026-57807: authentication bypass via password recovery. No patch \u2014 watch for updates and secure affected systems. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #OAuth #Vulner...", "creation_timestamp": "2026-07-11T03:00:28.627120Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d1bd056c-5392-46f5-83c9-ea2e583ec713/export</guid>
      <pubDate>Sat, 11 Jul 2026 03:00:28 +0000</pubDate>
    </item>
    <item>
      <title>6520bdb9-8fcc-4cb2-a602-466bc3e9031a</title>
      <link>https://vulnerability.circl.lu/sighting/6520bdb9-8fcc-4cb2-a602-466bc3e9031a/export</link>
      <description>{"uuid": "6520bdb9-8fcc-4cb2-a602-466bc3e9031a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116899107707038521", "content": "CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (&amp;lt;=38.5.8). Exploit via password recovery threatens full compromise. No patch yet \u2014 monitor for vendor updates. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #CVE202657807 #OAuth #Security", "creation_timestamp": "2026-07-11T03:00:26.831919Z"}</description>
      <content:encoded>{"uuid": "6520bdb9-8fcc-4cb2-a602-466bc3e9031a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-57807", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116899107707038521", "content": "CVE-2026-57807 | CRITICAL auth bypass in miniOrange OAuth SSO (&amp;lt;=38.5.8). Exploit via password recovery threatens full compromise. No patch yet \u2014 monitor for vendor updates. https://radar.offseq.com/threat/cve-2026-57807-cwe-288-authentication-bypass-using-85e6dbb16ac48da8 #OffSeq #CVE202657807 #OAuth #Security", "creation_timestamp": "2026-07-11T03:00:26.831919Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6520bdb9-8fcc-4cb2-a602-466bc3e9031a/export</guid>
      <pubDate>Sat, 11 Jul 2026 03:00:26 +0000</pubDate>
    </item>
    <item>
      <title>5db1ac1b-5fd3-4823-a374-673ddf3b3e25</title>
      <link>https://vulnerability.circl.lu/sighting/5db1ac1b-5fd3-4823-a374-673ddf3b3e25/export</link>
      <description>{"uuid": "5db1ac1b-5fd3-4823-a374-673ddf3b3e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdmq2jue32e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-57807 \u0432 miniOrange: \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b\n\n\n\nhttps://kripta.biz/posts/6228B95A-3683-4D68-A0DF-456519ACB9CF", "creation_timestamp": "2026-07-11T02:32:44.578138Z"}</description>
      <content:encoded>{"uuid": "5db1ac1b-5fd3-4823-a374-673ddf3b3e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdmq2jue32e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-57807 \u0432 miniOrange: \u043e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u0430\u043d\u0430\u043b\n\n\n\nhttps://kripta.biz/posts/6228B95A-3683-4D68-A0DF-456519ACB9CF", "creation_timestamp": "2026-07-11T02:32:44.578138Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5db1ac1b-5fd3-4823-a374-673ddf3b3e25/export</guid>
      <pubDate>Sat, 11 Jul 2026 02:32:44 +0000</pubDate>
    </item>
    <item>
      <title>6ae77f09-571f-490a-89c7-0bc64d17c3be</title>
      <link>https://vulnerability.circl.lu/sighting/6ae77f09-571f-490a-89c7-0bc64d17c3be/export</link>
      <description>{"uuid": "6ae77f09-571f-490a-89c7-0bc64d17c3be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqdbxlqail22", "content": "CVE-2026-57807 - oauth single sign on - sso (oauth client)\nA security issue in miniOrange's OAuth Single Sign On (SSO) software allows attackers to bypass authentication using an alternative method. This affects all versions\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-10T23:20:06.351104Z"}</description>
      <content:encoded>{"uuid": "6ae77f09-571f-490a-89c7-0bc64d17c3be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-57807", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqdbxlqail22", "content": "CVE-2026-57807 - oauth single sign on - sso (oauth client)\nA security issue in miniOrange's OAuth Single Sign On (SSO) software allows attackers to bypass authentication using an alternative method. This affects all versions\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-10T23:20:06.351104Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6ae77f09-571f-490a-89c7-0bc64d17c3be/export</guid>
      <pubDate>Fri, 10 Jul 2026 23:20:06 +0000</pubDate>
    </item>
  </channel>
</rss>
