<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sat, 04 Jul 2026 10:04:03 +0000</lastBuildDate>
    <item>
      <title>90e1c413-c5cb-49bb-afb1-98be304b59f8</title>
      <link>https://vulnerability.circl.lu/sighting/90e1c413-c5cb-49bb-afb1-98be304b59f8/export</link>
      <description>{"uuid": "90e1c413-c5cb-49bb-afb1-98be304b59f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WFGJ-WRGH-H3R3", "type": "seen", "source": "https://t.me/androidMalware/2190", "content": "SSRF in Mobile Security Framework (MobSF) version 3.9.5 Beta and prior (CVE-2024-29190)\nMobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also be sent to local hostnames. This can lead to server-side request forgery (SSRF). An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure\nhttps://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3", "creation_timestamp": "2024-06-01T02:51:42.000000Z"}</description>
      <content:encoded>{"uuid": "90e1c413-c5cb-49bb-afb1-98be304b59f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WFGJ-WRGH-H3R3", "type": "seen", "source": "https://t.me/androidMalware/2190", "content": "SSRF in Mobile Security Framework (MobSF) version 3.9.5 Beta and prior (CVE-2024-29190)\nMobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also be sent to local hostnames. This can lead to server-side request forgery (SSRF). An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure\nhttps://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3", "creation_timestamp": "2024-06-01T02:51:42.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/90e1c413-c5cb-49bb-afb1-98be304b59f8/export</guid>
      <pubDate>Sat, 01 Jun 2024 02:51:42 +0000</pubDate>
    </item>
    <item>
      <title>48a04144-e8ec-41c9-bd16-f306b9af9994</title>
      <link>https://vulnerability.circl.lu/sighting/48a04144-e8ec-41c9-bd16-f306b9af9994/export</link>
      <description>{"uuid": "48a04144-e8ec-41c9-bd16-f306b9af9994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WFGJ-WRGH-H3R3", "type": "published-proof-of-concept", "source": "Telegram/TWxU8iN-TYn0kncSO1uxug7sedY_GGHFx9vwZnyjHkQUOEM", "content": "", "creation_timestamp": "2024-03-27T20:12:45.000000Z"}</description>
      <content:encoded>{"uuid": "48a04144-e8ec-41c9-bd16-f306b9af9994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WFGJ-WRGH-H3R3", "type": "published-proof-of-concept", "source": "Telegram/TWxU8iN-TYn0kncSO1uxug7sedY_GGHFx9vwZnyjHkQUOEM", "content": "", "creation_timestamp": "2024-03-27T20:12:45.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/48a04144-e8ec-41c9-bd16-f306b9af9994/export</guid>
      <pubDate>Wed, 27 Mar 2024 20:12:45 +0000</pubDate>
    </item>
  </channel>
</rss>
