https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 13 Jun 2026 08:57:19 +0000 https://vulnerability.circl.lu/sighting/51aa5350-a39f-45e8-aa84-7d3bdac74819/export {"uuid": "51aa5350-a39f-45e8-aa84-7d3bdac74819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1086", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mghj2ol5xk2o", "content": "", "creation_timestamp": "2026-03-07T09:25:49.313057Z"} {"uuid": "51aa5350-a39f-45e8-aa84-7d3bdac74819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1086", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mghj2ol5xk2o", "content": "", "creation_timestamp": "2026-03-07T09:25:49.313057Z"} https://vulnerability.circl.lu/sighting/51aa5350-a39f-45e8-aa84-7d3bdac74819/export Sat, 07 Mar 2026 09:25:49 +0000 https://vulnerability.circl.lu/sighting/00544825-5571-441d-83f3-5557db5a6a4a/export {"uuid": "00544825-5571-441d-83f3-5557db5a6a4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10861", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnhuhzxasw2b", "content": "CVE-2026-10861 - MISP post-login open redirect via pre_login_requested_url\nCVE ID : CVE-2026-10861\n \n Published : June 4, 2026, 2:16 p.m. | 16\u00a0minutes ago\n \n Description : An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value store...", "creation_timestamp": "2026-06-04T14:46:29.587323Z"} {"uuid": "00544825-5571-441d-83f3-5557db5a6a4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10861", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnhuhzxasw2b", "content": "CVE-2026-10861 - MISP post-login open redirect via pre_login_requested_url\nCVE ID : CVE-2026-10861\n \n Published : June 4, 2026, 2:16 p.m. | 16\u00a0minutes ago\n \n Description : An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value store...", "creation_timestamp": "2026-06-04T14:46:29.587323Z"} https://vulnerability.circl.lu/sighting/00544825-5571-441d-83f3-5557db5a6a4a/export Thu, 04 Jun 2026 14:46:29 +0000 https://vulnerability.circl.lu/sighting/5c13212f-d263-4adf-9582-fd455e112889/export {"uuid": "5c13212f-d263-4adf-9582-fd455e112889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10864", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116692633027353872", "content": "https://nvd.nist.gov/vuln/detail/CVE-2026-10864\n\nA vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause the underlying query to fall back to returning unintended model fields. For the New Users widget, this could allow a non-site-admin user to obtain user e-mail addresses even when user e-mail disclosure was disabled by configuration. For the New Organisations widget, crafted field selection could similarly result in unintended organisation fields being included in the dashboard response. The issue was caused by applying field filtering and redaction in a way that could leave the selected field list empty. The patch ensures that the allowed field list is built safely, that restricted fields such as user e-mail addresses are removed before user-supplied field selection is processed, and that an empty field selection falls back only to the permitted default fields. Impact: An authenticated low-privileged user with access to the affected dashboard widgets may be able to disclose restricted user or organisation metadata, including user e-mail addresses depending on configuration.\n#misp", "creation_timestamp": "2026-06-04T15:51:15.801243Z"} {"uuid": "5c13212f-d263-4adf-9582-fd455e112889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10864", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116692633027353872", "content": "https://nvd.nist.gov/vuln/detail/CVE-2026-10864\n\nA vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause the underlying query to fall back to returning unintended model fields. For the New Users widget, this could allow a non-site-admin user to obtain user e-mail addresses even when user e-mail disclosure was disabled by configuration. For the New Organisations widget, crafted field selection could similarly result in unintended organisation fields being included in the dashboard response. The issue was caused by applying field filtering and redaction in a way that could leave the selected field list empty. The patch ensures that the allowed field list is built safely, that restricted fields such as user e-mail addresses are removed before user-supplied field selection is processed, and that an empty field selection falls back only to the permitted default fields. Impact: An authenticated low-privileged user with access to the affected dashboard widgets may be able to disclose restricted user or organisation metadata, including user e-mail addresses depending on configuration.\n#misp", "creation_timestamp": "2026-06-04T15:51:15.801243Z"} https://vulnerability.circl.lu/sighting/5c13212f-d263-4adf-9582-fd455e112889/export Thu, 04 Jun 2026 15:51:15 +0000 https://vulnerability.circl.lu/sighting/90ce49a1-f7d0-4d40-911c-68679a3ff317/export {"uuid": "90ce49a1-f7d0-4d40-911c-68679a3ff317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10868", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevata-vulnerabilita-in-misp-project-1", "content": "", "creation_timestamp": "2026-06-05T06:28:56.000000Z"} {"uuid": "90ce49a1-f7d0-4d40-911c-68679a3ff317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10868", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevata-vulnerabilita-in-misp-project-1", "content": "", "creation_timestamp": "2026-06-05T06:28:56.000000Z"} https://vulnerability.circl.lu/sighting/90ce49a1-f7d0-4d40-911c-68679a3ff317/export Fri, 05 Jun 2026 06:28:56 +0000 https://vulnerability.circl.lu/sighting/ce7c6991-2428-4d40-85c9-c0757df92b31/export {"uuid": "ce7c6991-2428-4d40-85c9-c0757df92b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10862", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mntgm4zreg2r", "content": "CVE-2026-10862 - Accordions\nCVE ID : CVE-2026-10862\n \n Published : 9 juin 2026 02:16 | 29\u00a0minutes ago\n \n Description : The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due...", "creation_timestamp": "2026-06-09T05:10:11.535522Z"} {"uuid": "ce7c6991-2428-4d40-85c9-c0757df92b31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10862", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mntgm4zreg2r", "content": "CVE-2026-10862 - Accordions\nCVE ID : CVE-2026-10862\n \n Published : 9 juin 2026 02:16 | 29\u00a0minutes ago\n \n Description : The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due...", "creation_timestamp": "2026-06-09T05:10:11.535522Z"} https://vulnerability.circl.lu/sighting/ce7c6991-2428-4d40-85c9-c0757df92b31/export Tue, 09 Jun 2026 05:10:11 +0000 https://vulnerability.circl.lu/sighting/5648af3a-4c99-43cf-8e7f-f94e69b91914/export {"uuid": "5648af3a-4c99-43cf-8e7f-f94e69b91914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10862", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mnz3yrpvny2t", "content": "CVE-2026-10862 accordions (CVSS Score 6.4) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept #accordions", "creation_timestamp": "2026-06-11T11:16:23.335090Z"} {"uuid": "5648af3a-4c99-43cf-8e7f-f94e69b91914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10862", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mnz3yrpvny2t", "content": "CVE-2026-10862 accordions (CVSS Score 6.4) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept #accordions", "creation_timestamp": "2026-06-11T11:16:23.335090Z"} https://vulnerability.circl.lu/sighting/5648af3a-4c99-43cf-8e7f-f94e69b91914/export Thu, 11 Jun 2026 11:16:23 +0000