Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 14 Jun 2026 19:38:23 +0000 ba0f0c8c-6eeb-4759-bc89-e1dcca1df921 https://vulnerability.circl.lu/sighting/ba0f0c8c-6eeb-4759-bc89-e1dcca1df921/export {"uuid": "ba0f0c8c-6eeb-4759-bc89-e1dcca1df921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26065", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfclwupnvg2s", "content": "", "creation_timestamp": "2026-02-20T17:08:52.461595Z"} {"uuid": "ba0f0c8c-6eeb-4759-bc89-e1dcca1df921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26065", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfclwupnvg2s", "content": "", "creation_timestamp": "2026-02-20T17:08:52.461595Z"} https://vulnerability.circl.lu/sighting/ba0f0c8c-6eeb-4759-bc89-e1dcca1df921/export Fri, 20 Feb 2026 17:08:52 +0000 0fc2502d-33e7-4a46-8b0b-d4ebf2379b5a https://vulnerability.circl.lu/sighting/0fc2502d-33e7-4a46-8b0b-d4ebf2379b5a/export {"uuid": "0fc2502d-33e7-4a46-8b0b-d4ebf2379b5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26064", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfcpz4of6f2d", "content": "", "creation_timestamp": "2026-02-20T18:21:43.076203Z"} {"uuid": "0fc2502d-33e7-4a46-8b0b-d4ebf2379b5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26064", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfcpz4of6f2d", "content": "", "creation_timestamp": "2026-02-20T18:21:43.076203Z"} https://vulnerability.circl.lu/sighting/0fc2502d-33e7-4a46-8b0b-d4ebf2379b5a/export Fri, 20 Feb 2026 18:21:43 +0000 aa9fcb8f-1eb3-423d-8bc8-6f1f20b46cbe https://vulnerability.circl.lu/sighting/aa9fcb8f-1eb3-423d-8bc8-6f1f20b46cbe/export {"uuid": "aa9fcb8f-1eb3-423d-8bc8-6f1f20b46cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26065", "type": "seen", "source": "https://t.me/poxek/5938", "content": "\u041b\u043e\u0432\u0438\u0442\u0435 \u0432\u043a\u0443\u0441\u043d\u044b\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438\n#Calibre #Google #Ghost #GetSimple #ApacheVelocity #CVE\n\n\u25aa\ufe0f Calibre (CVE-2026-26065, CVSS 9.3) \u2014 path traversal \u0432 PDB-\u0440\u0438\u0434\u0435\u0440\u0430\u0445 Calibre, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043f\u0443\u0442\u0435\u0439 \u043f\u0440\u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e PDB-\u0444\u0430\u0439\u043b\u043e\u0432. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0431\u0435\u0437 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f. \u0418\u043c\u043f\u0430\u043a\u0442 \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u043f\u0440\u0430\u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 Calibre \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445, DoS \u0438, \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u0445, \u043a RCE.\n\n\u25aa\ufe0f Google Cloud Vertex AI SDK for Python (CVE-2026-2472, CVSS 8.6) \u2014 stored XSS \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 GenAI/\u043e\u0446\u0435\u043d\u043e\u043a \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0430\u043a\u0435\u0442\u0430 google-cloud-aiplatform. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043c\u043e\u0434\u0435\u043b\u0438 \u0438\u043b\u0438 JSON-\u0434\u0430\u0442\u0430\u0441\u0435\u0442\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438 \u0432 Jupyter/Colab. \u041f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JS \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u0435\u0441\u0441\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u0435\u0434\u0435\u0442 \u043a \u043a\u0440\u0430\u0436\u0435 \u0442\u043e\u043a\u0435\u043d\u043e\u0432, \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0443 \u0441\u0435\u0441\u0441\u0438\u0438 \u0438\u043b\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u043c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u25aa\ufe0f Ghost (CVE-2026-26980, CVSS 9.4) \u2014 SQLi \u0432 headless CMS Ghost, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u0430\u044f \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u043c Content API. \u0418\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438/\u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 slug \u0432 query string \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u0431\u0430\u0437\u044b (arbitrary read) \u0431\u0435\u0437 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0fGetSimple CMS (CVE-2026-27161, CVSS 8.7) \u2014 \u0437\u0430\u0449\u0438\u0442\u0430 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 (/data/, /backups/ \u0438 \u0434\u0440.) \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 .htaccess. \u041f\u0440\u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u0438\u043b\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u043c AllowOverride \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Apache \u0437\u0430\u0449\u0438\u0442\u0430 \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f authorization.xml \u0441 \u043a\u043b\u044e\u0447\u0430\u043c\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u0430\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0f WSO2 Identity Server (CVE-2025-12107, CVSS 7.2) \u2014 template injection \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u043c Velocity template engine (Apache Velocity). \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0448\u0430\u0431\u043b\u043e\u043d\u043d\u044b\u0439 \u043a\u043e\u0434. \u041f\u0440\u0438 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-02-24T06:48:10.000000Z"} {"uuid": "aa9fcb8f-1eb3-423d-8bc8-6f1f20b46cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26065", "type": "seen", "source": "https://t.me/poxek/5938", "content": "\u041b\u043e\u0432\u0438\u0442\u0435 \u0432\u043a\u0443\u0441\u043d\u044b\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438\n#Calibre #Google #Ghost #GetSimple #ApacheVelocity #CVE\n\n\u25aa\ufe0f Calibre (CVE-2026-26065, CVSS 9.3) \u2014 path traversal \u0432 PDB-\u0440\u0438\u0434\u0435\u0440\u0430\u0445 Calibre, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043f\u0443\u0442\u0435\u0439 \u043f\u0440\u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e PDB-\u0444\u0430\u0439\u043b\u043e\u0432. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0431\u0435\u0437 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f. \u0418\u043c\u043f\u0430\u043a\u0442 \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u043f\u0440\u0430\u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 Calibre \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445, DoS \u0438, \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u0445, \u043a RCE.\n\n\u25aa\ufe0f Google Cloud Vertex AI SDK for Python (CVE-2026-2472, CVSS 8.6) \u2014 stored XSS \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 GenAI/\u043e\u0446\u0435\u043d\u043e\u043a \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0430\u043a\u0435\u0442\u0430 google-cloud-aiplatform. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043c\u043e\u0434\u0435\u043b\u0438 \u0438\u043b\u0438 JSON-\u0434\u0430\u0442\u0430\u0441\u0435\u0442\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438 \u0432 Jupyter/Colab. \u041f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JS \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u0435\u0441\u0441\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u0435\u0434\u0435\u0442 \u043a \u043a\u0440\u0430\u0436\u0435 \u0442\u043e\u043a\u0435\u043d\u043e\u0432, \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0443 \u0441\u0435\u0441\u0441\u0438\u0438 \u0438\u043b\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u043c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u25aa\ufe0f Ghost (CVE-2026-26980, CVSS 9.4) \u2014 SQLi \u0432 headless CMS Ghost, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u0430\u044f \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u043c Content API. \u0418\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438/\u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 slug \u0432 query string \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u0431\u0430\u0437\u044b (arbitrary read) \u0431\u0435\u0437 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0fGetSimple CMS (CVE-2026-27161, CVSS 8.7) \u2014 \u0437\u0430\u0449\u0438\u0442\u0430 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 (/data/, /backups/ \u0438 \u0434\u0440.) \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 .htaccess. \u041f\u0440\u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u0438\u043b\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u043c AllowOverride \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Apache \u0437\u0430\u0449\u0438\u0442\u0430 \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f authorization.xml \u0441 \u043a\u043b\u044e\u0447\u0430\u043c\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u0430\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0f WSO2 Identity Server (CVE-2025-12107, CVSS 7.2) \u2014 template injection \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u043c Velocity template engine (Apache Velocity). \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0448\u0430\u0431\u043b\u043e\u043d\u043d\u044b\u0439 \u043a\u043e\u0434. \u041f\u0440\u0438 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-02-24T06:48:10.000000Z"} https://vulnerability.circl.lu/sighting/aa9fcb8f-1eb3-423d-8bc8-6f1f20b46cbe/export Tue, 24 Feb 2026 06:48:10 +0000 a4c2d7b8-4753-45c4-a067-9b4c00a9f98a https://vulnerability.circl.lu/sighting/a4c2d7b8-4753-45c4-a067-9b4c00a9f98a/export {"uuid": "a4c2d7b8-4753-45c4-a067-9b4c00a9f98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26066", "type": "seen", "source": "https://bsky.app/profile/flarestart.bsky.social/post/3mfmvxx6rzp2s", "content": "", "creation_timestamp": "2026-02-24T19:35:03.930807Z"} {"uuid": "a4c2d7b8-4753-45c4-a067-9b4c00a9f98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26066", "type": "seen", "source": "https://bsky.app/profile/flarestart.bsky.social/post/3mfmvxx6rzp2s", "content": "", "creation_timestamp": "2026-02-24T19:35:03.930807Z"} https://vulnerability.circl.lu/sighting/a4c2d7b8-4753-45c4-a067-9b4c00a9f98a/export Tue, 24 Feb 2026 19:35:03 +0000 af32d518-132f-4975-a9d9-db0513a5d86d https://vulnerability.circl.lu/sighting/af32d518-132f-4975-a9d9-db0513a5d86d/export {"uuid": "af32d518-132f-4975-a9d9-db0513a5d86d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://gist.github.com/alon710/93497b272a1acc6d5d3838b0e2ce709a", "content": "", "creation_timestamp": "2026-02-25T01:08:07.000000Z"} {"uuid": "af32d518-132f-4975-a9d9-db0513a5d86d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://gist.github.com/alon710/93497b272a1acc6d5d3838b0e2ce709a", "content": "", "creation_timestamp": "2026-02-25T01:08:07.000000Z"} https://vulnerability.circl.lu/sighting/af32d518-132f-4975-a9d9-db0513a5d86d/export Wed, 25 Feb 2026 01:08:07 +0000 17c3860f-46e5-4d3e-a70f-7c91b035e593 https://vulnerability.circl.lu/sighting/17c3860f-46e5-4d3e-a70f-7c91b035e593/export {"uuid": "17c3860f-46e5-4d3e-a70f-7c91b035e593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mfo4sud4lc2s", "content": "", "creation_timestamp": "2026-02-25T07:10:20.402962Z"} {"uuid": "17c3860f-46e5-4d3e-a70f-7c91b035e593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mfo4sud4lc2s", "content": "", "creation_timestamp": "2026-02-25T07:10:20.402962Z"} https://vulnerability.circl.lu/sighting/17c3860f-46e5-4d3e-a70f-7c91b035e593/export Wed, 25 Feb 2026 07:10:20 +0000 cb07ecdd-f0d3-4b39-9e14-a749491e8dc4 https://vulnerability.circl.lu/sighting/cb07ecdd-f0d3-4b39-9e14-a749491e8dc4/export {"uuid": "cb07ecdd-f0d3-4b39-9e14-a749491e8dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26061", "type": "seen", "source": "Telegram/HCzuKY5MuLPsfo_EI5S3ks6iQFEX7xEFL0kHnLhrHZ36Sb0", "content": "", "creation_timestamp": "2026-03-27T21:22:34.000000Z"} {"uuid": "cb07ecdd-f0d3-4b39-9e14-a749491e8dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26061", "type": "seen", "source": "Telegram/HCzuKY5MuLPsfo_EI5S3ks6iQFEX7xEFL0kHnLhrHZ36Sb0", "content": "", "creation_timestamp": "2026-03-27T21:22:34.000000Z"} https://vulnerability.circl.lu/sighting/cb07ecdd-f0d3-4b39-9e14-a749491e8dc4/export Fri, 27 Mar 2026 21:22:34 +0000 72a96d4b-6b46-4b89-962a-dbdd2c1a0f78 https://vulnerability.circl.lu/sighting/72a96d4b-6b46-4b89-962a-dbdd2c1a0f78/export {"uuid": "72a96d4b-6b46-4b89-962a-dbdd2c1a0f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/116316841599408182", "content": "", "creation_timestamp": "2026-03-30T07:02:31.871776Z"} {"uuid": "72a96d4b-6b46-4b89-962a-dbdd2c1a0f78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26066", "type": "seen", "source": "https://infosec.exchange/users/certvde/statuses/116316841599408182", "content": "", "creation_timestamp": "2026-03-30T07:02:31.871776Z"} https://vulnerability.circl.lu/sighting/72a96d4b-6b46-4b89-962a-dbdd2c1a0f78/export Mon, 30 Mar 2026 07:02:31 +0000 9a97de9d-da32-4bfd-8dc0-ef74d5dbca7f https://vulnerability.circl.lu/sighting/9a97de9d-da32-4bfd-8dc0-ef74d5dbca7f/export {"uuid": "9a97de9d-da32-4bfd-8dc0-ef74d5dbca7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26060", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mienop6vtc27", "content": "", "creation_timestamp": "2026-03-31T17:01:00.359733Z"} {"uuid": "9a97de9d-da32-4bfd-8dc0-ef74d5dbca7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26060", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mienop6vtc27", "content": "", "creation_timestamp": "2026-03-31T17:01:00.359733Z"} https://vulnerability.circl.lu/sighting/9a97de9d-da32-4bfd-8dc0-ef74d5dbca7f/export Tue, 31 Mar 2026 17:01:00 +0000 bc9ad609-4e44-45cb-b6a0-18891d69249f https://vulnerability.circl.lu/sighting/bc9ad609-4e44-45cb-b6a0-18891d69249f/export {"uuid": "bc9ad609-4e44-45cb-b6a0-18891d69249f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26060", "type": "published-proof-of-concept", "source": "Telegram/WxHgPFElWYDoFBGl3K0BVKfspuGbiR8geCdPJnxqtoWdxxM", "content": "", "creation_timestamp": "2026-03-31T17:24:25.000000Z"} {"uuid": "bc9ad609-4e44-45cb-b6a0-18891d69249f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26060", "type": "published-proof-of-concept", "source": "Telegram/WxHgPFElWYDoFBGl3K0BVKfspuGbiR8geCdPJnxqtoWdxxM", "content": "", "creation_timestamp": "2026-03-31T17:24:25.000000Z"} https://vulnerability.circl.lu/sighting/bc9ad609-4e44-45cb-b6a0-18891d69249f/export Tue, 31 Mar 2026 17:24:25 +0000