https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 17:04:44 +0000 https://vulnerability.circl.lu/sighting/81f0b66a-8f81-4098-a167-cf0459b3f7c3/export {"uuid": "81f0b66a-8f81-4098-a167-cf0459b3f7c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32686", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlbs6ebsmr2r", "content": "CVE-2026-32686 - Unbounded exponent in decimal enables unauthenticated DoS\nCVE ID : CVE-2026-32686\n \n Published : May 7, 2026, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Den...", "creation_timestamp": "2026-05-07T17:58:55.942691Z"} {"uuid": "81f0b66a-8f81-4098-a167-cf0459b3f7c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32686", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlbs6ebsmr2r", "content": "CVE-2026-32686 - Unbounded exponent in decimal enables unauthenticated DoS\nCVE ID : CVE-2026-32686\n \n Published : May 7, 2026, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Den...", "creation_timestamp": "2026-05-07T17:58:55.942691Z"} https://vulnerability.circl.lu/sighting/81f0b66a-8f81-4098-a167-cf0459b3f7c3/export Thu, 07 May 2026 17:58:55 +0000 https://vulnerability.circl.lu/sighting/6705269c-7878-4af6-a311-124c82d0df61/export {"uuid": "6705269c-7878-4af6-a311-124c82d0df61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32689", "type": "seen", "source": "https://gist.github.com/alon710/bf727aea4f480d1e2e016713a2841996", "content": "# CVE-2026-32689: CVE-2026-32689: Denial of Service in Phoenix Framework LongPoll Transport via NDJSON Payload Amplification\n\n> **CVSS Score:** 8.7\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-32689\n\n## Summary\nThe Phoenix Framework contains a high-severity Denial of Service vulnerability in its LongPoll transport mechanism. The vulnerability is caused by unbounded memory allocation when processing Newline Delimited JSON (NDJSON) payloads. Unauthenticated attackers can trigger Out-Of-Memory conditions on the host BEAM node, terminating all active sessions by forcing the server to evaluate excessive newline characters.\n\n## TL;DR\nUnauthenticated remote attackers can crash Phoenix Framework nodes by sending an 8MB NDJSON payload consisting entirely of newline characters to the LongPoll endpoint, triggering memory exhaustion via eager string evaluation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network\n- **CVSS Base Score**: 8.7 (High)\n- **EPSS Score**: 0.00045\n- **Impact**: Denial of Service (Node Crash)\n- **Exploit Status**: Unexploited / PoC Only\n- **CISA KEV**: No\n\n## Affected Systems\n\n- Phoenix Framework (phoenix Hex package) < 1.7.22\n- Phoenix Framework (phoenix Hex package) 1.8.x < 1.8.6\n- Any Elixir application exposing Phoenix LiveView endpoints via LongPoll\n- **Phoenix Framework**: >= 1.7.0, < 1.7.22 (Fixed in: `1.7.22`)\n- **Phoenix Framework**: >= 1.8.0, < 1.8.6 (Fixed in: `1.8.6`)\n\n## Mitigation\n\n- Upgrade Phoenix framework to patched versions (1.7.22 or 1.8.6).\n- Disable the LongPoll transport in Phoenix.Socket configurations if WebSocket connections are sufficient.\n- Implement network-level size restrictions or WAF rules to drop anomalous POST requests containing excessive application/x-ndjson payloads.\n\n**Remediation Steps:**\n1. Identify the current version of the `phoenix` Hex package running in your application environments.\n2. Update the `mix.exs` dependencies to require at least `~> 1.7.22` or `~> 1.8.6`.\n3. Run `mix deps.get` and `mix deps.compile` to fetch and compile the updated framework code.\n4. If patching is delayed, modify the endpoint module to set `longpoll: false` inside the socket declarations.\n\n## References\n\n- [GitHub Advisory: GHSA-628h-q48j-jr6q](https://github.com/phoenixframework/phoenix/security/advisories/GHSA-628h-q48j-jr6q)\n- [Erlang Ecosystem Foundation CNA Record](https://cna.erlef.org/cves/CVE-2026-32689.html)\n- [OSV Record for EEF-CVE-2026-32689](https://osv.dev/vulnerability/EEF-CVE-2026-32689)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-32689) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T20:40:28.000000Z"} {"uuid": "6705269c-7878-4af6-a311-124c82d0df61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32689", "type": "seen", "source": "https://gist.github.com/alon710/bf727aea4f480d1e2e016713a2841996", "content": "# CVE-2026-32689: CVE-2026-32689: Denial of Service in Phoenix Framework LongPoll Transport via NDJSON Payload Amplification\n\n> **CVSS Score:** 8.7\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-32689\n\n## Summary\nThe Phoenix Framework contains a high-severity Denial of Service vulnerability in its LongPoll transport mechanism. The vulnerability is caused by unbounded memory allocation when processing Newline Delimited JSON (NDJSON) payloads. Unauthenticated attackers can trigger Out-Of-Memory conditions on the host BEAM node, terminating all active sessions by forcing the server to evaluate excessive newline characters.\n\n## TL;DR\nUnauthenticated remote attackers can crash Phoenix Framework nodes by sending an 8MB NDJSON payload consisting entirely of newline characters to the LongPoll endpoint, triggering memory exhaustion via eager string evaluation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network\n- **CVSS Base Score**: 8.7 (High)\n- **EPSS Score**: 0.00045\n- **Impact**: Denial of Service (Node Crash)\n- **Exploit Status**: Unexploited / PoC Only\n- **CISA KEV**: No\n\n## Affected Systems\n\n- Phoenix Framework (phoenix Hex package) < 1.7.22\n- Phoenix Framework (phoenix Hex package) 1.8.x < 1.8.6\n- Any Elixir application exposing Phoenix LiveView endpoints via LongPoll\n- **Phoenix Framework**: >= 1.7.0, < 1.7.22 (Fixed in: `1.7.22`)\n- **Phoenix Framework**: >= 1.8.0, < 1.8.6 (Fixed in: `1.8.6`)\n\n## Mitigation\n\n- Upgrade Phoenix framework to patched versions (1.7.22 or 1.8.6).\n- Disable the LongPoll transport in Phoenix.Socket configurations if WebSocket connections are sufficient.\n- Implement network-level size restrictions or WAF rules to drop anomalous POST requests containing excessive application/x-ndjson payloads.\n\n**Remediation Steps:**\n1. Identify the current version of the `phoenix` Hex package running in your application environments.\n2. Update the `mix.exs` dependencies to require at least `~> 1.7.22` or `~> 1.8.6`.\n3. Run `mix deps.get` and `mix deps.compile` to fetch and compile the updated framework code.\n4. If patching is delayed, modify the endpoint module to set `longpoll: false` inside the socket declarations.\n\n## References\n\n- [GitHub Advisory: GHSA-628h-q48j-jr6q](https://github.com/phoenixframework/phoenix/security/advisories/GHSA-628h-q48j-jr6q)\n- [Erlang Ecosystem Foundation CNA Record](https://cna.erlef.org/cves/CVE-2026-32689.html)\n- [OSV Record for EEF-CVE-2026-32689](https://osv.dev/vulnerability/EEF-CVE-2026-32689)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-32689) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T20:40:28.000000Z"} https://vulnerability.circl.lu/sighting/6705269c-7878-4af6-a311-124c82d0df61/export Fri, 08 May 2026 20:40:28 +0000 https://vulnerability.circl.lu/sighting/57665822-378d-4888-8a57-9fc4c27e8a40/export {"uuid": "57665822-378d-4888-8a57-9fc4c27e8a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlgaq35vbe2n", "content": "CVE-2026-32683 - EZVIZ Cloud API Eavesdropping Vulnerability\nCVE ID : CVE-2026-32683\n \n Published : May 9, 2026, 9:16 a.m. | 1\u00a0hour, 29\u00a0minutes ago\n \n Description : Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a dat...", "creation_timestamp": "2026-05-09T12:30:01.661430Z"} {"uuid": "57665822-378d-4888-8a57-9fc4c27e8a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlgaq35vbe2n", "content": "CVE-2026-32683 - EZVIZ Cloud API Eavesdropping Vulnerability\nCVE ID : CVE-2026-32683\n \n Published : May 9, 2026, 9:16 a.m. | 1\u00a0hour, 29\u00a0minutes ago\n \n Description : Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a dat...", "creation_timestamp": "2026-05-09T12:30:01.661430Z"} https://vulnerability.circl.lu/sighting/57665822-378d-4888-8a57-9fc4c27e8a40/export Sat, 09 May 2026 12:30:01 +0000 https://vulnerability.circl.lu/sighting/d266f5fc-2399-421c-9c85-a465908f1cb0/export {"uuid": "d266f5fc-2399-421c-9c85-a465908f1cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32686", "type": "seen", "source": "https://gist.github.com/alon710/d3518b26e6387505ec4774e026b70deb", "content": "# CVE-2026-32686: CVE-2026-32686: Unbounded Exponent Resource Exhaustion in ericmj/decimal\n\n> **CVSS Score:** 6.9\n> **Published:** 2026-05-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-32686\n\n## Summary\nThe ericmj/decimal Elixir library suffers from an uncontrolled resource consumption vulnerability. Parsing decimal strings with exceptionally large exponents succeeds with minimal memory overhead, but subsequent arithmetic operations or string formatting attempts to materialize the expanded value. This exhausts BEAM Virtual Machine memory, causing an immediate denial of service.\n\n## TL;DR\nUnbounded exponent parsing in ericmj/decimal allows remote attackers to crash the BEAM VM via OOM by supplying astronomical scientific notation values that trigger massive bignum allocations during arithmetic alignment.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-400: Uncontrolled Resource Consumption\n- **Attack Vector**: Network (via crafted scientific notation payload)\n- **CVSS v4.0**: 6.9 (MEDIUM)\n- **EPSS Score**: 0.07%\n- **Impact**: High Availability (Denial of Service via OOM)\n- **Exploit Status**: Proof of Concept available\n- **Patched Version**: 3.0.0\n\n## Affected Systems\n\n- Elixir applications utilizing the ericmj/decimal package\n- Erlang BEAM Virtual Machine environments processing untrusted decimal inputs\n- **decimal**: >= 0.1.0, < 3.0.0 (Fixed in: `3.0.0`)\n\n## Mitigation\n\n- Upgrade ericmj/decimal dependency to version 3.0.0 or later.\n- Ensure Decimal.Context overrides do not set `emax` or `emin` to `:infinity`.\n- Implement application-level regex validation to reject scientific notation strings with exponents larger than 6000.\n\n**Remediation Steps:**\n1. Modify the `mix.exs` file to update the dependency requirement: `{:decimal, \"~> 3.0\"}`.\n2. Run `mix deps.get` and `mix deps.compile` to fetch and compile the patched version.\n3. Audit the codebase for any manual instances of `Decimal.Context.set/1` and ensure safe limits are maintained.\n4. Deploy the updated application build to production environments.\n\n## References\n\n- [GHSA-rhv4-8758-jx7v](https://github.com/ericmj/decimal/security/advisories/GHSA-rhv4-8758-jx7v)\n- [EEF CNA Record](https://cna.erlef.org/cves/CVE-2026-32686.html)\n- [Fix Commit 6a523f3a73b8c9974540e21c7aa88f1258bb35ae](https://github.com/ericmj/decimal/commit/6a523f3a73b8c9974540e21c7aa88f1258bb35ae)\n- [OSV Data](https://osv.dev/vulnerability/EEF-CVE-2026-32686)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-32686) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-12T15:40:29.000000Z"} {"uuid": "d266f5fc-2399-421c-9c85-a465908f1cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32686", "type": "seen", "source": "https://gist.github.com/alon710/d3518b26e6387505ec4774e026b70deb", "content": "# CVE-2026-32686: CVE-2026-32686: Unbounded Exponent Resource Exhaustion in ericmj/decimal\n\n> **CVSS Score:** 6.9\n> **Published:** 2026-05-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-32686\n\n## Summary\nThe ericmj/decimal Elixir library suffers from an uncontrolled resource consumption vulnerability. Parsing decimal strings with exceptionally large exponents succeeds with minimal memory overhead, but subsequent arithmetic operations or string formatting attempts to materialize the expanded value. This exhausts BEAM Virtual Machine memory, causing an immediate denial of service.\n\n## TL;DR\nUnbounded exponent parsing in ericmj/decimal allows remote attackers to crash the BEAM VM via OOM by supplying astronomical scientific notation values that trigger massive bignum allocations during arithmetic alignment.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-400: Uncontrolled Resource Consumption\n- **Attack Vector**: Network (via crafted scientific notation payload)\n- **CVSS v4.0**: 6.9 (MEDIUM)\n- **EPSS Score**: 0.07%\n- **Impact**: High Availability (Denial of Service via OOM)\n- **Exploit Status**: Proof of Concept available\n- **Patched Version**: 3.0.0\n\n## Affected Systems\n\n- Elixir applications utilizing the ericmj/decimal package\n- Erlang BEAM Virtual Machine environments processing untrusted decimal inputs\n- **decimal**: >= 0.1.0, < 3.0.0 (Fixed in: `3.0.0`)\n\n## Mitigation\n\n- Upgrade ericmj/decimal dependency to version 3.0.0 or later.\n- Ensure Decimal.Context overrides do not set `emax` or `emin` to `:infinity`.\n- Implement application-level regex validation to reject scientific notation strings with exponents larger than 6000.\n\n**Remediation Steps:**\n1. Modify the `mix.exs` file to update the dependency requirement: `{:decimal, \"~> 3.0\"}`.\n2. Run `mix deps.get` and `mix deps.compile` to fetch and compile the patched version.\n3. Audit the codebase for any manual instances of `Decimal.Context.set/1` and ensure safe limits are maintained.\n4. Deploy the updated application build to production environments.\n\n## References\n\n- [GHSA-rhv4-8758-jx7v](https://github.com/ericmj/decimal/security/advisories/GHSA-rhv4-8758-jx7v)\n- [EEF CNA Record](https://cna.erlef.org/cves/CVE-2026-32686.html)\n- [Fix Commit 6a523f3a73b8c9974540e21c7aa88f1258bb35ae](https://github.com/ericmj/decimal/commit/6a523f3a73b8c9974540e21c7aa88f1258bb35ae)\n- [OSV Data](https://osv.dev/vulnerability/EEF-CVE-2026-32686)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-32686) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-12T15:40:29.000000Z"} https://vulnerability.circl.lu/sighting/d266f5fc-2399-421c-9c85-a465908f1cb0/export Tue, 12 May 2026 15:40:29 +0000 https://vulnerability.circl.lu/sighting/9a571247-8d81-4767-834c-0cec535c810f/export {"uuid": "9a571247-8d81-4767-834c-0cec535c810f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "seen", "source": "https://t.me/GithubRedTeam/84618", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-32683\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ByteWraith1\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-18 01:46:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-18T02:00:04.000000Z"} {"uuid": "9a571247-8d81-4767-834c-0cec535c810f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "seen", "source": "https://t.me/GithubRedTeam/84618", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-32683\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ByteWraith1\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-18 01:46:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-18T02:00:04.000000Z"} https://vulnerability.circl.lu/sighting/9a571247-8d81-4767-834c-0cec535c810f/export Mon, 18 May 2026 02:00:04 +0000 https://vulnerability.circl.lu/sighting/ecd46611-a5f2-4cca-a6f3-daa80d507311/export {"uuid": "ecd46611-a5f2-4cca-a6f3-daa80d507311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "published-proof-of-concept", "source": "Telegram/BizTgRC_t78x1TLpzjT4_qblGrLzvn7xcotFgHWnbR4t71c", "content": "", "creation_timestamp": "2026-05-18T03:00:14.000000Z"} {"uuid": "ecd46611-a5f2-4cca-a6f3-daa80d507311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "published-proof-of-concept", "source": "Telegram/BizTgRC_t78x1TLpzjT4_qblGrLzvn7xcotFgHWnbR4t71c", "content": "", "creation_timestamp": "2026-05-18T03:00:14.000000Z"} https://vulnerability.circl.lu/sighting/ecd46611-a5f2-4cca-a6f3-daa80d507311/export Mon, 18 May 2026 03:00:14 +0000 https://vulnerability.circl.lu/sighting/8c2c9122-772b-452c-aa04-533bb97a5d5b/export {"uuid": "8c2c9122-772b-452c-aa04-533bb97a5d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'll back-port the patches to #leap 15.7-16.1 in the near future.\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen. \ud83d\udc2d\n\nThanks @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T09:52:49.453513Z"} {"uuid": "8c2c9122-772b-452c-aa04-533bb97a5d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'll back-port the patches to #leap 15.7-16.1 in the near future.\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen. \ud83d\udc2d\n\nThanks @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T09:52:49.453513Z"} https://vulnerability.circl.lu/sighting/8c2c9122-772b-452c-aa04-533bb97a5d5b/export Fri, 05 Jun 2026 09:52:49 +0000 https://vulnerability.circl.lu/sighting/d44136b7-4672-4821-a533-b4de04686eae/export {"uuid": "d44136b7-4672-4821-a533-b4de04686eae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'll back-port the patches to #leap 15.7-16.1 in the near future.\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen. \ud83d\udc2d\n\nThanks @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T09:52:49.455827Z"} {"uuid": "d44136b7-4672-4821-a533-b4de04686eae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'll back-port the patches to #leap 15.7-16.1 in the near future.\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen. \ud83d\udc2d\n\nThanks @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T09:52:49.455827Z"} https://vulnerability.circl.lu/sighting/d44136b7-4672-4821-a533-b4de04686eae/export Fri, 05 Jun 2026 09:52:49 +0000 https://vulnerability.circl.lu/sighting/892c2825-9858-4d38-8308-93bf890da7aa/export {"uuid": "892c2825-9858-4d38-8308-93bf890da7aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'm in the process of back-porting the patches to Leap 15.7-16.1\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen \ud83d\udc2d\n\nThank you @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T10:19:37.000785Z"} {"uuid": "892c2825-9858-4d38-8308-93bf890da7aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'm in the process of back-porting the patches to Leap 15.7-16.1\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen \ud83d\udc2d\n\nThank you @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T10:19:37.000785Z"} https://vulnerability.circl.lu/sighting/892c2825-9858-4d38-8308-93bf890da7aa/export Fri, 05 Jun 2026 10:19:37 +0000 https://vulnerability.circl.lu/sighting/fb971f00-4fbb-4230-a54d-9a3e18dd0af9/export {"uuid": "fb971f00-4fbb-4230-a54d-9a3e18dd0af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'm in the process of back-porting the patches to Leap 15.7-16.1\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen \ud83d\udc2d\n\nThank you @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T10:19:37.025081Z"} {"uuid": "fb971f00-4fbb-4230-a54d-9a3e18dd0af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'm in the process of back-porting the patches to Leap 15.7-16.1\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen \ud83d\udc2d\n\nThank you @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T10:19:37.025081Z"} https://vulnerability.circl.lu/sighting/fb971f00-4fbb-4230-a54d-9a3e18dd0af9/export Fri, 05 Jun 2026 10:19:37 +0000