<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 08 Jul 2026 19:53:33 +0000</lastBuildDate>
    <item>
      <title>7438ba62-ee7e-4528-ab45-a6e84892da7b</title>
      <link>https://vulnerability.circl.lu/sighting/7438ba62-ee7e-4528-ab45-a6e84892da7b/export</link>
      <description>{"uuid": "7438ba62-ee7e-4528-ab45-a6e84892da7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2z7dj6b22i", "content": "CVE-2026-33264 - apache airflow\nA bug in Apache Airflow allowed malicious DAG authors to execute code on the Airflow server, potentially leading to unauthorized access or data breaches. To\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apacheairflow #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-07T16:22:04.705363Z"}</description>
      <content:encoded>{"uuid": "7438ba62-ee7e-4528-ab45-a6e84892da7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2z7dj6b22i", "content": "CVE-2026-33264 - apache airflow\nA bug in Apache Airflow allowed malicious DAG authors to execute code on the Airflow server, potentially leading to unauthorized access or data breaches. To\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apacheairflow #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-07T16:22:04.705363Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7438ba62-ee7e-4528-ab45-a6e84892da7b/export</guid>
      <pubDate>Tue, 07 Jul 2026 16:22:04 +0000</pubDate>
    </item>
    <item>
      <title>0ec945df-5467-4913-a299-a1ccd45ef6da</title>
      <link>https://vulnerability.circl.lu/sighting/0ec945df-5467-4913-a299-a1ccd45ef6da/export</link>
      <description>{"uuid": "0ec945df-5467-4913-a299-a1ccd45ef6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq2k4insdp2w", "content": "CVE-2026-33264 - Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()\nCVE ID : CVE-2026-33264\n \n Published : July 7, 2026, 10:16 a.m. | 1\u00a0hour, 31\u00a0minutes ago\n \n Description : A bug in `BaseSerialization.deserialize()`...", "creation_timestamp": "2026-07-07T11:52:06.860608Z"}</description>
      <content:encoded>{"uuid": "0ec945df-5467-4913-a299-a1ccd45ef6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq2k4insdp2w", "content": "CVE-2026-33264 - Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()\nCVE ID : CVE-2026-33264\n \n Published : July 7, 2026, 10:16 a.m. | 1\u00a0hour, 31\u00a0minutes ago\n \n Description : A bug in `BaseSerialization.deserialize()`...", "creation_timestamp": "2026-07-07T11:52:06.860608Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0ec945df-5467-4913-a299-a1ccd45ef6da/export</guid>
      <pubDate>Tue, 07 Jul 2026 11:52:06 +0000</pubDate>
    </item>
    <item>
      <title>f9bc7807-3cae-4760-a1f7-838499005021</title>
      <link>https://vulnerability.circl.lu/sighting/f9bc7807-3cae-4760-a1f7-838499005021/export</link>
      <description>{"uuid": "f9bc7807-3cae-4760-a1f7-838499005021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq2jez5o4b27", "content": "CVE-2026-33264: Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()", "creation_timestamp": "2026-07-07T11:38:55.238434Z"}</description>
      <content:encoded>{"uuid": "f9bc7807-3cae-4760-a1f7-838499005021", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33264", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq2jez5o4b27", "content": "CVE-2026-33264: Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()", "creation_timestamp": "2026-07-07T11:38:55.238434Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f9bc7807-3cae-4760-a1f7-838499005021/export</guid>
      <pubDate>Tue, 07 Jul 2026 11:38:55 +0000</pubDate>
    </item>
    <item>
      <title>f726afa5-65ce-4b64-bdc6-25b05107873e</title>
      <link>https://vulnerability.circl.lu/sighting/f726afa5-65ce-4b64-bdc6-25b05107873e/export</link>
      <description>{"uuid": "f726afa5-65ce-4b64-bdc6-25b05107873e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq2fkleckz23", "content": "CVE-2026-33264: Apache Airflow &amp;lt;3.3.0 has a CRITICAL deserialization bug \u2014 DAG authors could trigger RCE on Scheduler/API Server. Upgrade to 3.3.0+ and restrict deserialization classes now. https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq...", "creation_timestamp": "2026-07-07T10:30:27.679495Z"}</description>
      <content:encoded>{"uuid": "f726afa5-65ce-4b64-bdc6-25b05107873e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq2fkleckz23", "content": "CVE-2026-33264: Apache Airflow &amp;lt;3.3.0 has a CRITICAL deserialization bug \u2014 DAG authors could trigger RCE on Scheduler/API Server. Upgrade to 3.3.0+ and restrict deserialization classes now. https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq...", "creation_timestamp": "2026-07-07T10:30:27.679495Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f726afa5-65ce-4b64-bdc6-25b05107873e/export</guid>
      <pubDate>Tue, 07 Jul 2026 10:30:27 +0000</pubDate>
    </item>
    <item>
      <title>40625e39-10fd-4ea9-862c-e87809332be5</title>
      <link>https://vulnerability.circl.lu/sighting/40625e39-10fd-4ea9-862c-e87809332be5/export</link>
      <description>{"uuid": "40625e39-10fd-4ea9-862c-e87809332be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116878227880912732", "content": "CVE-2026-33264: Apache Airflow &amp;lt;3.3.0 has a CRITICAL deserialization flaw. DAG authors can trigger remote code execution on Scheduler/API Server. Upgrade to 3.3.0+ and restrict allowed_deserialization_classes. Details: https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq #Airflow #Infosec #CVE202633264", "creation_timestamp": "2026-07-07T10:30:26.100516Z"}</description>
      <content:encoded>{"uuid": "40625e39-10fd-4ea9-862c-e87809332be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116878227880912732", "content": "CVE-2026-33264: Apache Airflow &amp;lt;3.3.0 has a CRITICAL deserialization flaw. DAG authors can trigger remote code execution on Scheduler/API Server. Upgrade to 3.3.0+ and restrict allowed_deserialization_classes. Details: https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq #Airflow #Infosec #CVE202633264", "creation_timestamp": "2026-07-07T10:30:26.100516Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/40625e39-10fd-4ea9-862c-e87809332be5/export</guid>
      <pubDate>Tue, 07 Jul 2026 10:30:26 +0000</pubDate>
    </item>
  </channel>
</rss>
