https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 04 Jun 2026 22:30:07 +0000 https://vulnerability.circl.lu/sighting/ee218e6b-03d2-4709-b6bc-f6774727d745/export {"uuid": "ee218e6b-03d2-4709-b6bc-f6774727d745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlerpeba2u2n", "content": "\ud83d\udd34 CVE-2026-42193 - Critical (9.1)\n\nPlunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webh...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42193/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T22:28:32.583927Z"} {"uuid": "ee218e6b-03d2-4709-b6bc-f6774727d745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlerpeba2u2n", "content": "\ud83d\udd34 CVE-2026-42193 - Critical (9.1)\n\nPlunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webh...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42193/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T22:28:32.583927Z"} https://vulnerability.circl.lu/sighting/ee218e6b-03d2-4709-b6bc-f6774727d745/export Fri, 08 May 2026 22:28:32 +0000 https://vulnerability.circl.lu/sighting/e3523dcc-2f32-43cc-aef2-0afd1e502891/export {"uuid": "e3523dcc-2f32-43cc-aef2-0afd1e502891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mles67hmih2p", "content": "CVE-2026-42193 - Plunk: SNS webhook forgery\nCVE ID : CVE-2026-42193\n \n Published : May 8, 2026, 9:12 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon...", "creation_timestamp": "2026-05-08T22:36:49.958032Z"} {"uuid": "e3523dcc-2f32-43cc-aef2-0afd1e502891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mles67hmih2p", "content": "CVE-2026-42193 - Plunk: SNS webhook forgery\nCVE ID : CVE-2026-42193\n \n Published : May 8, 2026, 9:12 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon...", "creation_timestamp": "2026-05-08T22:36:49.958032Z"} https://vulnerability.circl.lu/sighting/e3523dcc-2f32-43cc-aef2-0afd1e502891/export Fri, 08 May 2026 22:36:49 +0000 https://vulnerability.circl.lu/sighting/224aadc9-7962-4c4a-a467-043af0ae0509/export {"uuid": "224aadc9-7962-4c4a-a467-043af0ae0509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42192", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesb2ac3g2r", "content": "CVE-2026-42192 - Plunk: Stored XSS in campaign view\nCVE ID : CVE-2026-42192\n \n Published : May 8, 2026, 9:13 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XS...", "creation_timestamp": "2026-05-08T22:38:25.119018Z"} {"uuid": "224aadc9-7962-4c4a-a467-043af0ae0509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42192", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesb2ac3g2r", "content": "CVE-2026-42192 - Plunk: Stored XSS in campaign view\nCVE ID : CVE-2026-42192\n \n Published : May 8, 2026, 9:13 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XS...", "creation_timestamp": "2026-05-08T22:38:25.119018Z"} https://vulnerability.circl.lu/sighting/224aadc9-7962-4c4a-a467-043af0ae0509/export Fri, 08 May 2026 22:38:25 +0000 https://vulnerability.circl.lu/sighting/abb42f32-4a8f-4b5a-b149-0051ac33d2a8/export {"uuid": "abb42f32-4a8f-4b5a-b149-0051ac33d2a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42199", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesrz5rvk2i", "content": "CVE-2026-42199 - Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior\nCVE ID : CVE-2026-42199\n \n Published : May 8, 2026, 9:15 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : Grid is a data structure grid for rust. From version 0.17.0 to before versi...", "creation_timestamp": "2026-05-08T22:47:54.519615Z"} {"uuid": "abb42f32-4a8f-4b5a-b149-0051ac33d2a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42199", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesrz5rvk2i", "content": "CVE-2026-42199 - Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior\nCVE ID : CVE-2026-42199\n \n Published : May 8, 2026, 9:15 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : Grid is a data structure grid for rust. From version 0.17.0 to before versi...", "creation_timestamp": "2026-05-08T22:47:54.519615Z"} https://vulnerability.circl.lu/sighting/abb42f32-4a8f-4b5a-b149-0051ac33d2a8/export Fri, 08 May 2026 22:47:54 +0000 https://vulnerability.circl.lu/sighting/dbd4d183-d82b-4714-bc0b-f647736f3f3f/export {"uuid": "dbd4d183-d82b-4714-bc0b-f647736f3f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42190", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesw5ku2r2n", "content": "CVE-2026-42190 - RedwoodSDK: Same-site CSRF in in server actions\nCVE ID : CVE-2026-42190\n \n Published : May 8, 2026, 8:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server act...", "creation_timestamp": "2026-05-08T22:50:13.326607Z"} {"uuid": "dbd4d183-d82b-4714-bc0b-f647736f3f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42190", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesw5ku2r2n", "content": "CVE-2026-42190 - RedwoodSDK: Same-site CSRF in in server actions\nCVE ID : CVE-2026-42190\n \n Published : May 8, 2026, 8:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server act...", "creation_timestamp": "2026-05-08T22:50:13.326607Z"} https://vulnerability.circl.lu/sighting/dbd4d183-d82b-4714-bc0b-f647736f3f3f/export Fri, 08 May 2026 22:50:13 +0000 https://vulnerability.circl.lu/sighting/2f0e8dca-695e-454a-9fb2-e05a06035850/export {"uuid": "2f0e8dca-695e-454a-9fb2-e05a06035850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42195", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlev5a4qp62k", "content": "CVE-2026-42195 - Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host\nCVE ID : CVE-2026-42195\n \n Published : May 8, 2026, 9:22 p.m. | 1\u00a0hour, 3\u00a0minutes ago\n \n Description : draw.io is a configurable diagramming and whiteboarding applicati...", "creation_timestamp": "2026-05-08T23:29:58.306314Z"} {"uuid": "2f0e8dca-695e-454a-9fb2-e05a06035850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42195", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlev5a4qp62k", "content": "CVE-2026-42195 - Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host\nCVE ID : CVE-2026-42195\n \n Published : May 8, 2026, 9:22 p.m. | 1\u00a0hour, 3\u00a0minutes ago\n \n Description : draw.io is a configurable diagramming and whiteboarding applicati...", "creation_timestamp": "2026-05-08T23:29:58.306314Z"} https://vulnerability.circl.lu/sighting/2f0e8dca-695e-454a-9fb2-e05a06035850/export Fri, 08 May 2026 23:29:58 +0000 https://vulnerability.circl.lu/sighting/a1d9a474-83ad-4c33-844f-0f856fa5ff1a/export {"uuid": "a1d9a474-83ad-4c33-844f-0f856fa5ff1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116543444093952130", "content": "\ud83d\udea8 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 \u2014 verify your version & check vendor advisory. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #Vuln #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:30.998419Z"} {"uuid": "a1d9a474-83ad-4c33-844f-0f856fa5ff1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116543444093952130", "content": "\ud83d\udea8 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 \u2014 verify your version & check vendor advisory. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #Vuln #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:30.998419Z"} https://vulnerability.circl.lu/sighting/a1d9a474-83ad-4c33-844f-0f856fa5ff1a/export Sat, 09 May 2026 07:30:30 +0000 https://vulnerability.circl.lu/sighting/99831c94-f9e8-4d37-9d0c-6fc1a172c63e/export {"uuid": "99831c94-f9e8-4d37-9d0c-6fc1a172c63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlfpykd4vo2v", "content": "CRITICAL vuln in Plunk (useplunk) < 0.9.0: SNS signatures not verified, allowing spoofed webhook abuse. Patched in 0.9.0 \u2014 confirm your version with vendor. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:33.624314Z"} {"uuid": "99831c94-f9e8-4d37-9d0c-6fc1a172c63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlfpykd4vo2v", "content": "CRITICAL vuln in Plunk (useplunk) < 0.9.0: SNS signatures not verified, allowing spoofed webhook abuse. Patched in 0.9.0 \u2014 confirm your version with vendor. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:33.624314Z"} https://vulnerability.circl.lu/sighting/99831c94-f9e8-4d37-9d0c-6fc1a172c63e/export Sat, 09 May 2026 07:30:33 +0000 https://vulnerability.circl.lu/sighting/7eac5b20-e510-45ef-bdf9-8a03827c3a36/export {"uuid": "7eac5b20-e510-45ef-bdf9-8a03827c3a36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42198", "type": "seen", "source": "https://bsky.app/profile/releaseport.com/post/3mlgjf6zk4w27", "content": "starrocks 4.0.10 patches CVE-2026-42198\nACID Hive query restriction prevents silent data errors; three dependency CVEs patched.\nUpgrade carefully.\n\n\u2192 releaseport.com/r/starrocks-starrocks/4-0-10", "creation_timestamp": "2026-05-09T15:05:00.477966Z"} {"uuid": "7eac5b20-e510-45ef-bdf9-8a03827c3a36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42198", "type": "seen", "source": "https://bsky.app/profile/releaseport.com/post/3mlgjf6zk4w27", "content": "starrocks 4.0.10 patches CVE-2026-42198\nACID Hive query restriction prevents silent data errors; three dependency CVEs patched.\nUpgrade carefully.\n\n\u2192 releaseport.com/r/starrocks-starrocks/4-0-10", "creation_timestamp": "2026-05-09T15:05:00.477966Z"} https://vulnerability.circl.lu/sighting/7eac5b20-e510-45ef-bdf9-8a03827c3a36/export Sat, 09 May 2026 15:05:00 +0000 https://vulnerability.circl.lu/sighting/3544e2da-435d-447d-a129-281edd9ec146/export {"uuid": "3544e2da-435d-447d-a129-281edd9ec146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42197", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmukl5eklo2x", "content": "RELATE\u306e\u7279\u5b9a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3001\u5b66\u751f\u304c\u7ba1\u7406\u8005\u30d6\u30e9\u30a6\u30b6\u3067\u4efb\u610f\u306eJS\u3092\u5b9f\u884c\u53ef\u80fd\u3002\u30d7\u30ed\u30d5\u30a3\u30fc\u30eb\u6b04\u306e\u672a\u30b5\u30cb\u30bf\u30a4\u30ba\u306a\u6c0f\u540d\u304c\u7ba1\u7406\u8005\u8868\u793a\u6642\u306bXSS\u3092\u5f15\u304d\u8d77\u3053\u3059\u3002\nCVE-2026-42197 CVSS 8.7 | HIGH", "creation_timestamp": "2026-05-27T22:28:41.495793Z"} {"uuid": "3544e2da-435d-447d-a129-281edd9ec146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42197", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmukl5eklo2x", "content": "RELATE\u306e\u7279\u5b9a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3001\u5b66\u751f\u304c\u7ba1\u7406\u8005\u30d6\u30e9\u30a6\u30b6\u3067\u4efb\u610f\u306eJS\u3092\u5b9f\u884c\u53ef\u80fd\u3002\u30d7\u30ed\u30d5\u30a3\u30fc\u30eb\u6b04\u306e\u672a\u30b5\u30cb\u30bf\u30a4\u30ba\u306a\u6c0f\u540d\u304c\u7ba1\u7406\u8005\u8868\u793a\u6642\u306bXSS\u3092\u5f15\u304d\u8d77\u3053\u3059\u3002\nCVE-2026-42197 CVSS 8.7 | HIGH", "creation_timestamp": "2026-05-27T22:28:41.495793Z"} https://vulnerability.circl.lu/sighting/3544e2da-435d-447d-a129-281edd9ec146/export Wed, 27 May 2026 22:28:41 +0000