<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 15 Jul 2026 11:24:51 +0000</lastBuildDate>
    <item>
      <title>1068df3b-d79e-4458-a8df-0f2ff4e34dd8</title>
      <link>https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export</link>
      <description>{"uuid": "1068df3b-d79e-4458-a8df-0f2ff4e34dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnn7o72j22i", "content": "CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass\nCVE ID : CVE-2026-45363\n \n Published : July 14, 2026, 10:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT...", "creation_timestamp": "2026-07-15T02:08:06.573441Z"}</description>
      <content:encoded>{"uuid": "1068df3b-d79e-4458-a8df-0f2ff4e34dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnn7o72j22i", "content": "CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass\nCVE ID : CVE-2026-45363\n \n Published : July 14, 2026, 10:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT...", "creation_timestamp": "2026-07-15T02:08:06.573441Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export</guid>
      <pubDate>Wed, 15 Jul 2026 02:08:06 +0000</pubDate>
    </item>
    <item>
      <title>d3b923ca-2333-43ff-9e2f-a067b8fa09a6</title>
      <link>https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export</link>
      <description>{"uuid": "d3b923ca-2333-43ff-9e2f-a067b8fa09a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116921050127676424", "content": "CVE-2026-45363: CRITICAL improper authentication in ruby-jwt (&amp;lt;2.10.3, &amp;lt;3.2.0) lets attackers forge JWTs with empty HMAC keys. Immediate upgrade required to 2.10.3/3.2.0. Impact: auth bypass, high integrity risk. https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #CVE202645363 #ruby #jwt #infosec", "creation_timestamp": "2026-07-15T00:00:44.533087Z"}</description>
      <content:encoded>{"uuid": "d3b923ca-2333-43ff-9e2f-a067b8fa09a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116921050127676424", "content": "CVE-2026-45363: CRITICAL improper authentication in ruby-jwt (&amp;lt;2.10.3, &amp;lt;3.2.0) lets attackers forge JWTs with empty HMAC keys. Immediate upgrade required to 2.10.3/3.2.0. Impact: auth bypass, high integrity risk. https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #CVE202645363 #ruby #jwt #infosec", "creation_timestamp": "2026-07-15T00:00:44.533087Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export</guid>
      <pubDate>Wed, 15 Jul 2026 00:00:44 +0000</pubDate>
    </item>
    <item>
      <title>26e33862-a2f7-43d5-86a9-a7e156c5e735</title>
      <link>https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export</link>
      <description>{"uuid": "26e33862-a2f7-43d5-86a9-a7e156c5e735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqng3v7m442f", "content": "ruby-jwt CRITICAL vulnerability (CVE-2026-45363): Versions &amp;lt;2.10.3 &amp;amp; &amp;lt;3.2.0 let attackers forge JWT tokens with empty HMAC keys. Upgrade to 2.10.3/3.2.0 now. \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #rubyjwt #CVE202645363", "creation_timestamp": "2026-07-15T00:00:43.319112Z"}</description>
      <content:encoded>{"uuid": "26e33862-a2f7-43d5-86a9-a7e156c5e735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqng3v7m442f", "content": "ruby-jwt CRITICAL vulnerability (CVE-2026-45363): Versions &amp;lt;2.10.3 &amp;amp; &amp;lt;3.2.0 let attackers forge JWT tokens with empty HMAC keys. Upgrade to 2.10.3/3.2.0 now. \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #rubyjwt #CVE202645363", "creation_timestamp": "2026-07-15T00:00:43.319112Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export</guid>
      <pubDate>Wed, 15 Jul 2026 00:00:43 +0000</pubDate>
    </item>
    <item>
      <title>af1c7d2f-fc13-4109-b787-5428399d772d</title>
      <link>https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export</link>
      <description>{"uuid": "af1c7d2f-fc13-4109-b787-5428399d772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaypv4m2v", "content": "CVE-2026-45363 - jwt\nAn attacker can forge a valid JWT token without knowing the secret key. This is possible if the key is empty, or if the keyfinder returns an empty string or nil. To prevent this,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jwt #timrudat #Ruby #CVE #infosec", "creation_timestamp": "2026-07-14T22:16:11.854835Z"}</description>
      <content:encoded>{"uuid": "af1c7d2f-fc13-4109-b787-5428399d772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaypv4m2v", "content": "CVE-2026-45363 - jwt\nAn attacker can forge a valid JWT token without knowing the secret key. This is possible if the key is empty, or if the keyfinder returns an empty string or nil. To prevent this,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jwt #timrudat #Ruby #CVE #infosec", "creation_timestamp": "2026-07-14T22:16:11.854835Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export</guid>
      <pubDate>Tue, 14 Jul 2026 22:16:11 +0000</pubDate>
    </item>
  </channel>
</rss>
