<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 16 Jul 2026 19:38:38 +0000</lastBuildDate>
    <item>
      <title>6c046487-4782-4aeb-ab2c-576ece65e858</title>
      <link>https://vulnerability.circl.lu/sighting/6c046487-4782-4aeb-ab2c-576ece65e858/export</link>
      <description>{"uuid": "6c046487-4782-4aeb-ab2c-576ece65e858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqpzsv2mre2s", "content": "CVE-2026-54458 - AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin\nCVE ID : CVE-2026-54458\n \n Published : July 15, 2026, 10:17 p.m. | 17\u00a0minutes ago\n \n Description : WWBN AVideo is an open source video platform. Versi...", "creation_timestamp": "2026-07-16T00:58:55.212411Z"}</description>
      <content:encoded>{"uuid": "6c046487-4782-4aeb-ab2c-576ece65e858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqpzsv2mre2s", "content": "CVE-2026-54458 - AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin\nCVE ID : CVE-2026-54458\n \n Published : July 15, 2026, 10:17 p.m. | 17\u00a0minutes ago\n \n Description : WWBN AVideo is an open source video platform. Versi...", "creation_timestamp": "2026-07-16T00:58:55.212411Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6c046487-4782-4aeb-ab2c-576ece65e858/export</guid>
      <pubDate>Thu, 16 Jul 2026 00:58:55 +0000</pubDate>
    </item>
    <item>
      <title>f57c96d1-7a6e-4c7b-beb6-d75677c92d2a</title>
      <link>https://vulnerability.circl.lu/sighting/f57c96d1-7a6e-4c7b-beb6-d75677c92d2a/export</link>
      <description>{"uuid": "f57c96d1-7a6e-4c7b-beb6-d75677c92d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54458", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqpwktbn4u2k", "content": "WWBN AVideo &amp;lt;29.0 hit by CRITICAL XSS (CVE-2026-54458). Unauthenticated attackers can hijack admin sessions via YPTSocket plugin. Upgrade to v29.0 ASAP. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-54458-cwe-79-improper-neutralization-of-i-57743e6d03256988 #OffSeq #XSS #AppSec", "creation_timestamp": "2026-07-16T00:00:44.539848Z"}</description>
      <content:encoded>{"uuid": "f57c96d1-7a6e-4c7b-beb6-d75677c92d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54458", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqpwktbn4u2k", "content": "WWBN AVideo &amp;lt;29.0 hit by CRITICAL XSS (CVE-2026-54458). Unauthenticated attackers can hijack admin sessions via YPTSocket plugin. Upgrade to v29.0 ASAP. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-54458-cwe-79-improper-neutralization-of-i-57743e6d03256988 #OffSeq #XSS #AppSec", "creation_timestamp": "2026-07-16T00:00:44.539848Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f57c96d1-7a6e-4c7b-beb6-d75677c92d2a/export</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:44 +0000</pubDate>
    </item>
    <item>
      <title>29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00</title>
      <link>https://vulnerability.circl.lu/sighting/29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00/export</link>
      <description>{"uuid": "29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54458", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116926712479422983", "content": "CVE-2026-54458 (CRITICAL, CVSS 9.6): WWBN AVideo (&amp;lt;29.0) suffers stored DOM XSS in YPTSocket plugin. Unauthenticated attackers can hijack admin sessions. Patch now \u2014 upgrade to v29.0. https://radar.offseq.com/threat/cve-2026-54458-cwe-79-improper-neutralization-of-i-57743e6d03256988 #OffSeq #XSS #WWBNA Video #infosec", "creation_timestamp": "2026-07-16T00:00:43.633185Z"}</description>
      <content:encoded>{"uuid": "29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54458", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116926712479422983", "content": "CVE-2026-54458 (CRITICAL, CVSS 9.6): WWBN AVideo (&amp;lt;29.0) suffers stored DOM XSS in YPTSocket plugin. Unauthenticated attackers can hijack admin sessions. Patch now \u2014 upgrade to v29.0. https://radar.offseq.com/threat/cve-2026-54458-cwe-79-improper-neutralization-of-i-57743e6d03256988 #OffSeq #XSS #WWBNA Video #infosec", "creation_timestamp": "2026-07-16T00:00:43.633185Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/29aeb0f8-d0bb-459d-b4cd-06f7e18b5b00/export</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:43 +0000</pubDate>
    </item>
    <item>
      <title>ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c</title>
      <link>https://vulnerability.circl.lu/sighting/ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c/export</link>
      <description>{"uuid": "ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpta3kei225", "content": "\ud83d\udd34 CVE-2026-54458 - Critical (9.6)\n\nWWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-S...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-54458/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-15T23:01:02.355479Z"}</description>
      <content:encoded>{"uuid": "ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqpta3kei225", "content": "\ud83d\udd34 CVE-2026-54458 - Critical (9.6)\n\nWWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-S...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-54458/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-15T23:01:02.355479Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ccfcb0a0-6734-40db-aed5-8eed1e1dfe4c/export</guid>
      <pubDate>Wed, 15 Jul 2026 23:01:02 +0000</pubDate>
    </item>
    <item>
      <title>452d3b45-2d89-4193-861a-74ba5bc2c092</title>
      <link>https://vulnerability.circl.lu/sighting/452d3b45-2d89-4193-861a-74ba5bc2c092/export</link>
      <description>{"uuid": "452d3b45-2d89-4193-861a-74ba5bc2c092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqpq2bpz642l", "content": "CVE-2026-54458 - wwbn/avideo\nThe AVideo YPTSocket plugin has a security flaw that allows an attacker to inject malicious code into the website's content, potentially affecting administrators viewing the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wwbn #PHP #CVE #infosec", "creation_timestamp": "2026-07-15T22:04:05.762137Z"}</description>
      <content:encoded>{"uuid": "452d3b45-2d89-4193-861a-74ba5bc2c092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54458", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqpq2bpz642l", "content": "CVE-2026-54458 - wwbn/avideo\nThe AVideo YPTSocket plugin has a security flaw that allows an attacker to inject malicious code into the website's content, potentially affecting administrators viewing the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wwbn #PHP #CVE #infosec", "creation_timestamp": "2026-07-15T22:04:05.762137Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/452d3b45-2d89-4193-861a-74ba5bc2c092/export</guid>
      <pubDate>Wed, 15 Jul 2026 22:04:05 +0000</pubDate>
    </item>
    <item>
      <title>384291cc-4796-4d4d-b8cb-d809ef562c4f</title>
      <link>https://vulnerability.circl.lu/sighting/384291cc-4796-4d4d-b8cb-d809ef562c4f/export</link>
      <description>{"uuid": "384291cc-4796-4d4d-b8cb-d809ef562c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54458", "type": "published-proof-of-concept", "source": "https://github.com/WWBN/AVideo/security/advisories/GHSA-8whc-2wmv-ww35", "content": "", "creation_timestamp": "2026-06-04T14:49:58.000000Z"}</description>
      <content:encoded>{"uuid": "384291cc-4796-4d4d-b8cb-d809ef562c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54458", "type": "published-proof-of-concept", "source": "https://github.com/WWBN/AVideo/security/advisories/GHSA-8whc-2wmv-ww35", "content": "", "creation_timestamp": "2026-06-04T14:49:58.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/384291cc-4796-4d4d-b8cb-d809ef562c4f/export</guid>
      <pubDate>Thu, 04 Jun 2026 14:49:58 +0000</pubDate>
    </item>
  </channel>
</rss>
