<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 12:56:27 +0000</lastBuildDate>
    <item>
      <title>2a8f223f-352e-4e74-812b-6ecde720ba65</title>
      <link>https://vulnerability.circl.lu/sighting/2a8f223f-352e-4e74-812b-6ecde720ba65/export</link>
      <description>{"uuid": "2a8f223f-352e-4e74-812b-6ecde720ba65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5524", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mppnlm5eck2m", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-5524 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Divi Form Builder: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 WordPress\n\n\n\nhttps://kripta.biz/posts/08F7D531-1ECB-4A9B-A0C6-8E8837A63595", "creation_timestamp": "2026-07-03T03:54:54.211492Z"}</description>
      <content:encoded>{"uuid": "2a8f223f-352e-4e74-812b-6ecde720ba65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5524", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mppnlm5eck2m", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-5524 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Divi Form Builder: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 WordPress\n\n\n\nhttps://kripta.biz/posts/08F7D531-1ECB-4A9B-A0C6-8E8837A63595", "creation_timestamp": "2026-07-03T03:54:54.211492Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2a8f223f-352e-4e74-812b-6ecde720ba65/export</guid>
      <pubDate>Fri, 03 Jul 2026 03:54:54 +0000</pubDate>
    </item>
    <item>
      <title>b879054f-9fa6-4ec3-b1bd-53c36013ed46</title>
      <link>https://vulnerability.circl.lu/sighting/b879054f-9fa6-4ec3-b1bd-53c36013ed46/export</link>
      <description>{"uuid": "b879054f-9fa6-4ec3-b1bd-53c36013ed46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5524", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mpot3pwt7u2b", "content": "CVE-2026-5524 [CRITICAL] nginx\n\nThe Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in th\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-5524", "creation_timestamp": "2026-07-02T20:00:44.466974Z"}</description>
      <content:encoded>{"uuid": "b879054f-9fa6-4ec3-b1bd-53c36013ed46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5524", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mpot3pwt7u2b", "content": "CVE-2026-5524 [CRITICAL] nginx\n\nThe Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in th\u2026\n\nnvd.nist.gov/vuln/detail/CVE-2026-5524", "creation_timestamp": "2026-07-02T20:00:44.466974Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b879054f-9fa6-4ec3-b1bd-53c36013ed46/export</guid>
      <pubDate>Thu, 02 Jul 2026 20:00:44 +0000</pubDate>
    </item>
    <item>
      <title>f55c71f3-0d56-4dd7-b44f-15f253abb59d</title>
      <link>https://vulnerability.circl.lu/sighting/f55c71f3-0d56-4dd7-b44f-15f253abb59d/export</link>
      <description>{"uuid": "f55c71f3-0d56-4dd7-b44f-15f253abb59d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5524", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpo5c24aet2x", "content": "Divi Form Builder &amp;lt;=5.1.8 hit by CRITICAL RCE flaw \u2014 unauthenticated attackers can upload executable PHP files due to weak validation. Restrict uploads, monitor for patches. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-5524-cwe-434-unrestricted-upload-of-file--ef397843e92862b0 #OffSeq #WordPress #S...", "creation_timestamp": "2026-07-02T13:30:34.641050Z"}</description>
      <content:encoded>{"uuid": "f55c71f3-0d56-4dd7-b44f-15f253abb59d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5524", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpo5c24aet2x", "content": "Divi Form Builder &amp;lt;=5.1.8 hit by CRITICAL RCE flaw \u2014 unauthenticated attackers can upload executable PHP files due to weak validation. Restrict uploads, monitor for patches. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-5524-cwe-434-unrestricted-upload-of-file--ef397843e92862b0 #OffSeq #WordPress #S...", "creation_timestamp": "2026-07-02T13:30:34.641050Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f55c71f3-0d56-4dd7-b44f-15f253abb59d/export</guid>
      <pubDate>Thu, 02 Jul 2026 13:30:34 +0000</pubDate>
    </item>
    <item>
      <title>58a625d1-32e9-4303-8ca7-ed18ea338271</title>
      <link>https://vulnerability.circl.lu/sighting/58a625d1-32e9-4303-8ca7-ed18ea338271/export</link>
      <description>{"uuid": "58a625d1-32e9-4303-8ca7-ed18ea338271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5524", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116850624546842014", "content": "CVE-2026-5524: Divi Form Builder &amp;lt;=5.1.8 has a CRITICAL file upload vuln (CVSS 9.8). Unauth RCE possible via PHP extensions not blocked by .htaccess, esp. on Nginx. Restrict uploads, monitor for patch. https://radar.offseq.com/threat/cve-2026-5524-cwe-434-unrestricted-upload-of-file--ef397843e92862b0 #OffSeq #WordPress #Infosec #CVE2026_5524", "creation_timestamp": "2026-07-02T13:30:32.505483Z"}</description>
      <content:encoded>{"uuid": "58a625d1-32e9-4303-8ca7-ed18ea338271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5524", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116850624546842014", "content": "CVE-2026-5524: Divi Form Builder &amp;lt;=5.1.8 has a CRITICAL file upload vuln (CVSS 9.8). Unauth RCE possible via PHP extensions not blocked by .htaccess, esp. on Nginx. Restrict uploads, monitor for patch. https://radar.offseq.com/threat/cve-2026-5524-cwe-434-unrestricted-upload-of-file--ef397843e92862b0 #OffSeq #WordPress #Infosec #CVE2026_5524", "creation_timestamp": "2026-07-02T13:30:32.505483Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/58a625d1-32e9-4303-8ca7-ed18ea338271/export</guid>
      <pubDate>Thu, 02 Jul 2026 13:30:32 +0000</pubDate>
    </item>
    <item>
      <title>79b86cb0-66eb-402d-8cdd-5da0a4ba7a64</title>
      <link>https://vulnerability.circl.lu/sighting/79b86cb0-66eb-402d-8cdd-5da0a4ba7a64/export</link>
      <description>{"uuid": "79b86cb0-66eb-402d-8cdd-5da0a4ba7a64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55249", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnl5nomc72l", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-55249 \u0432 @rtk-ai/rtk-rewrite: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/AEF0C20A-FB7C-4FBC-B843-DB2B35CCC1C0", "creation_timestamp": "2026-07-02T08:05:59.588028Z"}</description>
      <content:encoded>{"uuid": "79b86cb0-66eb-402d-8cdd-5da0a4ba7a64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55249", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnl5nomc72l", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-55249 \u0432 @rtk-ai/rtk-rewrite: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/AEF0C20A-FB7C-4FBC-B843-DB2B35CCC1C0", "creation_timestamp": "2026-07-02T08:05:59.588028Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/79b86cb0-66eb-402d-8cdd-5da0a4ba7a64/export</guid>
      <pubDate>Thu, 02 Jul 2026 08:05:59 +0000</pubDate>
    </item>
    <item>
      <title>e18541a4-118c-448c-bd58-727d17b1d482</title>
      <link>https://vulnerability.circl.lu/sighting/e18541a4-118c-448c-bd58-727d17b1d482/export</link>
      <description>{"uuid": "e18541a4-118c-448c-bd58-727d17b1d482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moybmxdeit2j", "content": "CVE-2026-55249 - @rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String\nCVE ID : CVE-2026-55249\n \n Published : June 23, 2026, 6:33 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : @rtk-ai/rtk-rewrite transparently rewrites shell commands exec...", "creation_timestamp": "2026-06-23T20:49:40.723172Z"}</description>
      <content:encoded>{"uuid": "e18541a4-118c-448c-bd58-727d17b1d482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moybmxdeit2j", "content": "CVE-2026-55249 - @rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String\nCVE ID : CVE-2026-55249\n \n Published : June 23, 2026, 6:33 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : @rtk-ai/rtk-rewrite transparently rewrites shell commands exec...", "creation_timestamp": "2026-06-23T20:49:40.723172Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e18541a4-118c-448c-bd58-727d17b1d482/export</guid>
      <pubDate>Tue, 23 Jun 2026 20:49:40 +0000</pubDate>
    </item>
  </channel>
</rss>
