<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 09 Jul 2026 19:21:01 +0000</lastBuildDate>
    <item>
      <title>03459ebe-6c8d-4287-ae61-bbcb4ae2f0c7</title>
      <link>https://vulnerability.circl.lu/sighting/03459ebe-6c8d-4287-ae61-bbcb4ae2f0c7/export</link>
      <description>{"uuid": "03459ebe-6c8d-4287-ae61-bbcb4ae2f0c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60104", "type": "seen", "source": "https://www.acn.gov.it/portale/w/bitwarden-poc-pubblico-per-lo-sfruttamento-di-una-nuova-vulnerabilita", "content": "Disponibile un Proof of Concept (PoC) per la vulnerabilit\u00e0 identificata tramite la CVE-2026-60104 \u2013 gi\u00e0 sanata dal vendor \u2013 presente in Bitwarden Server, noto software open source di gestione delle password. Tale vulnerabilit\u00e0, qualora sfruttata, potrebbe consentire ad un utente malintenzionato, appartenente alla stessa organizzazione e in presenza di specifiche condizioni, di eludere dei meccanismi di sicurezza e di accedere ad informazioni riservate sui sistemi target.", "creation_timestamp": "2026-07-09T16:00:46.270100Z"}</description>
      <content:encoded>{"uuid": "03459ebe-6c8d-4287-ae61-bbcb4ae2f0c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60104", "type": "seen", "source": "https://www.acn.gov.it/portale/w/bitwarden-poc-pubblico-per-lo-sfruttamento-di-una-nuova-vulnerabilita", "content": "Disponibile un Proof of Concept (PoC) per la vulnerabilit\u00e0 identificata tramite la CVE-2026-60104 \u2013 gi\u00e0 sanata dal vendor \u2013 presente in Bitwarden Server, noto software open source di gestione delle password. Tale vulnerabilit\u00e0, qualora sfruttata, potrebbe consentire ad un utente malintenzionato, appartenente alla stessa organizzazione e in presenza di specifiche condizioni, di eludere dei meccanismi di sicurezza e di accedere ad informazioni riservate sui sistemi target.", "creation_timestamp": "2026-07-09T16:00:46.270100Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/03459ebe-6c8d-4287-ae61-bbcb4ae2f0c7/export</guid>
      <pubDate>Thu, 09 Jul 2026 16:00:46 +0000</pubDate>
    </item>
    <item>
      <title>49b5daa5-589b-4e43-88e8-36e18daf8e49</title>
      <link>https://vulnerability.circl.lu/sighting/49b5daa5-589b-4e43-88e8-36e18daf8e49/export</link>
      <description>{"uuid": "49b5daa5-589b-4e43-88e8-36e18daf8e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60104", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq6a547swj2z", "content": "CVE-2026-60104 - server\nIf you're using an older version of Bitwarden Server, a malicious user with limited privileges could gain access to another user's encrypted data and take control of their account.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#server #bitwarden #CVE #infosec", "creation_timestamp": "2026-07-08T23:04:05.419307Z"}</description>
      <content:encoded>{"uuid": "49b5daa5-589b-4e43-88e8-36e18daf8e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60104", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq6a547swj2z", "content": "CVE-2026-60104 - server\nIf you're using an older version of Bitwarden Server, a malicious user with limited privileges could gain access to another user's encrypted data and take control of their account.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#server #bitwarden #CVE #infosec", "creation_timestamp": "2026-07-08T23:04:05.419307Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/49b5daa5-589b-4e43-88e8-36e18daf8e49/export</guid>
      <pubDate>Wed, 08 Jul 2026 23:04:05 +0000</pubDate>
    </item>
    <item>
      <title>ce2bdd5d-c0fb-4a25-8bc7-7042e1bdd017</title>
      <link>https://vulnerability.circl.lu/sighting/ce2bdd5d-c0fb-4a25-8bc7-7042e1bdd017/export</link>
      <description>{"uuid": "ce2bdd5d-c0fb-4a25-8bc7-7042e1bdd017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60104", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq65arfuib24", "content": "CVE-2026-60104 - Bitwarden Server\nCVE ID : CVE-2026-60104\n \n Published : July 8, 2026, 8:17 p.m. | 58\u00a0minutes ago\n \n Description : Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, a...", "creation_timestamp": "2026-07-08T22:12:26.904523Z"}</description>
      <content:encoded>{"uuid": "ce2bdd5d-c0fb-4a25-8bc7-7042e1bdd017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60104", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq65arfuib24", "content": "CVE-2026-60104 - Bitwarden Server\nCVE ID : CVE-2026-60104\n \n Published : July 8, 2026, 8:17 p.m. | 58\u00a0minutes ago\n \n Description : Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, a...", "creation_timestamp": "2026-07-08T22:12:26.904523Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ce2bdd5d-c0fb-4a25-8bc7-7042e1bdd017/export</guid>
      <pubDate>Wed, 08 Jul 2026 22:12:26 +0000</pubDate>
    </item>
  </channel>
</rss>
