Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-27T23:07:09.324281+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/03f3d285-4bc5-4c07-9b61-b0ed552af415/export 03f3d285-4bc5-4c07-9b61-b0ed552af415 2026-06-27T23:07:09.353561+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "03f3d285-4bc5-4c07-9b61-b0ed552af415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mmpbklfn5o2x", "content": "CISA has added two vulnerabilities to its KEV catalog: CVE-2025-34291 (CVSS 9.4) in Langflow, allowing arbitrary code execution and full system compromise, and CVE-2026-34926 (CVSS 6.7) in Trend Micro Apex One, enabling local attackers to inject malicious code.", "creation_timestamp": "2026-05-25T20:04:00.680294Z"} 2026-05-25T20:04:00.680294+00:00 https://vulnerability.circl.lu/sighting/344c40e6-3340-4263-85c2-67ffb7a2a27d/export 344c40e6-3340-4263-85c2-67ffb7a2a27d 2026-06-27T23:07:09.353479+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "344c40e6-3340-4263-85c2-67ffb7a2a27d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mmrvjmqiyx2u", "content": "\ud83d\uded1 CVE-2025-34291\n\nCVSS 9.4 / EPSS 30% / KEV\nTL;DR: Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and\u2026\nhttps://cvesentinel.com/report/CVE-2025-34291?utm_source=bluesky&utm_medium=social&utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-05-26T21:06:42.429327Z"} 2026-05-26T21:06:42.429327+00:00 https://vulnerability.circl.lu/sighting/b45edffc-5cee-4e6b-bc2f-acf2708c6fe9/export b45edffc-5cee-4e6b-bc2f-acf2708c6fe9 2026-06-27T23:07:09.353396+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b45edffc-5cee-4e6b-bc2f-acf2708c6fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mmrvjyxdaj2s", "content": "\ud83d\uded1 CVE-2025-34291\n\nCVSS 9.4 / EPSS 30% / KEV\nTL;DR: Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and\u2026\nhttps://cvesentinel.com/report/CVE-2025-34291?utm_source=bluesky&utm_medium=social&utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-05-26T21:06:55.103383Z"} 2026-05-26T21:06:55.103383+00:00 https://vulnerability.circl.lu/sighting/7c72e5a1-77a0-4742-8314-9f317cbf0a8a/export 7c72e5a1-77a0-4742-8314-9f317cbf0a8a 2026-06-27T23:07:09.353313+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "7c72e5a1-77a0-4742-8314-9f317cbf0a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mocwrua7pv2k", "content": "Any unpatched Langflow instance is being scanned by Iranian APT MuddyWater right now. CVE-2025-34291 (CVSS 9.4) gives full code execution and exposes every API key in the workspace, cascading into connected cloud services. CISA has set the federal patch deadline at June 4.", "creation_timestamp": "2026-06-15T09:09:39.558952Z"} 2026-06-15T09:09:39.558952+00:00 https://vulnerability.circl.lu/sighting/630f42fe-fc7f-4758-9803-b0488b66c216/export 630f42fe-fc7f-4758-9803-b0488b66c216 2026-06-27T23:07:09.353238+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "630f42fe-fc7f-4758-9803-b0488b66c216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moln2wcggs2q", "content": "CISA Adds Two Known Exploited Vulnerabilities to Catalog\nRelease Date May 21, 2026\n\nCVE-2025-34291 Langflow Origin Validation Error Vulnerability\nCVE-2026-34926 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability", "creation_timestamp": "2026-06-18T20:09:44.710155Z"} 2026-06-18T20:09:44.710155+00:00 https://vulnerability.circl.lu/sighting/6917a964-ab63-4eea-befe-478f4b6a591c/export 6917a964-ab63-4eea-befe-478f4b6a591c 2026-06-27T23:07:09.353142+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "6917a964-ab63-4eea-befe-478f4b6a591c", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d65f95ac-904d-4d6e-a76f-56217a49e605", "content": "", "creation_timestamp": "2026-06-19T12:45:11.860599Z"} 2026-06-19T12:45:11.860599+00:00 https://vulnerability.circl.lu/sighting/da6bb368-fa5b-4810-971b-694d10451847/export da6bb368-fa5b-4810-971b-694d10451847 2026-06-27T23:07:09.352890+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "da6bb368-fa5b-4810-971b-694d10451847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mopx5wsnxk2s", "content": "\u7c73\u5f53\u5c40\u3001\u300cLangflow\u300d\u3084\u300cApex One\u300d\u306e\u8106\u5f31\u6027\u60aa\u7528\u306b\u6ce8\u610f\u559a\u8d77\n\n\u7c73\u5f53\u5c40\u306f\u3001\u30ed\u30fc\u30b3\u30fc\u30c9\u958b\u767a\u30c4\u30fc\u30eb\u3084\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u88fd\u54c1\u306e\u8106\u5f31\u6027\u304c\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u3068\u3057\u3001\u6ce8\u610f\u559a\u8d77\u3092\u884c\u3063\u305f\u3002\n\n\u7c73\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u73fe\u5730\u6642\u95932026\u5e745\u670821\u65e5\u3001\u300cCVE-2025-34291\u300d\u300cCVE-2026-34926\u300d\u306e\u8106\u5f31\u6027\u3092\u300c\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\uff08KEV\uff09\u300d\u3078\u8ffd\u52a0\u3057\u305f\u3002\n\n\u300cCVE-2025-34291\u300d\u306f\u3001\u30ed\u30fc\u30b3\u30fc\u30c9\u958b\u767a\u30c4\u30fc\u30eb\u300cLangflow\u300d\u306b\u5224\u660e\u3057\u305f\u30aa\u30ea\u30b8\u30f3\u691c\u8a3c\u4e0d\u5099\u306b\u8d77\u56e0\u3059\u308b\u8106\u5f31\u6027\u30022025\u5e7412\u6708\u306b\u5831\u544a\u3055\u308c\u305f\u3002\n\n\u30c9\u30e1\u30a4\u30f3\u3092\u307e\u305f\u304c\u308b\u901a\u4fe1\u5148\u306e...", "creation_timestamp": "2026-06-20T13:21:03.882810Z"} 2026-06-20T13:21:03.882810+00:00 https://vulnerability.circl.lu/sighting/dc7cc3df-c3b3-48ce-b0c3-48379ef9503a/export dc7cc3df-c3b3-48ce-b0c3-48379ef9503a 2026-06-27T23:07:09.352599+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "dc7cc3df-c3b3-48ce-b0c3-48379ef9503a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mopy4r7tvk2s", "content": "CISA\u304cLangflow\u3068Trend Micro Apex One\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u3092KEV\u306b\u8ffd\u52a0\n\n\u7c73\u56fd\u306e\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u6728\u66dc\u65e5\u3001 Langflow\u3068Trend Micro Apex One\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b2\u3064\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u6b20\u9665\u3092\u3001\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u8a3c\u62e0\u304c\u3042\u308b\u3068\u3057\u3066\u3001\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\uff08KEV\uff09\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0\u3057\u305f\u3002\n\n\u554f\u984c\u3068\u306a\u3063\u3066\u3044\u308b\u8106\u5f31\u6027\u306f\u4ee5\u4e0b\u306e\u3068\u304a\u308a\u3067\u3059\u3002\n\nCVE-2025-34291\uff08CVSS\u30b9\u30b3\u30a2\uff1a9.4\uff09 - Langflow\u306b\u304a\u3051\u308b\u30aa\u30ea\u30b8\u30f3\u691c\u8a3c\u30a8\u30e9\u30fc\u306e\u8106\u5f31\u6027\u3002\u653b\u6483\u8005\u304c\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u3001\u30b7\u30b9\u30c6\u30e0\u5168\u4f53\u3092\u4fb5\u5bb3\u3059...", "creation_timestamp": "2026-06-20T13:38:21.090342Z"} 2026-06-20T13:38:21.090342+00:00 https://vulnerability.circl.lu/sighting/abee3a87-4729-4ef0-a073-2d7f873d7abd/export abee3a87-4729-4ef0-a073-2d7f873d7abd 2026-06-27T23:07:09.352203+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "abee3a87-4729-4ef0-a073-2d7f873d7abd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mopyvoxdrs2s", "content": "\u7c73\u56fd\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u3001\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u30ea\u30b9\u30c8\u306b\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed\u306eApex One\u3068Langflow\u3092\u8ffd\u52a0\u3057\u305f\u3002\n\n\u7c73\u56fd\u306e\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09 \u306f\u3001Windows Shell\u3068ConnectWise ScreenConnect\u306e\u8106\u5f31\u6027\u3092\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\uff08KEV\uff09\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0\u3057\u305f\u3002\n\n\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0\u3055\u308c\u305f\u4e0d\u5177\u5408\u306f\u4ee5\u4e0b\u306e\u3068\u304a\u308a\u3067\u3059\u3002\n\nCVE-2025-34291 Langflow Origin\u691c\u8a3c\u30a8\u30e9\u30fc\u306e\u8106\u5f31\u6027\nCVE-2026-34926 Trend Micro Apex...", "creation_timestamp": "2026-06-20T13:52:16.505924Z"} 2026-06-20T13:52:16.505924+00:00 https://vulnerability.circl.lu/sighting/ca6e00ae-b73d-4bd8-8965-6f79922a93c3/export ca6e00ae-b73d-4bd8-8965-6f79922a93c3 2026-06-27T23:07:09.348154+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "ca6e00ae-b73d-4bd8-8965-6f79922a93c3", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/455f8729-4848-40c3-afd3-785bc8bcbbe8", "content": "", "creation_timestamp": "2026-06-23T14:03:37.781328Z"} 2026-06-23T14:03:37.781328+00:00