Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-20T11:36:24.387687+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/0e161c6e-6b86-419b-a05c-46827e3e1a90/export 0e161c6e-6b86-419b-a05c-46827e3e1a90 2026-06-20T11:36:24.777277+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "0e161c6e-6b86-419b-a05c-46827e3e1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnkwkmd32g2p", "content": "\ud83d\udd34 CVE-2026-10580 - Critical (9.8)\n\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10580/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T20:01:43.987860Z"} 2026-06-05T20:01:43.987860+00:00 https://vulnerability.circl.lu/sighting/e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73/export e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73 2026-06-20T11:36:24.777186+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e1740cbf-df6e-4fa5-81d8-a1d1a8c57a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnldv3nnpv2c", "content": "CVE-2026-10580. CVSS 9.8. Hippoo Mobile App for WooCommerce lets any visitor take over admin accounts. No authentication required. Update to 1.9.4 now. Scan your WordPress site: pulse-wp.com\n#WordPress #CVE #CyberSecurity", "creation_timestamp": "2026-06-06T00:00:12.942192Z"} 2026-06-06T00:00:12.942192+00:00 https://vulnerability.circl.lu/sighting/1bef1b1e-2886-4f63-81e5-a1d23a8579a0/export 1bef1b1e-2886-4f63-81e5-a1d23a8579a0 2026-06-20T11:36:24.777101+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "1bef1b1e-2886-4f63-81e5-a1d23a8579a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "published-proof-of-concept", "source": "Telegram/LhIaoh3_gVTYhhCtIaB2hHXuGQagt5GRqp2XlP3YfDwVpSU", "content": "", "creation_timestamp": "2026-06-06T21:00:04.000000Z"} 2026-06-06T21:00:04+00:00 https://vulnerability.circl.lu/sighting/a2cc85d3-ae1c-4675-908b-ec1755bcdc17/export a2cc85d3-ae1c-4675-908b-ec1755bcdc17 2026-06-20T11:36:24.777014+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a2cc85d3-ae1c-4675-908b-ec1755bcdc17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnpdq65dfl2s", "content": "CVE-2026-10580 - Critical Authentication Bypass in Hippoo WordPress plugin. Flaw conflates admin and unauthenticated user permissions, allowing full admin takeover. CVSS 9.8. No patch available. Disable plugin now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-10580/", "creation_timestamp": "2026-06-07T14:08:08.097746Z"} 2026-06-07T14:08:08.097746+00:00 https://vulnerability.circl.lu/sighting/45e0fd84-668c-4bac-9106-7072019098f8/export 45e0fd84-668c-4bac-9106-7072019098f8 2026-06-20T11:36:24.776908+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "45e0fd84-668c-4bac-9106-7072019098f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-10580.yaml", "content": "", "creation_timestamp": "2026-06-10T19:03:51.000000Z"} 2026-06-10T19:03:51+00:00 https://vulnerability.circl.lu/sighting/78a4603b-61f0-458d-b7d4-b326929cb7a6/export 78a4603b-61f0-458d-b7d4-b326929cb7a6 2026-06-20T11:36:24.776786+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "78a4603b-61f0-458d-b7d4-b326929cb7a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobwuu7fg32p", "content": "\ud83d\udea8 ALERT: CVE-2026-10580\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user", "creation_timestamp": "2026-06-14T23:38:40.455954Z"} 2026-06-14T23:38:40.455954+00:00 https://vulnerability.circl.lu/sighting/20d4376f-5c63-489c-b876-74bc8779bae0/export 20d4376f-5c63-489c-b876-74bc8779bae0 2026-06-20T11:36:24.773607+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "20d4376f-5c63-489c-b876-74bc8779bae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10580", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mobyxswlxa25", "content": "CVE-2026-10580 hippoo (CVSS Score 9.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-15T00:16:07.670995Z"} 2026-06-15T00:16:07.670995+00:00