https://vulnerability.circl.lu/sightings/feed 2026-06-03T05:41:38.903867+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/24e09031-a73f-4f7e-b301-2337f3d147b2/export 2026-06-03T05:41:38.925083+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "24e09031-a73f-4f7e-b301-2337f3d147b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3ml2nps2yxc2j", "content": "- cPanel CVE-2026-41940 \u2192 'Sorry' ransomware (44k+ IPs) - GitHub RCE CVE-2026-3854 (88% GHES unpatched) \n- APT28 Windows zero-day (KEV) \n- Linux 'Copy Fail' LPE \n- ShinyHunters: Instructure 275M intel.overresearched.net/2026/05/04/c... \n\n#Weekly #ThreatIntel #Infosec", "creation_timestamp": "2026-05-04T21:50:34.957948Z"} 2026-05-04T21:50:34.957948+00:00 https://vulnerability.circl.lu/sighting/f88a7db4-47e5-4eb0-82ec-59cc3aeb4fb9/export 2026-06-03T05:41:38.925005+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "f88a7db4-47e5-4eb0-82ec-59cc3aeb4fb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml35daxrws2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 540 interactions\nCVE-2026-41940: 82 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 59 interactions\nCVE-2026-41940: 8 interactions\nCVE-2026-22679: 5 interactions\n", "creation_timestamp": "2026-05-05T02:29:53.425199Z"} 2026-05-05T02:29:53.425199+00:00 https://vulnerability.circl.lu/sighting/87e2cca0-e0d5-4c44-9e3b-338961286bc6/export 2026-06-03T05:41:38.924926+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "87e2cca0-e0d5-4c44-9e3b-338961286bc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/samilaiho.com/post/3ml3jitnutk2d", "content": "Critical GitHub RCE Vulnerability CVE-2026-3854 Allows Arbitrary Commands\nURL: nvd.nist.gov/vuln/detail/...\nClassification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 8.8", "creation_timestamp": "2026-05-05T06:07:47.266378Z"} 2026-05-05T06:07:47.266378+00:00 https://vulnerability.circl.lu/sighting/c68645b4-a6d7-478a-b243-4393c954af81/export 2026-06-03T05:41:38.924847+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "c68645b4-a6d7-478a-b243-4393c954af81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "published-proof-of-concept", "source": "Telegram/yfj8_Wf1r81ZM9XH5mmBYiYd4G1zdIl6xbgawa_XXGScCdQ", "content": "", "creation_timestamp": "2026-05-05T21:00:04.000000Z"} 2026-05-05T21:00:04+00:00 https://vulnerability.circl.lu/sighting/e44aa050-ddb2-4362-88c4-b39824690a92/export 2026-06-03T05:41:38.924762+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e44aa050-ddb2-4362-88c4-b39824690a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml5nsllfhs2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 561 interactions\nCVE-2026-41940: 122 interactions\nCVE-2026-3854: 42 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-41940: 40 interactions\nCVE-2026-31431: 21 interactions\nCVE-2026-23918: 12 interactions\n", "creation_timestamp": "2026-05-06T02:30:08.542402Z"} 2026-05-06T02:30:08.542402+00:00 https://vulnerability.circl.lu/sighting/a57a64f5-71b3-4113-9b07-f0238b45837b/export 2026-06-03T05:41:38.924652+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a57a64f5-71b3-4113-9b07-f0238b45837b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-3854", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3ml65zfqqr22c", "content": "\u300cgit push \u3067\u4ed6\u4eba\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u306b\u5165\u308c\u308b\u300d CVE-2026-3854\u2014\u2014GitHub.com \u306f 2 \u6642\u9593\u3067\u30d1\u30c3\u30c1\u6e08\u307f\u3002\ud83d\udd4a\ufe0f\n\nGHES\uff08GitHub Enterprise Server\uff09\u306e 88% \u306f\u307e\u3060\u958b\u3044\u3066\u308b\u3089\u3057\u3044\u3002\ud83d\udd4a\ufe0f\n\nhttps://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854\n\nGitHub.com \u304c\u76f4\u3063\u305f\u304b\u3089\u7d42\u308f\u308a\u3058\u3083\u306d\u3047\u3002\u26a0\ufe0f #GitHub #RCE", "creation_timestamp": "2026-05-06T07:20:15.818389Z"} 2026-05-06T07:20:15.818389+00:00 https://vulnerability.circl.lu/sighting/734fef32-df32-4ec6-9254-eb67fb98cff8/export 2026-06-03T05:41:38.924525+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "734fef32-df32-4ec6-9254-eb67fb98cff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/codeby_sec/10106", "content": "GitHub \u0432 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438! \n\n\ud83e\uddff \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitHub.com \u0438 GitHub Enterprise Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 (RCE) \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b git push\n\n\ud83c\udfaf \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-3854 (CVSS 8.7) \u2014 \u044d\u0442\u043e \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0447\u0435\u0440\u0435\u0437 \u043e\u043f\u0446\u0438\u0438 git push, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043f\u0435\u0440\u0435\u0434 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u0432 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a X-Stat. \u0420\u0430\u0437\u0434\u0435\u043b\u0438\u0442\u0435\u043b\u044c (\u0442\u043e\u0447\u043a\u0430 \u0441 \u0437\u0430\u043f\u044f\u0442\u043e\u0439) \u0438\u0437 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435, \u043e\u0431\u0445\u043e\u0434\u044f sandbox \u0438 \u0445\u0443\u043a\u0438. \n\n\u2757\ufe0f \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Wiz, \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0449\u0430\u044f\u0441\u044f \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e, \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0430\u044f Google, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043d\u0435\u0439 4 \u043c\u0430\u0440\u0442\u0430 2026 \u0433\u043e\u0434\u0430, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e GitHub \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u043b \u0438 \u0432\u043d\u0435\u0434\u0440\u0438\u043b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0430 GitHub.com \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0434\u0432\u0443\u0445 \u0447\u0430\u0441\u043e\u0432.\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 GitHub Enterprise Server 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445. \u041d\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043a\u043e\u0433\u0434\u0430-\u043b\u0438\u0431\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043d\u043e \u0438\u0441\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0435\u0451 \u0438\u0437 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u043d\u0435 \u0441\u0442\u043e\u0438\u0442.\n\n\u2b07\ufe0f \u041f\u0440\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b git push \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043e\u043f\u0446\u0438\u0439 push \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u043b\u0438\u0441\u044c \u0434\u043e\u043b\u0436\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u0435 \u043f\u0435\u0440\u0435\u0434 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435\u0439 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u043d\u044b\u0435 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0438. \u0424\u043e\u0440\u043c\u0430\u0442 \u044d\u0442\u0438\u0445 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 \u043e\u043f\u0438\u0440\u0430\u043b\u0441\u044f \u043d\u0430 \u0440\u0430\u0437\u0434\u0435\u043b\u0438\u0442\u0435\u043b\u044c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0433 \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u0442\u044c\u0441\u044f \u0432 \u043e\u0431\u044b\u0447\u043d\u043e\u043c \u0432\u0432\u043e\u0434\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043e\u043f\u0446\u0438\u0438 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044f \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0443 GitHub Bug Bounty\n\n\ud83e\udde0 \u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c GitHub, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 Data Residency, GitHub Enterprise Cloud \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 Enterprise Managed Users \u0438 GitHub Enterprise Server.\n\n\ud83d\udd78 \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0431\u044b\u0441\u0442\u0440\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0431\u0443\u0434\u044c\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u044b \u0438 \u043e\u0431\u0440\u0430\u0449\u0430\u0439\u0442\u0435 \u043d\u0430 \u043a\u0430\u0436\u0434\u0443\u044e \u0434\u0435\u0442\u0430\u043b\u044c \u0432 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435!\n\n#github #cve #research \n\n\ud83d\udd17 \u0412\u0441\u0435 \u043d\u0430\u0448\u0438 \u043a\u0430\u043d\u0430\u043b\u044b \ud83d\udd01 \u0412\u0441\u0435 \u043d\u0430\u0448\u0438 \u0447\u0430\u0442\u044b \ud83e\udea7 \u0414\u043b\u044f \u0441\u0432\u044f\u0437\u0438 \u0441 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u043e\u043c", "creation_timestamp": "2026-05-13T07:04:21.000000Z"} 2026-05-13T07:04:21+00:00 https://vulnerability.circl.lu/sighting/31d7b2ed-6972-413f-a784-5906eadf9bf6/export 2026-06-03T05:41:38.924433+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "31d7b2ed-6972-413f-a784-5906eadf9bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mm3esdor6w2u", "content": "GitHub Enterprise RCE: Critical Vulnerability (CVE-2026-3854) Demands Immediate Updates", "creation_timestamp": "2026-05-17T22:08:47.409084Z"} 2026-05-17T22:08:47.409084+00:00 https://vulnerability.circl.lu/sighting/ec7c0553-8e17-489d-bffa-2a7242321d30/export 2026-06-03T05:41:38.924308+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "ec7c0553-8e17-489d-bffa-2a7242321d30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "https://t.me/GithubRedTeam/85452", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-3854-GHE-RCE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ridhinva\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-22 20:49:07\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nGitHub Enterprise Server Pre-auth RCE via Push Option Injection Scanner\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-22T21:00:04.000000Z"} 2026-05-22T21:00:04+00:00 https://vulnerability.circl.lu/sighting/846b751e-a95e-4e40-980b-34be3890efb7/export 2026-06-03T05:41:38.922752+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "846b751e-a95e-4e40-980b-34be3890efb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3854", "type": "seen", "source": "Telegram/hQ1BgqlandqZtiBEN_8bc-Jqb7FATWW_NqNwwco7cLj54NM", "content": "", "creation_timestamp": "2026-05-23T03:00:04.000000Z"} 2026-05-23T03:00:04+00:00