<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-14T10:09:05.640970+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/45ae3bda-1017-41e9-8f1d-93efb5737d2b/export</id>
    <title>45ae3bda-1017-41e9-8f1d-93efb5737d2b</title>
    <updated>2026-07-14T10:09:05.666289+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "45ae3bda-1017-41e9-8f1d-93efb5737d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqlbpw4hwo2f", "content": "\ud83d\udccc CVE-2026-41041 - URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: from 1.0.0 before ... https://www.cyberhub.blog/cves/CVE-2026-41041", "creation_timestamp": "2026-07-14T03:37:07.030137Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/45ae3bda-1017-41e9-8f1d-93efb5737d2b/export"/>
    <published>2026-07-14T03:37:07.030137+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fc86f251-0761-4a6c-85b8-3fd8d5161db2/export</id>
    <title>fc86f251-0761-4a6c-85b8-3fd8d5161db2</title>
    <updated>2026-07-14T10:09:05.669031+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fc86f251-0761-4a6c-85b8-3fd8d5161db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkzdjoiir2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/645D99B0-7BBC-4833-BF58-A1849630DF4D", "creation_timestamp": "2026-07-14T01:07:01.254042Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fc86f251-0761-4a6c-85b8-3fd8d5161db2/export"/>
    <published>2026-07-14T01:07:01.254042+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e35e002f-27e5-4a03-af0e-d5c74ddf2cf2/export</id>
    <title>e35e002f-27e5-4a03-af0e-d5c74ddf2cf2</title>
    <updated>2026-07-14T10:09:05.669163+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e35e002f-27e5-4a03-af0e-d5c74ddf2cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkaefjajh24", "content": "CVE-2026-41041 - apache gravitino\nApache Gravitino's MCP REST client fails to properly encode user input in URLs, potentially allowing attackers to access sensitive data or API endpoints.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachegravitino #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-13T17:40:06.874702Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e35e002f-27e5-4a03-af0e-d5c74ddf2cf2/export"/>
    <published>2026-07-13T17:40:06.874702+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8cddc32b-fae1-450c-bf7d-6a5dacc249f0/export</id>
    <title>8cddc32b-fae1-450c-bf7d-6a5dacc249f0</title>
    <updated>2026-07-14T10:09:05.669266+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8cddc32b-fae1-450c-bf7d-6a5dacc249f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjvvulqhy2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/B1084611-D2B9-4763-9D66-2B1AF7A0D054", "creation_timestamp": "2026-07-13T14:33:01.834703Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8cddc32b-fae1-450c-bf7d-6a5dacc249f0/export"/>
    <published>2026-07-13T14:33:01.834703+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export</id>
    <title>b1858760-2f04-435b-b5aa-b83f1ad1aae8</title>
    <updated>2026-07-14T10:09:05.669362+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b1858760-2f04-435b-b5aa-b83f1ad1aae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mqito7op4j2u", "content": "CVE-2026-41041: Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.", "creation_timestamp": "2026-07-13T04:20:18.084410Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export"/>
    <published>2026-07-13T04:20:18.084410+00:00</published>
  </entry>
</feed>
