<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-15T22:09:47.014235+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export</id>
    <title>1068df3b-d79e-4458-a8df-0f2ff4e34dd8</title>
    <updated>2026-07-15T22:09:47.038741+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1068df3b-d79e-4458-a8df-0f2ff4e34dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnn7o72j22i", "content": "CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass\nCVE ID : CVE-2026-45363\n \n Published : July 14, 2026, 10:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT...", "creation_timestamp": "2026-07-15T02:08:06.573441Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1068df3b-d79e-4458-a8df-0f2ff4e34dd8/export"/>
    <published>2026-07-15T02:08:06.573441+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export</id>
    <title>d3b923ca-2333-43ff-9e2f-a067b8fa09a6</title>
    <updated>2026-07-15T22:09:47.041686+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d3b923ca-2333-43ff-9e2f-a067b8fa09a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116921050127676424", "content": "CVE-2026-45363: CRITICAL improper authentication in ruby-jwt (&amp;lt;2.10.3, &amp;lt;3.2.0) lets attackers forge JWTs with empty HMAC keys. Immediate upgrade required to 2.10.3/3.2.0. Impact: auth bypass, high integrity risk. https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #CVE202645363 #ruby #jwt #infosec", "creation_timestamp": "2026-07-15T00:00:44.533087Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d3b923ca-2333-43ff-9e2f-a067b8fa09a6/export"/>
    <published>2026-07-15T00:00:44.533087+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export</id>
    <title>26e33862-a2f7-43d5-86a9-a7e156c5e735</title>
    <updated>2026-07-15T22:09:47.041822+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "26e33862-a2f7-43d5-86a9-a7e156c5e735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqng3v7m442f", "content": "ruby-jwt CRITICAL vulnerability (CVE-2026-45363): Versions &amp;lt;2.10.3 &amp;amp; &amp;lt;3.2.0 let attackers forge JWT tokens with empty HMAC keys. Upgrade to 2.10.3/3.2.0 now. \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #rubyjwt #CVE202645363", "creation_timestamp": "2026-07-15T00:00:43.319112Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/26e33862-a2f7-43d5-86a9-a7e156c5e735/export"/>
    <published>2026-07-15T00:00:43.319112+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export</id>
    <title>af1c7d2f-fc13-4109-b787-5428399d772d</title>
    <updated>2026-07-15T22:09:47.041933+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "af1c7d2f-fc13-4109-b787-5428399d772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaypv4m2v", "content": "CVE-2026-45363 - jwt\nAn attacker can forge a valid JWT token without knowing the secret key. This is possible if the key is empty, or if the keyfinder returns an empty string or nil. To prevent this,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jwt #timrudat #Ruby #CVE #infosec", "creation_timestamp": "2026-07-14T22:16:11.854835Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/af1c7d2f-fc13-4109-b787-5428399d772d/export"/>
    <published>2026-07-14T22:16:11.854835+00:00</published>
  </entry>
</feed>
