<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T19:19:45.064603+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3ddc6269-24f7-45a5-a5e1-a41dc88d4cb6/export</id>
    <title>3ddc6269-24f7-45a5-a5e1-a41dc88d4cb6</title>
    <updated>2026-07-09T19:19:45.086714+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3ddc6269-24f7-45a5-a5e1-a41dc88d4cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mq6dcaeasa2p", "content": "Arbitrary file upload. No auth required. CVE-2026-58480. Blocksy Companion Pro before 2.1.47 lets any visitor execute code on your server. CVSS 9.8. No patch available yet. Disable it now. Scan: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-07-09T00:00:38.608370Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3ddc6269-24f7-45a5-a5e1-a41dc88d4cb6/export"/>
    <published>2026-07-09T00:00:38.608370+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cf7a9d5b-9b12-459c-936d-f6c7f8996fcc/export</id>
    <title>cf7a9d5b-9b12-459c-936d-f6c7f8996fcc</title>
    <updated>2026-07-09T19:19:45.090480+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cf7a9d5b-9b12-459c-936d-f6c7f8996fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq5ka65ce62t", "content": "CVE-2026-58480 - Blocksy Companion Pro\nCVE ID : CVE-2026-58480\n \n Published : July 8, 2026, 2:17 p.m. | 42\u00a0minutes ago\n \n Description : Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attacker...", "creation_timestamp": "2026-07-08T16:32:06.805787Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cf7a9d5b-9b12-459c-936d-f6c7f8996fcc/export"/>
    <published>2026-07-08T16:32:06.805787+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0ce95557-d6a1-4ffb-8f81-3ef07663f741/export</id>
    <title>0ce95557-d6a1-4ffb-8f81-3ef07663f741</title>
    <updated>2026-07-09T19:19:45.090748+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0ce95557-d6a1-4ffb-8f81-3ef07663f741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mq5e5errax26", "content": "\ud83d\udc1b VULNERABILITIES CVE Notify: \ud83d\udea8 [CVE-2026-58480](https://patchstack.com/database/wordpress/plugin/blocksy-companion/vulnerability...\nhttps://patchstack.com/database/wordpress/plugin/blocksy-companion/vulnerability/wordpress-blocksy-companion-plugin-2-1-46-unauthenticated-arbitrary-file-upload-vuln", "creation_timestamp": "2026-07-08T14:43:09.575692Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0ce95557-d6a1-4ffb-8f81-3ef07663f741/export"/>
    <published>2026-07-08T14:43:09.575692+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/33c4fe6c-de5b-492d-9279-c7a9e21cc6da/export</id>
    <title>33c4fe6c-de5b-492d-9279-c7a9e21cc6da</title>
    <updated>2026-07-09T19:19:45.090893+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "33c4fe6c-de5b-492d-9279-c7a9e21cc6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58480", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5cftox272w", "content": "CVE-2026-58480 - blocksy companion\nThe Blocksy Companion Pro plugin for WordPress is affected if it's version is less than 2.1.47. Attackers can upload malicious files, such as executable\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#blocksycompanion #creativethemes #CVE #infosec", "creation_timestamp": "2026-07-08T14:12:06.516593Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/33c4fe6c-de5b-492d-9279-c7a9e21cc6da/export"/>
    <published>2026-07-08T14:12:06.516593+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d049ebfd-9b3e-40ea-97a8-d9e0c1d2f266/export</id>
    <title>d049ebfd-9b3e-40ea-97a8-d9e0c1d2f266</title>
    <updated>2026-07-09T19:19:45.091026+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d049ebfd-9b3e-40ea-97a8-d9e0c1d2f266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58480", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq5a3kmqpd2j", "content": "Blocksy Companion Pro for WordPress has a CRITICAL file upload vulnerability (CVE-2026-58480). Unauthenticated attackers can achieve RCE \u2014 update immediately if possible. https://radar.offseq.com/threat/cve-2026-58480-unrestricted-upload-of-file-with-da-329cbb8c3408e021 #OffSeq #WordPress #CVE202...", "creation_timestamp": "2026-07-08T13:30:34.392225Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d049ebfd-9b3e-40ea-97a8-d9e0c1d2f266/export"/>
    <published>2026-07-08T13:30:34.392225+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/823e80ec-c2ea-42cb-b4e7-59ca5e990fb6/export</id>
    <title>823e80ec-c2ea-42cb-b4e7-59ca5e990fb6</title>
    <updated>2026-07-09T19:19:45.091141+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "823e80ec-c2ea-42cb-b4e7-59ca5e990fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58480", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116884598388668562", "content": "Blocksy Companion Pro &amp;lt;2.1.47 has a CRITICAL unauthenticated file upload flaw (CVE-2026-58480). Attackers can bypass extension checks and achieve remote code execution via crafted filenames. Patch ASAP. https://radar.offseq.com/threat/cve-2026-58480-unrestricted-upload-of-file-with-da-329cbb8c3408e021 #OffSeq #CVE202658480 #WordPress #Vuln", "creation_timestamp": "2026-07-08T13:30:32.375874Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/823e80ec-c2ea-42cb-b4e7-59ca5e990fb6/export"/>
    <published>2026-07-08T13:30:32.375874+00:00</published>
  </entry>
</feed>
