<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-01T02:42:26.326984+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/29e18c94-e412-4489-8350-ce249def4b3d/export</id>
    <title>29e18c94-e412-4489-8350-ce249def4b3d</title>
    <updated>2026-07-01T02:42:26.347584+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "29e18c94-e412-4489-8350-ce249def4b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3movzfimayj25", "content": "\ud83d\udea8  ALERT: CVE-2026-10523\n\nCVSS 9.9/10\n\n\ud83d\udccb WHAT IT IS:\nAn Authentication Bypass vulnerability (CWE-288)\u00a0in Ivanti\u00a0Sentry before the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access\n\n\ud83c\udfaf WHO'S ", "creation_timestamp": "2026-06-22T23:17:00.920403Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/29e18c94-e412-4489-8350-ce249def4b3d/export"/>
    <published>2026-06-22T23:17:00.920403+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5abbd62f-b46c-43ab-af29-ac0e749814cf/export</id>
    <title>5abbd62f-b46c-43ab-af29-ac0e749814cf</title>
    <updated>2026-07-01T02:42:26.349339+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5abbd62f-b46c-43ab-af29-ac0e749814cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mold76bpv22p", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-18T17:13:12.755684Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5abbd62f-b46c-43ab-af29-ac0e749814cf/export"/>
    <published>2026-06-18T17:13:12.755684+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fbf5aabd-f669-41cd-b85e-950e82af1c2f/export</id>
    <title>fbf5aabd-f669-41cd-b85e-950e82af1c2f</title>
    <updated>2026-07-01T02:42:26.349444+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fbf5aabd-f669-41cd-b85e-950e82af1c2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3moanazs5422y", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-14T11:14:10.119226Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fbf5aabd-f669-41cd-b85e-950e82af1c2f/export"/>
    <published>2026-06-14T11:14:10.119226+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/42c18e15-2f31-4706-960d-71f2780f01b8/export</id>
    <title>42c18e15-2f31-4706-960d-71f2780f01b8</title>
    <updated>2026-07-01T02:42:26.349517+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "42c18e15-2f31-4706-960d-71f2780f01b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mo733rilfs2s", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-13T20:16:54.894792Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/42c18e15-2f31-4706-960d-71f2780f01b8/export"/>
    <published>2026-06-13T20:16:54.894792+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7b3b4711-0bd7-4481-9d23-54246eb4efb9/export</id>
    <title>7b3b4711-0bd7-4481-9d23-54246eb4efb9</title>
    <updated>2026-07-01T02:42:26.349594+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7b3b4711-0bd7-4481-9d23-54246eb4efb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mo5njpbitq2w", "content": "Just when we thought we could have a quiet cup of tea, Ivanti drops CVE-2026-10520 and CVE-2026-10523 to remind us of our endless mortality. These stunning flaws allow unauthenticated freeloaders to gain root-level command execution or simply create administrative accounts to run...\n\nRead full story", "creation_timestamp": "2026-06-13T06:40:43.862878Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7b3b4711-0bd7-4481-9d23-54246eb4efb9/export"/>
    <published>2026-06-13T06:40:43.862878+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/01d32a42-a801-4808-92e9-9d16abc6f92c/export</id>
    <title>01d32a42-a801-4808-92e9-9d16abc6f92c</title>
    <updated>2026-07-01T02:42:26.349661+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cve.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "01d32a42-a801-4808-92e9-9d16abc6f92c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-root-level-remote-code-execution-and-authentication-bypass", "content": "", "creation_timestamp": "2026-06-12T06:56:22.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/01d32a42-a801-4808-92e9-9d16abc6f92c/export"/>
    <published>2026-06-12T06:56:22+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2d7b5918-4109-4787-afbc-d0a9282f7308/export</id>
    <title>2d7b5918-4109-4787-afbc-d0a9282f7308</title>
    <updated>2026-07-01T02:42:26.351663+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2d7b5918-4109-4787-afbc-d0a9282f7308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mnz2pvprxk2h", "content": "Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)\n\nIvanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not kn\u2026\n#hackernews #news", "creation_timestamp": "2026-06-11T10:53:32.387132Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2d7b5918-4109-4787-afbc-d0a9282f7308/export"/>
    <published>2026-06-11T10:53:32.387132+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4b14a140-fff4-4e64-9838-5ba1469eea49/export</id>
    <title>4b14a140-fff4-4e64-9838-5ba1469eea49</title>
    <updated>2026-07-01T02:42:26.351750+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4b14a140-fff4-4e64-9838-5ba1469eea49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0180", "content": "Ivanti heeft twee kwetsbaarheden verholpen in Sentry. De kwetsbaarheid met kenmerk CVE-2026-10520, waarvan Ivanti een CVSS-score van 10 heeft toegekend, kan een ongeauthenticeerde kwaadwillende op afstand in staat stellen willekeurige code uitvoeren met root rechten. De kwetsbaarheid met kenmerk CVE-2026-10523, die Ivanti een CVSS score van 9.9, heeft gegeven, kan door een ongeauthenticeerde kwaadwillende op afstand worden misbruikt om administratieve accounts aan te maken.\n\nMisbruik van deze kwetsbaarheden is mogelijk, maar de randvoorwaarden die nodig zijn om deze kwetsbaarheden op afstand uit te buiten, vereisen dat een managementpoort aan het internet is ontsloten. Deze randvoorwaarden zijn niet aanwezig in standaardimplementaties van Ivanti Sentry.\n\nDe kwetsbaarheden hebben Ivanti bereikt via responsible disclosure. Momenteel vindt er, voor zover bekend, geen actief misbruik van deze kwetsbaarheden plaats en is er geen publieke PoC code beschikbaar. Het NCSC verwacht echter dat dit op korte termijn zal veranderen.", "creation_timestamp": "2026-06-11T09:11:03.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4b14a140-fff4-4e64-9838-5ba1469eea49/export"/>
    <published>2026-06-11T09:11:03+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d889366d-8138-4e9d-8625-2a2ba0a11668/export</id>
    <title>d889366d-8138-4e9d-8625-2a2ba0a11668</title>
    <updated>2026-07-01T02:42:26.351828+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d889366d-8138-4e9d-8625-2a2ba0a11668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mnxkrgqk6z2r", "content": "On June 9, 2026, Ivanti disclosed two critical vulnerabilities in Ivanti Sentry: CVE-2026-10520 (OS command injection, CVSS 10.0) and CVE-2026-10523 (authentication bypass, CVSS 9.9). Both allow remote unauthenticated attackers to execute commands and gain administrative access.", "creation_timestamp": "2026-06-10T20:35:23.999811Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d889366d-8138-4e9d-8625-2a2ba0a11668/export"/>
    <published>2026-06-10T20:35:23.999811+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1da1a54e-2043-41e6-923e-ce9481735b57/export</id>
    <title>1da1a54e-2043-41e6-923e-ce9481735b57</title>
    <updated>2026-07-01T02:42:26.351893+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1da1a54e-2043-41e6-923e-ce9481735b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116726647250447781", "content": "The Hacker News: Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html @thehackernews \nPosted yesterday: \nIvanti: Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523\nOnapsis: SAP Security Notes: June 2026 Patch Day https://onapsis.com/blog/sap-security-patch-day-june-2026/ $infosec #Ivanti #vulnerability", "creation_timestamp": "2026-06-10T16:06:30.767481Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1da1a54e-2043-41e6-923e-ce9481735b57/export"/>
    <published>2026-06-10T16:06:30.767481+00:00</published>
  </entry>
</feed>
