https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-25T15:25:42.249865+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/57665822-378d-4888-8a57-9fc4c27e8a40/export57665822-378d-4888-8a57-9fc4c27e8a402026-06-25T15:25:42.271777+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "57665822-378d-4888-8a57-9fc4c27e8a40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlgaq35vbe2n", "content": "CVE-2026-32683 - EZVIZ Cloud API Eavesdropping Vulnerability\nCVE ID : CVE-2026-32683\n \n Published : May 9, 2026, 9:16 a.m. | 1\u00a0hour, 29\u00a0minutes ago\n \n Description : Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a dat...", "creation_timestamp": "2026-05-09T12:30:01.661430Z"}2026-05-09T12:30:01.661430+00:00https://vulnerability.circl.lu/sighting/d266f5fc-2399-421c-9c85-a465908f1cb0/exportd266f5fc-2399-421c-9c85-a465908f1cb02026-06-25T15:25:42.271691+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "d266f5fc-2399-421c-9c85-a465908f1cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32686", "type": "seen", "source": "https://gist.github.com/alon710/d3518b26e6387505ec4774e026b70deb", "content": "# CVE-2026-32686: CVE-2026-32686: Unbounded Exponent Resource Exhaustion in ericmj/decimal\n\n> **CVSS Score:** 6.9\n> **Published:** 2026-05-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-32686\n\n## Summary\nThe ericmj/decimal Elixir library suffers from an uncontrolled resource consumption vulnerability. Parsing decimal strings with exceptionally large exponents succeeds with minimal memory overhead, but subsequent arithmetic operations or string formatting attempts to materialize the expanded value. This exhausts BEAM Virtual Machine memory, causing an immediate denial of service.\n\n## TL;DR\nUnbounded exponent parsing in ericmj/decimal allows remote attackers to crash the BEAM VM via OOM by supplying astronomical scientific notation values that trigger massive bignum allocations during arithmetic alignment.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-400: Uncontrolled Resource Consumption\n- **Attack Vector**: Network (via crafted scientific notation payload)\n- **CVSS v4.0**: 6.9 (MEDIUM)\n- **EPSS Score**: 0.07%\n- **Impact**: High Availability (Denial of Service via OOM)\n- **Exploit Status**: Proof of Concept available\n- **Patched Version**: 3.0.0\n\n## Affected Systems\n\n- Elixir applications utilizing the ericmj/decimal package\n- Erlang BEAM Virtual Machine environments processing untrusted decimal inputs\n- **decimal**: >= 0.1.0, < 3.0.0 (Fixed in: `3.0.0`)\n\n## Mitigation\n\n- Upgrade ericmj/decimal dependency to version 3.0.0 or later.\n- Ensure Decimal.Context overrides do not set `emax` or `emin` to `:infinity`.\n- Implement application-level regex validation to reject scientific notation strings with exponents larger than 6000.\n\n**Remediation Steps:**\n1. Modify the `mix.exs` file to update the dependency requirement: `{:decimal, \"~> 3.0\"}`.\n2. Run `mix deps.get` and `mix deps.compile` to fetch and compile the patched version.\n3. Audit the codebase for any manual instances of `Decimal.Context.set/1` and ensure safe limits are maintained.\n4. Deploy the updated application build to production environments.\n\n## References\n\n- [GHSA-rhv4-8758-jx7v](https://github.com/ericmj/decimal/security/advisories/GHSA-rhv4-8758-jx7v)\n- [EEF CNA Record](https://cna.erlef.org/cves/CVE-2026-32686.html)\n- [Fix Commit 6a523f3a73b8c9974540e21c7aa88f1258bb35ae](https://github.com/ericmj/decimal/commit/6a523f3a73b8c9974540e21c7aa88f1258bb35ae)\n- [OSV Data](https://osv.dev/vulnerability/EEF-CVE-2026-32686)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-32686) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-12T15:40:29.000000Z"}2026-05-12T15:40:29+00:00https://vulnerability.circl.lu/sighting/9a571247-8d81-4767-834c-0cec535c810f/export9a571247-8d81-4767-834c-0cec535c810f2026-06-25T15:25:42.271621+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "9a571247-8d81-4767-834c-0cec535c810f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "seen", "source": "https://t.me/GithubRedTeam/84618", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-32683\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ByteWraith1\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-18 01:46:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-18T02:00:04.000000Z"}2026-05-18T02:00:04+00:00https://vulnerability.circl.lu/sighting/ecd46611-a5f2-4cca-a6f3-daa80d507311/exportecd46611-a5f2-4cca-a6f3-daa80d5073112026-06-25T15:25:42.271548+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "ecd46611-a5f2-4cca-a6f3-daa80d507311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32683", "type": "published-proof-of-concept", "source": "Telegram/BizTgRC_t78x1TLpzjT4_qblGrLzvn7xcotFgHWnbR4t71c", "content": "", "creation_timestamp": "2026-05-18T03:00:14.000000Z"}2026-05-18T03:00:14+00:00https://vulnerability.circl.lu/sighting/8c2c9122-772b-452c-aa04-533bb97a5d5b/export8c2c9122-772b-452c-aa04-533bb97a5d5b2026-06-25T15:25:42.271476+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "8c2c9122-772b-452c-aa04-533bb97a5d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'll back-port the patches to #leap 15.7-16.1 in the near future.\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen. \ud83d\udc2d\n\nThanks @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T09:52:49.453513Z"}2026-06-05T09:52:49.453513+00:00https://vulnerability.circl.lu/sighting/d44136b7-4672-4821-a533-b4de04686eae/exportd44136b7-4672-4821-a533-b4de04686eae2026-06-25T15:25:42.271397+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "d44136b7-4672-4821-a533-b4de04686eae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'll back-port the patches to #leap 15.7-16.1 in the near future.\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen. \ud83d\udc2d\n\nThanks @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T09:52:49.455827Z"}2026-06-05T09:52:49.455827+00:00https://vulnerability.circl.lu/sighting/892c2825-9858-4d38-8308-93bf890da7aa/export892c2825-9858-4d38-8308-93bf890da7aa2026-06-25T15:25:42.271319+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "892c2825-9858-4d38-8308-93bf890da7aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'm in the process of back-porting the patches to Leap 15.7-16.1\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen \ud83d\udc2d\n\nThank you @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T10:19:37.000785Z"}2026-06-05T10:19:37.000785+00:00https://vulnerability.circl.lu/sighting/fb971f00-4fbb-4230-a54d-9a3e18dd0af9/exportfb971f00-4fbb-4230-a54d-9a3e18dd0af92026-06-25T15:25:42.271226+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "fb971f00-4fbb-4230-a54d-9a3e18dd0af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32685", "type": "seen", "source": "https://bsky.app/profile/janvhs.com/post/3mnjvzqchfk2a", "content": "#gleam 1.17.0 is now available in #openSUSE Tumbleweed.\nIt fixes CVE-2026-32685, CVE-2026-42795 and CVE-2026-43965.\nI'm in the process of back-porting the patches to Leap 15.7-16.1\n\nAdditionally, it improves the compiler error handling, LSP and JS code-gen \ud83d\udc2d\n\nThank you @gleam.run and contributors \ud83d\udcab", "creation_timestamp": "2026-06-05T10:19:37.025081Z"}2026-06-05T10:19:37.025081+00:00https://vulnerability.circl.lu/sighting/9ac1b1c5-7db2-4ee8-9ab8-5e48fc5d0fd1/export9ac1b1c5-7db2-4ee8-9ab8-5e48fc5d0fd12026-06-25T15:25:42.270475+00:00Joseph Leehttps://cve.circl.lu/user/syspect{"uuid": "9ac1b1c5-7db2-4ee8-9ab8-5e48fc5d0fd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-32682", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1929", "content": "", "creation_timestamp": "2026-06-17T21:00:00.000000Z"}2026-06-17T21:00:00+00:00https://vulnerability.circl.lu/sighting/2e5769eb-11b6-42f2-a54e-7721749aad34/export2e5769eb-11b6-42f2-a54e-7721749aad342026-06-25T15:25:42.268360+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "2e5769eb-11b6-42f2-a54e-7721749aad34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32682", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojhxrqaal2f", "content": "CVE-2026-32682 - NGINX Gateway Fabric vulnerability\nCVE ID : CVE-2026-32682\n \n Published : June 17, 2026, 8:05 p.m. | 1\u00a0hour, 37\u00a0minutes ago\n \n Description : When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create o...", "creation_timestamp": "2026-06-17T23:33:10.344773Z"}2026-06-17T23:33:10.344773+00:00