Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-25T05:07:06.604899+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/d16df5c8-6792-417e-827e-49254ead2107/export d16df5c8-6792-417e-827e-49254ead2107 2026-06-25T05:07:06.624448+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d16df5c8-6792-417e-827e-49254ead2107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlsl7vgh4q2i", "content": "Langflow CVE-2026-33017 Exploited to Steal AWS Keys and Deploy NATS Worker", "creation_timestamp": "2026-05-14T10:09:46.843426Z"} 2026-05-14T10:09:46.843426+00:00 https://vulnerability.circl.lu/sighting/615fab18-fab4-4fae-a6a9-42473f95ac21/export 615fab18-fab4-4fae-a6a9-42473f95ac21 2026-06-25T05:07:06.624385+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "615fab18-fab4-4fae-a6a9-42473f95ac21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/keesnk.bsky.social/post/3mlurl4zwqc2v", "content": "Langflow CVE-2026-33017 exploited to steal AWS Keys and deploy NATS Worker:\n\ncybersecuritynews.com/langflow-cve...", "creation_timestamp": "2026-05-15T07:08:47.158624Z"} 2026-05-15T07:08:47.158624+00:00 https://vulnerability.circl.lu/sighting/865aaca7-d653-4d60-aaf1-8447661ad672/export 865aaca7-d653-4d60-aaf1-8447661ad672 2026-06-25T05:07:06.624320+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "865aaca7-d653-4d60-aaf1-8447661ad672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "MISP/d511a704-eba2-411a-9543-41e0e130f522", "content": "", "creation_timestamp": "2026-06-15T17:02:30.000000Z"} 2026-06-15T17:02:30+00:00 https://vulnerability.circl.lu/sighting/2fbe1421-7a2a-4f23-b05b-da326ad8545f/export 2fbe1421-7a2a-4f23-b05b-da326ad8545f 2026-06-25T05:07:06.624247+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "2fbe1421-7a2a-4f23-b05b-da326ad8545f", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/8cb084c6-6aff-45a5-bf8e-4355fa241eca", "content": "", "creation_timestamp": "2026-06-19T12:45:14.248799Z"} 2026-06-19T12:45:14.248799+00:00 https://vulnerability.circl.lu/sighting/a82900bd-07bc-473b-bd90-db6a4a8fee82/export a82900bd-07bc-473b-bd90-db6a4a8fee82 2026-06-25T05:07:06.624173+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a82900bd-07bc-473b-bd90-db6a4a8fee82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mowy4gfv4z2p", "content": "AI GATEWAY UNDER ATTACK: HOW LANGFLOW CVE-2026-33017 TURNED INTO A GLOBAL CRYPTO-MINING BACKDOOR +\u00a0Video\n\nIntroduction: When AI Infrastructure Becomes the New Front Door A quiet shift is happening inside enterprise infrastructure. AI application frameworks, once seen as experimental tooling, are\u2026", "creation_timestamp": "2026-06-23T08:26:43.083278Z"} 2026-06-23T08:26:43.083278+00:00 https://vulnerability.circl.lu/sighting/b068df92-823d-46d1-a009-f249bcdd59f3/export b068df92-823d-46d1-a009-f249bcdd59f3 2026-06-25T05:07:06.623929+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b068df92-823d-46d1-a009-f249bcdd59f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3moxg6i2l7z2x", "content": "~Trendmicro~\nAttackers are exploiting unauthenticated RCE in Langflow (CVE-2026-33017) to deploy Monero cryptominers and spread via SSH keys.\n-\nIOCs: 83[. ]142[. ]209[. ]214, 94[. ]156[. ]64[. ]241\n-\n#CVE202633017 #Cryptominer #ThreatIntel", "creation_timestamp": "2026-06-23T12:38:24.875608Z"} 2026-06-23T12:38:24.875608+00:00 https://vulnerability.circl.lu/sighting/fc286992-3935-451f-97f9-432d908c4ecf/export fc286992-3935-451f-97f9-432d908c4ecf 2026-06-25T05:07:06.623816+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "fc286992-3935-451f-97f9-432d908c4ecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3moxkrztiw52k", "content": "From Langflow to Monero: Inside CVE-2026-33017 Cryptominer", "creation_timestamp": "2026-06-23T14:00:55.670751Z"} 2026-06-23T14:00:55.670751+00:00 https://vulnerability.circl.lu/sighting/b3c6bbbe-a2fd-4d07-83fa-15df4733d717/export b3c6bbbe-a2fd-4d07-83fa-15df4733d717 2026-06-25T05:07:06.623692+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b3c6bbbe-a2fd-4d07-83fa-15df4733d717", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4c22e67d-9d27-44c8-8c13-0c5648d6928a", "content": "", "creation_timestamp": "2026-06-23T14:03:40.890321Z"} 2026-06-23T14:03:40.890321+00:00 https://vulnerability.circl.lu/sighting/213897e5-399e-45f5-bdfd-3eb6c345e8dd/export 213897e5-399e-45f5-bdfd-3eb6c345e8dd 2026-06-25T05:07:06.623471+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "213897e5-399e-45f5-bdfd-3eb6c345e8dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3moylhagu6c2v", "content": "CVE-2026-33017 in Langflow was abused to deploy a Monero cryptominer, disable defenses, and persist via reused SSH keys. The campaign used custom miner procq and tactics tied to KORKERDS. #Langflow #Monero #KORKERDS", "creation_timestamp": "2026-06-23T23:45:27.289562Z"} 2026-06-23T23:45:27.289562+00:00 https://vulnerability.circl.lu/sighting/80af1405-c9d1-41e7-9f60-65cd4017f926/export 80af1405-c9d1-41e7-9f60-65cd4017f926 2026-06-25T05:07:06.621191+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "80af1405-c9d1-41e7-9f60-65cd4017f926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33017", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mp2t7ffp4e2v", "content": "From Langflow to Monero: Inside CVE-2026-33017 Cryptominer", "creation_timestamp": "2026-06-24T21:09:32.812007Z"} 2026-06-24T21:09:32.812007+00:00