https://vulnerability.circl.lu/sightings/feed 2026-06-18T09:23:22.849397+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/1f47dfea-9984-41cf-8005-b274c7133bd2/export 2026-06-18T09:23:22.871989+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "1f47dfea-9984-41cf-8005-b274c7133bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41018", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mll3jovpgn2r", "content": "CVE-2026-41018 - Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL\nCVE ID : CVE-2026-41018\n \n Published : May 11, 2026, 9:16 a.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : The Elasticsearch logging provider, when ...", "creation_timestamp": "2026-05-11T10:41:09.321149Z"} 2026-05-11T10:41:09.321149+00:00 https://vulnerability.circl.lu/sighting/06cd1caf-cefa-49f8-8b41-e599f9df9a94/export 2026-06-18T09:23:22.871926+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "06cd1caf-cefa-49f8-8b41-e599f9df9a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41014", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5k2dd5f32j", "content": "CVE-2026-41014: Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints", "creation_timestamp": "2026-05-31T12:13:15.093076Z"} 2026-05-31T12:13:15.093076+00:00 https://vulnerability.circl.lu/sighting/3507a0a9-612e-4ec7-af7d-7b8d4784b3e1/export 2026-06-18T09:23:22.871860+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "3507a0a9-612e-4ec7-af7d-7b8d4784b3e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41017", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5lhr4e5z23", "content": "CVE-2026-41017: Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy", "creation_timestamp": "2026-05-31T12:38:39.479406Z"} 2026-05-31T12:38:39.479406+00:00 https://vulnerability.circl.lu/sighting/16bc3653-3e72-496d-bd88-7467c82de329/export 2026-06-18T09:23:22.871794+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "16bc3653-3e72-496d-bd88-7467c82de329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41011", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mngmzjmk3y2q", "content": "Cloud Foundry BOSH < v282.1.12 has a HIGH severity flaw (8.7 CVSS) allowing OS command injection via package names. Upgrade promptly to stay protected! https://radar.offseq.com/threat/cve-2026-41011-cwe-78-improper-neutralization-of-s-1c5e8b82 #OffSeq #CloudFoundry #Security", "creation_timestamp": "2026-06-04T03:00:27.503644Z"} 2026-06-04T03:00:27.503644+00:00 https://vulnerability.circl.lu/sighting/bcbab9cb-81ed-4e5d-864c-972e72b016eb/export 2026-06-18T09:23:22.871726+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "bcbab9cb-81ed-4e5d-864c-972e72b016eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41011", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116689602129166209", "content": "\u26a0\ufe0f CVE-2026-41011 (HIGH, 8.7): OS command injection in Cloud Foundry BOSH < v282.1.12 lets attackers execute arbitrary commands via package name input. Upgrade ASAP! Details: https://radar.offseq.com/threat/cve-2026-41011-cwe-78-improper-neutralization-of-s-1c5e8b82 #OffSeq #CloudFoundry #Infosec", "creation_timestamp": "2026-06-04T03:00:36.751753Z"} 2026-06-04T03:00:36.751753+00:00 https://vulnerability.circl.lu/sighting/1bfbd970-ea7d-4851-aa69-f3c4426c9344/export 2026-06-18T09:23:22.871655+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "1bfbd970-ea7d-4851-aa69-f3c4426c9344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41011", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mngo3jy5x32c", "content": "CVE-2026-41011 - BOSH OS Command Injection\nCVE ID : CVE-2026-41011\n \n Published : June 4, 2026, 2:26 a.m. | 47\u00a0minutes ago\n \n Description : PackagePersister.validate_tgz builds \"tar -tf #{tgz} 2>&1\" where tgz = File.join(release_dir, 'packages', \"#{name}.tgz\") and name ...", "creation_timestamp": "2026-06-04T03:19:28.114170Z"} 2026-06-04T03:19:28.114170+00:00 https://vulnerability.circl.lu/sighting/a196ca6f-4a04-4066-871a-7bc4fd0eccc6/export 2026-06-18T09:23:22.871584+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a196ca6f-4a04-4066-871a-7bc4fd0eccc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41011", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mngqf7or2t2q", "content": "\ud83d\udfe0 CVE-2026-41011 - High (8.2)\n\nPackagePersister.validate_tgz builds \"tar -tf #{tgz} 2>&1\" where tgz = File.join(release_dir, 'pa...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41011/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-04T04:00:41.411291Z"} 2026-06-04T04:00:41.411291+00:00 https://vulnerability.circl.lu/sighting/26fbf58b-aa0c-4698-9bbb-c9c72a64bb02/export 2026-06-18T09:23:22.871497+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "26fbf58b-aa0c-4698-9bbb-c9c72a64bb02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41010", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mngtr6jzac2d", "content": "\ud83d\udfe0 CVE-2026-41010 - High (8.2)\n\nReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41010/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-04T05:01:03.797850Z"} 2026-06-04T05:01:03.797850+00:00 https://vulnerability.circl.lu/sighting/238b6135-d8a2-4813-ade7-0ec6bb53ddf0/export 2026-06-18T09:23:22.871396+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "238b6135-d8a2-4813-ade7-0ec6bb53ddf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41011", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mnh3st7bhe2i", "content": "Name\u306b\u7279\u6b8a\u6587\u5b57\u304c\u542b\u307e\u308c\u308b\u3068\u3001tar\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u6642\u306b\u30b7\u30a7\u30eb\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u751f\u3058\u3001\u653b\u6483\u8005\u306f\u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002\nCVE-2026-41011 CVSS 8.2 | HIGH", "creation_timestamp": "2026-06-04T07:25:08.277271Z"} 2026-06-04T07:25:08.277271+00:00 https://vulnerability.circl.lu/sighting/8e0e8fed-782b-44ed-83f0-a4d9364f5472/export 2026-06-18T09:23:22.869967+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "8e0e8fed-782b-44ed-83f0-a4d9364f5472", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41010", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh544edlf26", "content": "CVE-2026-41010 - BOSH Director: OS Command Injection\nCVE ID : CVE-2026-41010\n \n Published : June 4, 2026, 4:17 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs',...", "creation_timestamp": "2026-06-04T07:48:14.195874Z"} 2026-06-04T07:48:14.195874+00:00