<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-14T21:59:15.725203+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/45ae3bda-1017-41e9-8f1d-93efb5737d2b/export</id>
    <title>45ae3bda-1017-41e9-8f1d-93efb5737d2b</title>
    <updated>2026-07-14T21:59:15.843694+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "45ae3bda-1017-41e9-8f1d-93efb5737d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqlbpw4hwo2f", "content": "\ud83d\udccc CVE-2026-41041 - URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: from 1.0.0 before ... https://www.cyberhub.blog/cves/CVE-2026-41041", "creation_timestamp": "2026-07-14T03:37:07.030137Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/45ae3bda-1017-41e9-8f1d-93efb5737d2b/export"/>
    <published>2026-07-14T03:37:07.030137+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fc86f251-0761-4a6c-85b8-3fd8d5161db2/export</id>
    <title>fc86f251-0761-4a6c-85b8-3fd8d5161db2</title>
    <updated>2026-07-14T21:59:15.845209+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fc86f251-0761-4a6c-85b8-3fd8d5161db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkzdjoiir2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/645D99B0-7BBC-4833-BF58-A1849630DF4D", "creation_timestamp": "2026-07-14T01:07:01.254042Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fc86f251-0761-4a6c-85b8-3fd8d5161db2/export"/>
    <published>2026-07-14T01:07:01.254042+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e35e002f-27e5-4a03-af0e-d5c74ddf2cf2/export</id>
    <title>e35e002f-27e5-4a03-af0e-d5c74ddf2cf2</title>
    <updated>2026-07-14T21:59:15.845343+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e35e002f-27e5-4a03-af0e-d5c74ddf2cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkaefjajh24", "content": "CVE-2026-41041 - apache gravitino\nApache Gravitino's MCP REST client fails to properly encode user input in URLs, potentially allowing attackers to access sensitive data or API endpoints.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachegravitino #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-13T17:40:06.874702Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e35e002f-27e5-4a03-af0e-d5c74ddf2cf2/export"/>
    <published>2026-07-13T17:40:06.874702+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8cddc32b-fae1-450c-bf7d-6a5dacc249f0/export</id>
    <title>8cddc32b-fae1-450c-bf7d-6a5dacc249f0</title>
    <updated>2026-07-14T21:59:15.845451+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8cddc32b-fae1-450c-bf7d-6a5dacc249f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjvvulqhy2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/B1084611-D2B9-4763-9D66-2B1AF7A0D054", "creation_timestamp": "2026-07-13T14:33:01.834703Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8cddc32b-fae1-450c-bf7d-6a5dacc249f0/export"/>
    <published>2026-07-13T14:33:01.834703+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export</id>
    <title>b1858760-2f04-435b-b5aa-b83f1ad1aae8</title>
    <updated>2026-07-14T21:59:15.845565+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b1858760-2f04-435b-b5aa-b83f1ad1aae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mqito7op4j2u", "content": "CVE-2026-41041: Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.", "creation_timestamp": "2026-07-13T04:20:18.084410Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export"/>
    <published>2026-07-13T04:20:18.084410+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fb66ab41-8a3a-4093-824a-99b5801253f2/export</id>
    <title>fb66ab41-8a3a-4093-824a-99b5801253f2</title>
    <updated>2026-07-14T21:59:15.845665+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fb66ab41-8a3a-4093-824a-99b5801253f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5jrsw37s22", "content": "CVE-2026-41042\nApache Gravitino, a Java-based tool, has a security issue when using H2 databases for testing. An attacker can execute malicious code on the server if they know the server is using H2. To fix this, update to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-08T16:24:04.328773Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fb66ab41-8a3a-4093-824a-99b5801253f2/export"/>
    <published>2026-07-08T16:24:04.328773+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/aa03509f-f563-44cc-9c82-eb8735ba8695/export</id>
    <title>aa03509f-f563-44cc-9c82-eb8735ba8695</title>
    <updated>2026-07-14T21:59:15.845758+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "aa03509f-f563-44cc-9c82-eb8735ba8695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq5jlooecl2f", "content": "CVE-2026-41042: Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter", "creation_timestamp": "2026-07-08T16:20:38.680935Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/aa03509f-f563-44cc-9c82-eb8735ba8695/export"/>
    <published>2026-07-08T16:20:38.680935+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80/export</id>
    <title>cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80</title>
    <updated>2026-07-14T21:59:15.845852+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3movysuxn772i", "content": "CVE-2026-41045 - Privilege Escalation in Qsnapper. TOCTOU flaw in polkit auth allows local root access. CVSS 8.1. No patch available. Mitigate immediately. #CVE #infosec #Linux\n\nhttps://www.valtersit.com/cve/CVE-2026-41045/", "creation_timestamp": "2026-06-22T23:06:37.278130Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80/export"/>
    <published>2026-06-22T23:06:37.278130+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/72999106-c3a3-4006-8791-ff85c40797f2/export</id>
    <title>72999106-c3a3-4006-8791-ff85c40797f2</title>
    <updated>2026-07-14T21:59:15.845942+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "72999106-c3a3-4006-8791-ff85c40797f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movn3snyzh2m", "content": "CVE-2026-41048 - Caching of Authentication allows Authentication Bypass in qSnapper\nCVE ID : CVE-2026-41048\n \n Published : June 22, 2026, 3:31 p.m. | 3\u00a0hours, 39\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different polkit methods in qSnapper befor...", "creation_timestamp": "2026-06-22T19:36:51.968989Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/72999106-c3a3-4006-8791-ff85c40797f2/export"/>
    <published>2026-06-22T19:36:51.968989+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3d569253-e2e3-48ab-9e8f-4c8df2acf053/export</id>
    <title>3d569253-e2e3-48ab-9e8f-4c8df2acf053</title>
    <updated>2026-07-14T21:59:15.846039+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3d569253-e2e3-48ab-9e8f-4c8df2acf053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41049", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmnfwkqp2h", "content": "CVE-2026-41049 - Caching of Authentication allows Authentication Bypass between users in qSnapper\nCVE ID : CVE-2026-41049\n \n Published : June 22, 2026, 3:32 p.m. | 3\u00a0hours, 37\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different users of the\u00a0 qSna...", "creation_timestamp": "2026-06-22T19:28:48.001386Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3d569253-e2e3-48ab-9e8f-4c8df2acf053/export"/>
    <published>2026-06-22T19:28:48.001386+00:00</published>
  </entry>
</feed>
