https://vulnerability.circl.lu/sightings/feed 2026-06-12T18:55:18.442645+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/15076dea-d50b-4b30-8559-acfe2c342b84/export 2026-06-12T18:55:18.473714+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "15076dea-d50b-4b30-8559-acfe2c342b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41248", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116462402932902110", "content": "", "creation_timestamp": "2026-04-25T00:00:46.878045Z"} 2026-04-25T00:00:46.878045+00:00 https://vulnerability.circl.lu/sighting/fee2802e-be27-4ba1-b255-2aa59b1490a5/export 2026-06-12T18:55:18.473642+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "fee2802e-be27-4ba1-b255-2aa59b1490a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41248", "type": "seen", "source": "https://bsky.app/profile/hexmortem.bsky.social/post/3mkfpzex4n723", "content": "", "creation_timestamp": "2026-04-26T14:05:49.285505Z"} 2026-04-26T14:05:49.285505+00:00 https://vulnerability.circl.lu/sighting/6b18bf11-bb0e-4567-9cbe-af491febccbf/export 2026-06-12T18:55:18.473569+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "6b18bf11-bb0e-4567-9cbe-af491febccbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "published-proof-of-concept", "source": "Telegram/R85q5mAF-_-h3phwgiJ0Y2SWWwG84cWRlWRRB1ACIs5b5lM", "content": "", "creation_timestamp": "2026-04-26T21:00:04.000000Z"} 2026-04-26T21:00:04+00:00 https://vulnerability.circl.lu/sighting/bab627a3-371c-490d-88b9-230d0ebc8696/export 2026-06-12T18:55:18.473477+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "bab627a3-371c-490d-88b9-230d0ebc8696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41248", "type": "seen", "source": "https://bsky.app/profile/hexmortem.com/post/3mkrt3po63422", "content": "CVE-2026-41248 \u2014 Clerk middleware bypass.\n\nMiddleware tests the raw URL; framework router decodes before dispatch. /api/%61dmin/users \u2192 middleware reads \"%61dmin\", PASS. Handler reads \"admin\", runs unauthenticated.\n\nAffected: @clerk/shared \u2264 3.47.3 (nextjs/nuxt/astro). Fixed b0b6675bad.", "creation_timestamp": "2026-05-01T09:32:45.015685Z"} 2026-05-01T09:32:45.015685+00:00 https://vulnerability.circl.lu/sighting/080cea61-c9ca-4875-9c42-635f90f0a04d/export 2026-06-12T18:55:18.473355+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "080cea61-c9ca-4875-9c42-635f90f0a04d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41241", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmthqixxht2m", "content": "\u30b9\u30d4\u30fc\u30ab\u30fc\u767b\u58c7\u3092\u78ba\u5b9f\u306b\u3059\u308b\u65b9\u6cd5\uff1a\u6587\u5b57\u901a\u308a\u30b7\u30b9\u30c6\u30e0\u3092\u30cf\u30c3\u30af\u3059\u308b\n\n\u3042\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u304c\u3001\u30c6\u30c3\u30af\u30ab\u30f3\u30d5\u30a1\u30ec\u30f3\u30b9\u306b\u30b9\u30d4\u30fc\u30ab\u30fc\u7533\u8acb\u3092\u78ba\u5b9f\u306b\u53d7\u7406\u3055\u305b\u308b\u4e07\u5168\u306e\u65b9\u6cd5\u3092\u898b\u3064\u3051\u305f\u3002\u305d\u306e\u30b7\u30b9\u30c6\u30e0\u81ea\u4f53\u3092\u30cf\u30c3\u30af\u3059\u308b\u3068\u3044\u3046\u3082\u306e\u3060\u3002CVE-2026-41241 \u306f\u3001\u30ab\u30f3\u30d5\u30a1\u30ec\u30f3\u30b9\u4e3b\u50ac\u8005\u304c\u30b9\u30d4\u30fc\u30ab\u30fc\u7533\u8acb\u3068\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u7ba1\u7406\u306b\u4f7f\u7528\u3059\u308b\u4eba\u6c17\u306e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30c4\u30fc\u30eb\u300cpretalx\u300d\u306b\u5b58\u5728\u3059\u308b\u3001\u4fdd\u5b58\u578b\u30af\u30ed\u30b9", "creation_timestamp": "2026-05-27T12:05:20.575499Z"} 2026-05-27T12:05:20.575499+00:00 https://vulnerability.circl.lu/sighting/b0324ea1-e203-4583-b2c5-9328af2a5232/export 2026-06-12T18:55:18.473120+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b0324ea1-e203-4583-b2c5-9328af2a5232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41241", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmutv6zlc32d", "content": "CVE-2026-41241 in Pretalx exposed a stored XSS flaw that let registered speakers run JavaScript in organizers' browsers during submission searches. Patched in 2026.1.0. #Pretalx #CVE202641241 #XSS", "creation_timestamp": "2026-05-28T01:15:23.388934Z"} 2026-05-28T01:15:23.388934+00:00 https://vulnerability.circl.lu/sighting/53d2d58a-fc2c-4645-b32a-7d62aa87c7bd/export 2026-06-12T18:55:18.472811+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "53d2d58a-fc2c-4645-b32a-7d62aa87c7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "seen", "source": "https://gist.github.com/alon710/f442847fd0d81ee05bc55bd2cc39ff9c", "content": "# GHSA-XQ3M-2V4X-88GG: CVE-2026-41242: Remote Code Execution via Dynamic Code Generation in protobufjs\n\n> **CVSS Score:** 9.8\n> **Published:** 2026-04-16\n> **Full Report:** https://cvereports.com/reports/GHSA-XQ3M-2V4X-88GG\n\n## Summary\nCVE-2026-41242 is a critical code injection vulnerability in protobufjs. The library compiles custom serialization functions at runtime using the `Function` constructor. Prior to versions 7.5.5 and 8.0.1, dynamic type names were not sanitized, allowing an attacker to inject arbitrary JavaScript via crafted schema definitions, leading to remote code execution.\n\n## TL;DR\nUnsanitized type names in protobufjs schemas allow attackers to inject and execute arbitrary JavaScript during dynamic code compilation.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-94\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 9.8\n- **EPSS Score**: 0.00026\n- **Exploit Status**: PoC\n- **CISA KEV Status**: Not Listed\n- **Impact**: Unauthenticated Remote Code Execution\n\n## Affected Systems\n\n- Node.js applications using protobufjs prior to 7.5.5\n- Node.js applications using protobufjs 8.0.0-experimental\n- **protobufjs**: < 7.5.5 (Fixed in: `7.5.5`)\n- **protobufjs**: >= 8.0.0-experimental < 8.0.1 (Fixed in: `8.0.1`)\n\n## Mitigation\n\n- Upgrade protobufjs to version 7.5.5, 8.0.1 or higher.\n- Apply a runtime monkey patch to sanitize inputs if immediate upgrading is impossible.\n- Block untrusted clients from uploading or modifying protobuf schemas.\n- Utilize WAF rules to detect schema payloads containing JavaScript control characters.\n\n**Remediation Steps:**\n1. Identify all internal services and dependencies using protobufjs.\n2. Update package.json and lockfiles to require protobufjs >= 7.5.5 or >= 8.0.1.\n3. Run npm audit or yarn audit to verify that no vulnerable versions remain in the dependency tree.\n4. Deploy the updated application to production environments.\n\n## References\n\n- [GitHub Advisory: Remote Code Execution in protobufjs](https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg)\n- [Fix Commit (Mainline)](https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75)\n- [Fix Commit (Secondary)](https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956)\n- [Exploit Proof-of-Concept Repository](https://github.com/4chech/CVE-2026-41242)\n- [NVD - CVE-2026-41242](https://nvd.nist.gov/vuln/detail/CVE-2026-41242)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-41242)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-XQ3M-2V4X-88GG) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T11:02:14.000000Z"} 2026-06-03T11:02:14+00:00 https://vulnerability.circl.lu/sighting/1ddae52f-61d6-4cb2-a2b6-4de271656562/export 2026-06-12T18:55:18.472525+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "1ddae52f-61d6-4cb2-a2b6-4de271656562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41249", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnijg3sqtc22", "content": "\ud83d\udfe0 CVE-2026-41249 - High (8.2)\n\nCoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the G...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41249/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-04T21:01:14.820910Z"} 2026-06-04T21:01:14.820910+00:00 https://vulnerability.circl.lu/sighting/6246269a-9296-4a73-9729-108b52d72694/export 2026-06-12T18:55:18.472202+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "6246269a-9296-4a73-9729-108b52d72694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41249", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mninur6c7d2w", "content": "CoreShop v5.0.1\uff5e5.1.0-beta.1\u306f\u3001GitHub Actions\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u304c\u60aa\u610f\u3042\u308b\u30d7\u30eb\u30ea\u30af\u30a8\u30b9\u30c8\u3067GitHub Actions runner\u4e0a\u3067\u30ea\u30e2\u2026\nCVE-2026-41249 CVSS 8.2 | HIGH", "creation_timestamp": "2026-06-04T22:21:00.890389Z"} 2026-06-04T22:21:00.890389+00:00 https://vulnerability.circl.lu/sighting/955b9cb3-4217-4fb2-ac6d-70f2416f2235/export 2026-06-12T18:55:18.469487+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "955b9cb3-4217-4fb2-ac6d-70f2416f2235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnipelu36t2g", "content": "CVE-2026-41249 - CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration\nCVE ID : CVE-2026-41249\n \n Published : June 4, 2026, 8:16 p.m. | 2\u00a0hours, 13\u00a0minutes ago\n \n Description : CoreShop is a Pimcore enhanced eCommerce solution. In ...", "creation_timestamp": "2026-06-04T22:47:45.390828Z"} 2026-06-04T22:47:45.390828+00:00