<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-02T20:33:44.178721+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/586849a3-1218-4af3-a145-a94d8e9df642/export</id>
    <title>586849a3-1218-4af3-a145-a94d8e9df642</title>
    <updated>2026-07-02T20:33:44.199622+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "586849a3-1218-4af3-a145-a94d8e9df642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41896", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mphmq3627t2n", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41896 \u0432 Coolify: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/871F2929-0446-40E5-9079-68E5DD082B08", "creation_timestamp": "2026-06-29T23:18:12.504250Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/586849a3-1218-4af3-a145-a94d8e9df642/export"/>
    <published>2026-06-29T23:18:12.504250+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a258c537-718a-4ddc-9a32-e97f33c4d587/export</id>
    <title>a258c537-718a-4ddc-9a32-e97f33c4d587</title>
    <updated>2026-07-02T20:33:44.201104+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a258c537-718a-4ddc-9a32-e97f33c4d587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41896", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mphmhrstrp2h", "content": "CVE-2026-41896 - Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret\nCVE ID : CVE-2026-41896\n \n Published : June 29, 2026, 8:16 p.m. | 1\u00a0hour, 29\u00a0minutes ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers...", "creation_timestamp": "2026-06-29T23:13:38.106042Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a258c537-718a-4ddc-9a32-e97f33c4d587/export"/>
    <published>2026-06-29T23:13:38.106042+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9da6543b-d94e-4125-b03a-03b0c7ca8a51/export</id>
    <title>9da6543b-d94e-4125-b03a-03b0c7ca8a51</title>
    <updated>2026-07-02T20:33:44.201222+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9da6543b-d94e-4125-b03a-03b0c7ca8a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41894", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mp2zg2oftg2u", "content": "\ud83d\udea8 EUVD-2026-39122\n\ud83d\udcca 7.5/10\n\ud83c\udfe2 siyuan-note\n\n\ud83d\udcdd SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 (\"Path Traversal via Double URL Encoding\")...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39122\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-24T23:00:38.531766Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9da6543b-d94e-4125-b03a-03b0c7ca8a51/export"/>
    <published>2026-06-24T23:00:38.531766+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/677a5b80-0a61-403d-aadc-1917581ad32b/export</id>
    <title>677a5b80-0a61-403d-aadc-1917581ad32b</title>
    <updated>2026-07-02T20:33:44.201315+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "677a5b80-0a61-403d-aadc-1917581ad32b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlikjaceor2p", "content": "SignalK signalk-server &amp;lt;2.25.0 has a HIGH severity flaw: attackers can brute force passwords via WebSocket with no rate limit. Upgrade to 2.25.0+ to stay protected. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #cybersecurity #vuln", "creation_timestamp": "2026-05-10T10:30:29.331059Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/677a5b80-0a61-403d-aadc-1917581ad32b/export"/>
    <published>2026-05-10T10:30:29.331059+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3d5ab42b-74b2-4fb2-b680-c323592bb275/export</id>
    <title>3d5ab42b-74b2-4fb2-b680-c323592bb275</title>
    <updated>2026-07-02T20:33:44.201408+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3d5ab42b-74b2-4fb2-b680-c323592bb275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116549813973032624", "content": "\ud83d\udee1\ufe0f HIGH severity in SignalK signalk-server &amp;lt;2.25.0 (CVE-2026-41893): WebSocket login bypasses rate limits, enabling fast brute force attacks. Patch to 2.25.0+ ASAP. Details: https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #infosec #vuln #bruteforce", "creation_timestamp": "2026-05-10T10:30:27.621952Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3d5ab42b-74b2-4fb2-b680-c323592bb275/export"/>
    <published>2026-05-10T10:30:27.621952+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b257e4ff-a794-42da-b55b-4fae1a54ad39/export</id>
    <title>b257e4ff-a794-42da-b55b-4fae1a54ad39</title>
    <updated>2026-07-02T20:33:44.201519+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b257e4ff-a794-42da-b55b-4fae1a54ad39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41893", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlh66esqzt2e", "content": "CVE-2026-41893 - Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)\nCVE ID : CVE-2026-41893\n \n Published : May 9, 2026, 8:16 p.m. | 33\u00a0minutes ago\n \n Description : Signal K Server is a server application that runs on a central hub in a boat...", "creation_timestamp": "2026-05-09T21:17:00.057280Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b257e4ff-a794-42da-b55b-4fae1a54ad39/export"/>
    <published>2026-05-09T21:17:00.057280+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6053e562-0447-44b7-beed-6a627067dbac/export</id>
    <title>6053e562-0447-44b7-beed-6a627067dbac</title>
    <updated>2026-07-02T20:33:44.201627+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6053e562-0447-44b7-beed-6a627067dbac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41890", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlaltohzys2i", "content": "CVE-2026-41890 - CI4MS: Arbitrary Database Table Drop via Theme deleteProcess\nCVE ID : CVE-2026-41890\n \n Published : May 7, 2026, 3:23 a.m. | 1\u00a0hour, 1\u00a0minute ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architectur...", "creation_timestamp": "2026-05-07T06:32:55.274902Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6053e562-0447-44b7-beed-6a627067dbac/export"/>
    <published>2026-05-07T06:32:55.274902+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/533ce068-8809-4a00-9a9d-d69914a8f1ea/export</id>
    <title>533ce068-8809-4a00-9a9d-d69914a8f1ea</title>
    <updated>2026-07-02T20:33:44.201714+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "533ce068-8809-4a00-9a9d-d69914a8f1ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41891", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlahjfoxve2e", "content": "CVE-2026-41891 - CI4MS: Deactivated User Session Bypass (active=0)\nCVE ID : CVE-2026-41891\n \n Published : May 7, 2026, 3:24 a.m. | 1\u00a0hour ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authoriza...", "creation_timestamp": "2026-05-07T05:15:35.996527Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/533ce068-8809-4a00-9a9d-d69914a8f1ea/export"/>
    <published>2026-05-07T05:15:35.996527+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/62a90421-5e2c-4665-a45f-a8e4f75ad553/export</id>
    <title>62a90421-5e2c-4665-a45f-a8e4f75ad553</title>
    <updated>2026-07-02T20:33:44.201798+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "62a90421-5e2c-4665-a45f-a8e4f75ad553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41898", "type": "seen", "source": "Telegram/FGivxNz61ghqDj4ER4orUo942MC3d41x9N89ngSi7socZnE", "content": "", "creation_timestamp": "2026-04-24T19:23:26.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/62a90421-5e2c-4665-a45f-a8e4f75ad553/export"/>
    <published>2026-04-24T19:23:26+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a126b841-66f9-469e-af9d-19002533b5aa/export</id>
    <title>a126b841-66f9-469e-af9d-19002533b5aa</title>
    <updated>2026-07-02T20:33:44.201884+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cve.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "a126b841-66f9-469e-af9d-19002533b5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41893", "type": "published-proof-of-concept", "source": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-vmfm-ch9h-5c7g", "content": "", "creation_timestamp": "2026-04-23T17:45:50.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a126b841-66f9-469e-af9d-19002533b5aa/export"/>
    <published>2026-04-23T17:45:50+00:00</published>
  </entry>
</feed>
