https://vulnerability.circl.lu/sightings/feed 2026-06-24T16:30:34.760797+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/00b6b307-7f11-4e14-a88a-587dce6fd8ff/export 2026-06-24T16:30:34.781249+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "00b6b307-7f11-4e14-a88a-587dce6fd8ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7o7bs2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:53.130998Z"} 2026-06-19T16:15:53.130998+00:00 https://vulnerability.circl.lu/sighting/94685b2a-a351-41e7-b0d1-f0036834f8ab/export 2026-06-24T16:30:34.781178+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "94685b2a-a351-41e7-b0d1-f0036834f8ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oj2c2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:54.954092Z"} 2026-06-19T16:15:54.954092+00:00 https://vulnerability.circl.lu/sighting/905daf71-3a8f-418f-8eda-da2592f6390d/export 2026-06-24T16:30:34.781110+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "905daf71-3a8f-418f-8eda-da2592f6390d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oly22s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:56.815848Z"} 2026-06-19T16:15:56.815848+00:00 https://vulnerability.circl.lu/sighting/bfd5507b-8375-44ce-abfe-dff569584faf/export 2026-06-24T16:30:34.781044+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "bfd5507b-8375-44ce-abfe-dff569584faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3moo3tu7caf2s", "content": "Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530", "creation_timestamp": "2026-06-19T19:39:32.454313Z"} 2026-06-19T19:39:32.454313+00:00 https://vulnerability.circl.lu/sighting/978e67c3-6215-478c-80b8-19a12555bfae/export 2026-06-24T16:30:34.780945+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "978e67c3-6215-478c-80b8-19a12555bfae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/kontronn.bsky.social/post/3mosijvo7222x", "content": "Nginx QUIC RCE Vulnerability CVE-2026-42530: Security Implications of HTTP/3 www.pudn.club/news/nginx-q...", "creation_timestamp": "2026-06-21T13:37:23.040427Z"} 2026-06-21T13:37:23.040427+00:00 https://vulnerability.circl.lu/sighting/17e976ce-db30-4b86-a922-7b614c846cf8/export 2026-06-24T16:30:34.780810+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "17e976ce-db30-4b86-a922-7b614c846cf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmkxha2v2m", "content": "\ud83d\udea8 ALERT: CVE-2026-42530\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the ngx_http_v3_module. When NGINX is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause ", "creation_timestamp": "2026-06-22T00:22:06.060030Z"} 2026-06-22T00:22:06.060030+00:00 https://vulnerability.circl.lu/sighting/1c3a3d46-1081-4647-918c-c2b850193593/export 2026-06-24T16:30:34.780647+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "1c3a3d46-1081-4647-918c-c2b850193593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mourv4si7h22", "content": "F5 releases security updates for NGINX Open Source fixing CVE-2026-42530 (CVSS 9.2), a use-after-free flaw in ngx_http_v3_module that could allow remote code execution. Update now!", "creation_timestamp": "2026-06-22T11:29:55.861356Z"} 2026-06-22T11:29:55.861356+00:00 https://vulnerability.circl.lu/sighting/aa1b4f73-b1f5-4ef4-96b5-8f9e2d6b9fc2/export 2026-06-24T16:30:34.780455+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "aa1b4f73-b1f5-4ef4-96b5-8f9e2d6b9fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42530", "type": "seen", "source": "https://infosec.exchange/ap/users/116710323468652980/statuses/116794392691446150", "content": "F5 Patches Critical NGINX RCE Bugs CVE-2026-42530/42055\n\ud83d\udd17 https://cybersecurefox.com/en/f5-critical-nginx-vulnerabilities-cve-2026-42530-42055\n#F5 #NGINX #CVE-2026-42530 #CVE-2026-42055 #HTTP/3 #vulnerability", "creation_timestamp": "2026-06-22T15:15:11.546523Z"} 2026-06-22T15:15:11.546523+00:00 https://vulnerability.circl.lu/sighting/833a709e-feb9-4444-9f39-ebd392787395/export 2026-06-24T16:30:34.780182+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "833a709e-feb9-4444-9f39-ebd392787395", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b", "content": "# \u26a0\ufe0f SECURITY ALERT: Multiple CVEs Affecting Popular Packages (June 2026)\n\n## CVE-2026-48931 \u2014 Node.js 24.17 / node-fetch Premature Close\n- **Impact:** Affects Node.js 24.17 and any app using node-fetch\n- **Severity:** High\n- **Affected:** Backstage (20\ud83d\udc4d issue), any Node.js app on 24.17\n- **Fix:** Update Node.js or apply backport\n- **Issue:** https://github.com/backstage/backstage/issues/34651\n\n## CVE-2026-54297 \u2014 Faraday Dependency Vulnerability\n- **Impact:** Affects Fastlane and apps using Faraday\n- **Severity:** High\n- **Affected:** Fastlane (9\ud83d\udc4d issue), any Ruby app using Faraday\n- **Fix:** Update Faraday dependency\n- **Issue:** https://github.com/fastlane/fastlane/issues/30086\n\n## CVE-2026-42530 & CVE-2026-42055 \u2014 nginx Vulnerabilities\n- **Impact:** Affects nginx and mailcow-dockerized\n- **Severity:** High\n- **Affected:** mailcow-dockerized (7\ud83d\udc4d issue), any nginx deployment\n- **Fix:** Update nginx to patched version\n- **Issue:** https://github.com/mailcow/mailcow-dockerized/issues/7299\n\n## js-yaml Quadratic DoS (v3.x)\n- **Impact:** Affects any app using js-yaml v3.x for YAML parsing\n- **Severity:** Medium-High\n- **Affected:** 15\ud83d\udc4d issue requesting backport from v4.2.0 to v3\n- **Fix:** Update to js-yaml v4.2.0+ or apply backport\n- **Issue:** https://github.com/nodeca/js-yaml/issues/762\n\n## How to Check If You're Affected\n1. Check your Node.js version: `node --version`\n2. Check your Ruby/Bundler dependencies: `bundle list | grep faraday`\n3. Check your nginx version: `nginx -v`\n4. Check your js-yaml version: `npm ls js-yaml`\n\n## What to Do\n1. Update affected dependencies immediately\n2. Review logs for suspicious activity\n3. Rotate credentials if exposure is suspected\n\n---\n*If this alert helped you: https://buymeacoffee.com/muhamedfazalps*\n", "creation_timestamp": "2026-06-23T13:41:44.000000Z"} 2026-06-23T13:41:44+00:00 https://vulnerability.circl.lu/sighting/2d5cf4f3-bc25-4ede-987d-841e5f068822/export 2026-06-24T16:30:34.777701+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "2d5cf4f3-bc25-4ede-987d-841e5f068822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://bsky.app/profile/getpacketai.bsky.social/post/3moyakl54rp2v", "content": "F5 patches critical NGINX flaws enabling remote code execution. Security teams need to prioritise updates for CVE-2026-42530 and related vulnerabilities affecting open-source\u2026\n\nhttps://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html\n\n#cybersecurity #infosec", "creation_timestamp": "2026-06-23T20:30:27.147464Z"} 2026-06-23T20:30:27.147464+00:00