<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-04T03:24:15.413144+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b04d4063-c757-4a47-a6ec-12d91c188ac4/export</id>
    <title>b04d4063-c757-4a47-a6ec-12d91c188ac4</title>
    <updated>2026-07-04T03:24:15.436613+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b04d4063-c757-4a47-a6ec-12d91c188ac4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45060", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mo2qe7oetf2r", "content": "ClipBucket v5.5.3\u672a\u6e80\u3067\u306f\u3001\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u304cprogress_video.php\u306eids\u30d1\u30e9\u30e1\u30fc\u30bf\u3067SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u60aa\u7528\u3057\u3001\u6a5f\u5bc6\u30c7\u30fc\u30bf\u3092\u7a83\u53d6\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\nCVE-2026-45060 CVSS 9.8 | CRITICAL", "creation_timestamp": "2026-06-12T02:53:21.660294Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b04d4063-c757-4a47-a6ec-12d91c188ac4/export"/>
    <published>2026-06-12T02:53:21.660294+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c29e94cf-9d9f-44d0-8d6a-36ded3caba08/export</id>
    <title>c29e94cf-9d9f-44d0-8d6a-36ded3caba08</title>
    <updated>2026-07-04T03:24:15.439510+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c29e94cf-9d9f-44d0-8d6a-36ded3caba08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45060", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mo2nr25qwa2r", "content": "CVE-2026-45060 - Critical unauthenticated blind SQLi in ClipBucket v5. CVSS 9.8. Attackers can exfiltrate sensitive data via the ids parameter. Update to 5.5.3 - #129 immediately. #CVE #infosec #ClipBucket\n\nhttps://www.valtersit.com/cve/CVE-2026-45060/", "creation_timestamp": "2026-06-12T02:06:50.792025Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c29e94cf-9d9f-44d0-8d6a-36ded3caba08/export"/>
    <published>2026-06-12T02:06:50.792025+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/54d6e7cd-6fdc-4eb2-8ed0-21c2c84c23fe/export</id>
    <title>54d6e7cd-6fdc-4eb2-8ed0-21c2c84c23fe</title>
    <updated>2026-07-04T03:24:15.439835+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "54d6e7cd-6fdc-4eb2-8ed0-21c2c84c23fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45060", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mo2lpwxev72r", "content": "\ud83d\udea8 CRITICAL vuln: ClipBucket v5 (&amp;lt;5.5.3) blind SQL injection in progress_video.php \u2014 unauthenticated attackers can steal data. Patch to v5.5.3 now! https://radar.offseq.com/threat/cve-2026-45060-cwe-89-improper-neutralization-of-s-b8ad08b0 #OffSeq #SQLInjection #Vulnerability", "creation_timestamp": "2026-06-12T01:30:26.901165Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/54d6e7cd-6fdc-4eb2-8ed0-21c2c84c23fe/export"/>
    <published>2026-06-12T01:30:26.901165+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/400cab66-249a-42a6-9a59-fceda54f35e2/export</id>
    <title>400cab66-249a-42a6-9a59-fceda54f35e2</title>
    <updated>2026-07-04T03:24:15.439971+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "400cab66-249a-42a6-9a59-fceda54f35e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45060", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2gpmacuu2p", "content": "\ud83d\udd34 CVE-2026-45060 - Critical (9.8)\n\nClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the action...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45060/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-12T00:00:47.343815Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/400cab66-249a-42a6-9a59-fceda54f35e2/export"/>
    <published>2026-06-12T00:00:47.343815+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/95aab1ea-ac24-43c9-9993-95ccc1ff18fc/export</id>
    <title>95aab1ea-ac24-43c9-9993-95ccc1ff18fc</title>
    <updated>2026-07-04T03:24:15.440086+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "95aab1ea-ac24-43c9-9993-95ccc1ff18fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45067", "type": "published-proof-of-concept", "source": "Telegram/cFkqaiLeMF7rcnyy-4alEvGOnwxzqn60V0GjpreyOt3-Yxw", "content": "", "creation_timestamp": "2026-06-09T11:00:07.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/95aab1ea-ac24-43c9-9993-95ccc1ff18fc/export"/>
    <published>2026-06-09T11:00:07+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/ecb667cb-5446-4607-b13f-92a17cd1fa8f/export</id>
    <title>ecb667cb-5446-4607-b13f-92a17cd1fa8f</title>
    <updated>2026-07-04T03:24:15.440181+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "ecb667cb-5446-4607-b13f-92a17cd1fa8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45064", "type": "seen", "source": "https://bsky.app/profile/mradcliffe.nokoto.org.ap.brid.gy/post/3mmbu4igtlyo2", "content": "Symfony 7.4.12, Symfony 8.0.12 and Twig 3.26.0 releases today with a bunch of CVEs.\n\nCVE-2026-46640 in twig and CVE-2026-45075 in Symfony router and CVE-2026-45064 in Symfony sanitizer seem particularly scary.\n\n`composer update` and test, test, test.", "creation_timestamp": "2026-05-20T11:59:01.857372Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/ecb667cb-5446-4607-b13f-92a17cd1fa8f/export"/>
    <published>2026-05-20T11:59:01.857372+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b2d9eb06-578a-4700-b2b4-b825357aab2c/export</id>
    <title>b2d9eb06-578a-4700-b2b4-b825357aab2c</title>
    <updated>2026-07-04T03:24:15.440284+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b2d9eb06-578a-4700-b2b4-b825357aab2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45069", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqpbof7o2y", "content": "\ud83d\udd10 CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45069-oidctokenhandler-accepts-jwts-missing-aud-iss-exp-claims", "creation_timestamp": "2026-05-20T10:58:12.020717Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b2d9eb06-578a-4700-b2b4-b825357aab2c/export"/>
    <published>2026-05-20T10:58:12.020717+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1a7cf19e-2e8a-4a4d-9f50-e671921e06f1/export</id>
    <title>1a7cf19e-2e8a-4a4d-9f50-e671921e06f1</title>
    <updated>2026-07-04T03:24:15.440386+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1a7cf19e-2e8a-4a4d-9f50-e671921e06f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45066", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqp4m3gj25", "content": "\ud83d\udd10 CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and  Misclassification\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45066-htmlsanitizer-allowlinkhosts-allowmediahosts-bypass-via-url-parser-differentials-and-area-misclassification", "creation_timestamp": "2026-05-20T10:57:42.142136Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1a7cf19e-2e8a-4a4d-9f50-e671921e06f1/export"/>
    <published>2026-05-20T10:57:42.142136+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5e1843b2-fe7c-451f-9e43-cc2c395a02a9/export</id>
    <title>5e1843b2-fe7c-451f-9e43-cc2c395a02a9</title>
    <updated>2026-07-04T03:24:15.440481+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5e1843b2-fe7c-451f-9e43-cc2c395a02a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45067", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqovqbog2y", "content": "\ud83d\udd10 CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\\Component\\Mime\\Address\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45067-email-header-smtp-command-injection-via-crlf-in-symfony-component-mime-address", "creation_timestamp": "2026-05-20T10:57:34.938448Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5e1843b2-fe7c-451f-9e43-cc2c395a02a9/export"/>
    <published>2026-05-20T10:57:34.938448+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6f232eff-e111-4c81-859d-b59d7de7cb78/export</id>
    <title>6f232eff-e111-4c81-859d-b59d7de7cb78</title>
    <updated>2026-07-04T03:24:15.440584+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6f232eff-e111-4c81-859d-b59d7de7cb78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45068", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqoqvzdp2y", "content": "\ud83d\udd10 CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45068-argument-injection-in-sendmailtransport-via-dash-prefixed-recipient-address", "creation_timestamp": "2026-05-20T10:57:29.949199Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6f232eff-e111-4c81-859d-b59d7de7cb78/export"/>
    <published>2026-05-20T10:57:29.949199+00:00</published>
  </entry>
</feed>
