https://vulnerability.circl.lu/sightings/feed 2026-06-11T10:33:30.170196+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/ab3238f2-a2c2-4af9-aca5-589bdcc90f90/export 2026-06-11T10:33:30.191385+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "ab3238f2-a2c2-4af9-aca5-589bdcc90f90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45718", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-3263-v5v9-xq8q", "content": "", "creation_timestamp": "2026-05-12T10:28:53.000000Z"} 2026-05-12T10:28:53+00:00 https://vulnerability.circl.lu/sighting/58918e78-26e3-4a18-8e59-bb759bce7255/export 2026-06-11T10:33:30.191305+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "58918e78-26e3-4a18-8e59-bb759bce7255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45714", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlrj5qnbnd2e", "content": "CVE-2026-45714 - CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE\nCVE ID : CVE-2026-45714\n \n Published : May 13, 2026, 9:16 p.m. | 14\u00a0minutes ago\n \n Description : CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Ser...", "creation_timestamp": "2026-05-14T00:00:08.032168Z"} 2026-05-14T00:00:08.032168+00:00 https://vulnerability.circl.lu/sighting/8b907c73-871b-46ce-90a0-87a8e14a1496/export 2026-06-11T10:33:30.191229+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "8b907c73-871b-46ce-90a0-87a8e14a1496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45714", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlro7dqd722v", "content": "CubeCart < 6.7.0 hit by CRITICAL SSTI flaw \u2014 admins can run OS commands via Smarty templates (RCE risk). Upgrade to 6.7.0+ now! https://radar.offseq.com/threat/cve-2026-45714-cwe-94-improper-control-of-generati-b4219bcf #OffSeq #CubeCart #RCE", "creation_timestamp": "2026-05-14T01:30:30.609096Z"} 2026-05-14T01:30:30.609096+00:00 https://vulnerability.circl.lu/sighting/428d03fe-6975-41f7-b771-0f0c64127cb2/export 2026-06-11T10:33:30.191154+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "428d03fe-6975-41f7-b771-0f0c64127cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45714", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116570339883701677", "content": "\ud83d\udea8 CRITICAL: CVE-2026-45714 in CubeCart < 6.7.0 enables authenticated admins to execute OS commands via SSTI (Smarty engine) \u2014 full RCE risk. Patch to 6.7.0+ ASAP! https://radar.offseq.com/threat/cve-2026-45714-cwe-94-improper-control-of-generati-b4219bcf #OffSeq #CubeCart #SSTI #RCE #Vuln", "creation_timestamp": "2026-05-14T01:32:49.656352Z"} 2026-05-14T01:32:49.656352+00:00 https://vulnerability.circl.lu/sighting/2011a00b-9e65-48d6-b9e7-e1498451e688/export 2026-06-11T10:33:30.191078+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "2011a00b-9e65-48d6-b9e7-e1498451e688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45713", "type": "published-proof-of-concept", "source": "https://github.com/axllent/mailpit/security/advisories/GHSA-fpxj-m5q8-fphw", "content": "", "creation_timestamp": "2026-05-14T04:53:02.000000Z"} 2026-05-14T04:53:02+00:00 https://vulnerability.circl.lu/sighting/bdd4f2a8-c3ac-4924-80d0-f8f87f0227da/export 2026-06-11T10:33:30.190988+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "bdd4f2a8-c3ac-4924-80d0-f8f87f0227da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45712", "type": "published-proof-of-concept", "source": "https://github.com/axllent/mailpit/security/advisories/GHSA-w4vj-r5pg-3722", "content": "", "creation_timestamp": "2026-05-14T04:53:15.000000Z"} 2026-05-14T04:53:15+00:00 https://vulnerability.circl.lu/sighting/5f295699-1d7f-438f-bb07-dbc0e4592056/export 2026-06-11T10:33:30.190160+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "5f295699-1d7f-438f-bb07-dbc0e4592056", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45711", "type": "published-proof-of-concept", "source": "https://github.com/axllent/mailpit/security/advisories/GHSA-qx5x-85p8-vg4j", "content": "", "creation_timestamp": "2026-05-14T04:53:32.000000Z"} 2026-05-14T04:53:32+00:00 https://vulnerability.circl.lu/sighting/a07fa4a0-c0d5-4cdb-b6a4-b801ede35ad0/export 2026-06-11T10:33:30.190075+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a07fa4a0-c0d5-4cdb-b6a4-b801ede35ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45719", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7fpio442c", "content": "CVE-2026-45719 - Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API\nCVE ID : CVE-2026-45719\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 View...", "creation_timestamp": "2026-05-27T19:08:48.002568Z"} 2026-05-27T19:08:48.002568+00:00 https://vulnerability.circl.lu/sighting/b1ab72d0-4143-438b-937e-3dd8d0c621cb/export 2026-06-11T10:33:30.189966+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "b1ab72d0-4143-438b-937e-3dd8d0c621cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45717", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7jtzdbq2c", "content": "CVE-2026-45717 - Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.\nCVE ID : CVE-2026-45717\n \n P...", "creation_timestamp": "2026-05-27T19:11:06.954359Z"} 2026-05-27T19:11:06.954359+00:00 https://vulnerability.circl.lu/sighting/bd73e4f3-8a64-419b-b964-c9de77fed655/export 2026-06-11T10:33:30.188411+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "bd73e4f3-8a64-419b-b964-c9de77fed655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45718", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7oefvvl2e", "content": "CVE-2026-45718 - Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows\nCVE ID : CVE-2026-45718\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to...", "creation_timestamp": "2026-05-27T19:13:38.140467Z"} 2026-05-27T19:13:38.140467+00:00