<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-15T14:19:36.685998+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/20942a68-8204-4966-becc-da6028e8f1aa/export</id>
    <title>20942a68-8204-4966-becc-da6028e8f1aa</title>
    <updated>2026-07-15T14:19:36.714250+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "20942a68-8204-4966-becc-da6028e8f1aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://mastodon.social/users/hugovalters/statuses/116923900456799491", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:35.487574Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/20942a68-8204-4966-becc-da6028e8f1aa/export"/>
    <published>2026-07-15T12:05:35.487574+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0eb7f805-a6ad-4e05-a90e-01016b40ba68/export</id>
    <title>0eb7f805-a6ad-4e05-a90e-01016b40ba68</title>
    <updated>2026-07-15T14:19:36.716912+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0eb7f805-a6ad-4e05-a90e-01016b40ba68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqoolhshzv2b", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:15.651929Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0eb7f805-a6ad-4e05-a90e-01016b40ba68/export"/>
    <published>2026-07-15T12:05:15.651929+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9e574747-4de1-4ed4-9724-aca3f4d41e14/export</id>
    <title>9e574747-4de1-4ed4-9724-aca3f4d41e14</title>
    <updated>2026-07-15T14:19:36.717047+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9e574747-4de1-4ed4-9724-aca3f4d41e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnecrumf62l", "content": "CVE-2026-53486 - decompress: Archive extraction can create files and links outside the target directory\nCVE ID : CVE-2026-53486\n \n Published : July 14, 2026, 9:17 p.m. | 35\u00a0minutes ago\n \n Description : The decompress package for Node.js extracts archives. Prior to 10.2.1 and 1...", "creation_timestamp": "2026-07-14T23:28:46.763333Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9e574747-4de1-4ed4-9724-aca3f4d41e14/export"/>
    <published>2026-07-14T23:28:46.763333+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/931cc843-98ac-482e-ae73-743b6b5c83a0/export</id>
    <title>931cc843-98ac-482e-ae73-743b6b5c83a0</title>
    <updated>2026-07-15T14:19:36.717155+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "931cc843-98ac-482e-ae73-743b6b5c83a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mqhadhd3v72m", "content": "A decompress npm vulnerability (CVE-2026-53486, CVSS 9.1) lets crafted archives write files outside the target folder via path traversal. Patch now.\n\n#decompress #npm #CVE202653486 #PathTraversal #NodeJS #CyberSecurity", "creation_timestamp": "2026-07-12T13:01:36.192441Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/931cc843-98ac-482e-ae73-743b6b5c83a0/export"/>
    <published>2026-07-12T13:01:36.192441+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3dac3510-5772-46fa-838a-ad2265a0655e/export</id>
    <title>3dac3510-5772-46fa-838a-ad2265a0655e</title>
    <updated>2026-07-15T14:19:36.717253+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3dac3510-5772-46fa-838a-ad2265a0655e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpyzx5z4fr2x", "content": "CVE-2026-53486 - decompress\nA vulnerability in decompress allows malicious archives to create files and links outside of the intended directory. This can happen when extracting archives from\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#decompress #xhmikosr #npm #CVE #infosec", "creation_timestamp": "2026-07-06T21:30:04.769266Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3dac3510-5772-46fa-838a-ad2265a0655e/export"/>
    <published>2026-07-06T21:30:04.769266+00:00</published>
  </entry>
</feed>
