<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-03T05:59:03.170189+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c974d78c-b5c2-4d72-bf50-020c10a27760/export</id>
    <title>c974d78c-b5c2-4d72-bf50-020c10a27760</title>
    <updated>2026-07-03T05:59:03.193564+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c974d78c-b5c2-4d72-bf50-020c10a27760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/roguelogics.bsky.social/post/3mplhihbycq2r", "content": "\ud83d\udea8 Patch Alert: CVE-2026-54352 is a high-severity vulnerability affecting widely-used software. This flaw can allow unauthorized remote code execution, putting sensitive data at risk. Our team urges you to patch this vulnerability immediately to mitigate potential threats. Staying ahead of threats\u2026", "creation_timestamp": "2026-07-01T11:55:08.001881Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c974d78c-b5c2-4d72-bf50-020c10a27760/export"/>
    <published>2026-07-01T11:55:08.001881+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9c5e4e6d-5a26-4abf-b92c-08851a6412b6/export</id>
    <title>9c5e4e6d-5a26-4abf-b92c-08851a6412b6</title>
    <updated>2026-07-03T05:59:03.195753+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9c5e4e6d-5a26-4abf-b92c-08851a6412b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpkqov5yzy2e", "content": "\ud83d\udccc CVE-2026-54352 - Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a bu... https://www.cyberhub.blog/cves/CVE-2026-54352", "creation_timestamp": "2026-07-01T05:07:07.931884Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9c5e4e6d-5a26-4abf-b92c-08851a6412b6/export"/>
    <published>2026-07-01T05:07:07.931884+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1764ae23-1174-47e8-a669-72f6ff7c4b89/export</id>
    <title>1764ae23-1174-47e8-a669-72f6ff7c4b89</title>
    <updated>2026-07-03T05:59:03.195869+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "1764ae23-1174-47e8-a669-72f6ff7c4b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mph77k3sah23", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54352 \u0432 Budibase: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/A0DB0CCD-330D-495C-8969-C700C2628D60", "creation_timestamp": "2026-06-29T19:16:19.132727Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1764ae23-1174-47e8-a669-72f6ff7c4b89/export"/>
    <published>2026-06-29T19:16:19.132727+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/66d8cbca-5614-4df0-af1c-3b5e9cc6e10c/export</id>
    <title>66d8cbca-5614-4df0-af1c-3b5e9cc6e10c</title>
    <updated>2026-07-03T05:59:03.195975+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "66d8cbca-5614-4df0-af1c-3b5e9cc6e10c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpdt2kkhgd2y", "content": "\ud83d\udd34 CVE-2026-54352 - Critical (9.6)\n\nBudibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at pac...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-54352/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-28T11:00:49.141725Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/66d8cbca-5614-4df0-af1c-3b5e9cc6e10c/export"/>
    <published>2026-06-28T11:00:49.141725+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/df80e4f3-045c-43ac-ab01-6d4db2f9b0e6/export</id>
    <title>df80e4f3-045c-43ac-ab01-6d4db2f9b0e6</title>
    <updated>2026-07-03T05:59:03.196040+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "df80e4f3-045c-43ac-ab01-6d4db2f9b0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpdmouqwyg2u", "content": "CVE-2026-54352 - Critical Path Traversal in Budibase. Symlink extraction allows reading arbitrary files. CVSS 9.6. Unpatched - limit builder access immediately. #CVE #Budibase #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-54352/", "creation_timestamp": "2026-06-28T09:06:53.641937Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/df80e4f3-045c-43ac-ab01-6d4db2f9b0e6/export"/>
    <published>2026-06-28T09:06:53.641937+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4864f77a-fde9-433f-8769-d9dd7b307a50/export</id>
    <title>4864f77a-fde9-433f-8769-d9dd7b307a50</title>
    <updated>2026-07-03T05:59:03.196109+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4864f77a-fde9-433f-8769-d9dd7b307a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7y5eswhr2c", "content": "CVE-2026-54352 - Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload\nCVE ID : CVE-2026-54352\n \n Published : June 26, 2026, 8:32 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pw...", "creation_timestamp": "2026-06-26T22:21:12.234822Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4864f77a-fde9-433f-8769-d9dd7b307a50/export"/>
    <published>2026-06-26T22:21:12.234822+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/483fba80-eac1-4586-b63d-d07276e8df52/export</id>
    <title>483fba80-eac1-4586-b63d-d07276e8df52</title>
    <updated>2026-07-03T05:59:03.196172+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "483fba80-eac1-4586-b63d-d07276e8df52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mow4im4pyb2r", "content": "A single Budibase app builder can read every secret on your server.\n\nA rigged app-icon upload exposes the master keys, forges an admin token, and reaches every workspace.\n\nSelf-hosted? Update to 3.39.9 and rotate secrets. (CVE-2026-54352)", "creation_timestamp": "2026-06-23T00:12:27.775773Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/483fba80-eac1-4586-b63d-d07276e8df52/export"/>
    <published>2026-06-23T00:12:27.775773+00:00</published>
  </entry>
</feed>
