<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T03:03:48.838980+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c6bafa97-033b-468a-a3fa-0d822a286eb6/export</id>
    <title>c6bafa97-033b-468a-a3fa-0d822a286eb6</title>
    <updated>2026-07-09T03:03:48.857038+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c6bafa97-033b-468a-a3fa-0d822a286eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54527", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq6ndtyssy2f", "content": "jupyterlab-git &amp;lt;0.54.0 is vulnerable to CRITICAL XSS (CVE-2026-54527). Malicious filenames can run code in users\u2019 browsers. Upgrade to 0.54.0+ now! \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-54527-cwe-79-improper-neutralization-of-i-859af0d357310c79 #OffSeq #security #jupyterlab", "creation_timestamp": "2026-07-09T03:00:31.123766Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c6bafa97-033b-468a-a3fa-0d822a286eb6/export"/>
    <published>2026-07-09T03:00:31.123766+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4d4e0cce-0bee-4189-b8f1-a5cc594250e4/export</id>
    <title>4d4e0cce-0bee-4189-b8f1-a5cc594250e4</title>
    <updated>2026-07-09T03:03:48.859280+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4d4e0cce-0bee-4189-b8f1-a5cc594250e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54527", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116887783224020082", "content": "CVE-2026-54527: CRITICAL XSS in jupyterlab-git (&amp;lt;0.54.0). Malicious Git filenames can execute JavaScript when viewed in the Git History tab \u2014 risking session hijack &amp;amp; data theft. Upgrade to 0.54.0+ ASAP. https://radar.offseq.com/threat/cve-2026-54527-cwe-79-improper-neutralization-of-i-859af0d357310c79 #OffSeq #XSS #jupyterlab #security", "creation_timestamp": "2026-07-09T03:00:29.149648Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4d4e0cce-0bee-4189-b8f1-a5cc594250e4/export"/>
    <published>2026-07-09T03:00:29.149648+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/05544ba6-0d5b-41e9-8b27-2b32c0500380/export</id>
    <title>05544ba6-0d5b-41e9-8b27-2b32c0500380</title>
    <updated>2026-07-09T03:03:48.859415+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "05544ba6-0d5b-41e9-8b27-2b32c0500380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54527", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq64oaqtfb24", "content": "CVE-2026-54527 - jupyterlab-git\nThe JupyterLab Git extension allows attackers to create malicious file names that can execute code when viewed by others. This can lead to unauthorized access to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jupyterlabgit #jupyterlab #pip #CVE #infosec", "creation_timestamp": "2026-07-08T22:02:05.569243Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/05544ba6-0d5b-41e9-8b27-2b32c0500380/export"/>
    <published>2026-07-08T22:02:05.569243+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1ed82d99-4939-479c-ab10-74557af23a73/export</id>
    <title>1ed82d99-4939-479c-ab10-74557af23a73</title>
    <updated>2026-07-09T03:03:48.859520+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cve.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "1ed82d99-4939-479c-ab10-74557af23a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54527", "type": "published-proof-of-concept", "source": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-f962-v9hr-pfg5", "content": "", "creation_timestamp": "2026-06-18T07:12:58.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1ed82d99-4939-479c-ab10-74557af23a73/export"/>
    <published>2026-06-18T07:12:58+00:00</published>
  </entry>
</feed>
