Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-29T15:55:48.351925+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/9b157fd2-5e23-4e5d-be26-62eebba12e13/export 9b157fd2-5e23-4e5d-be26-62eebba12e13 2026-06-29T15:55:48.369246+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "9b157fd2-5e23-4e5d-be26-62eebba12e13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56070", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7ikigsze2x", "content": "CVE-2026-56070 - WordPress Advance Product Search plugin\nCVE ID : CVE-2026-56070\n \n Published : June 26, 2026, 2:52 p.m. | 57\u00a0minutes ago\n \n Description : Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.\n \n Severity: 9.3 | CRITICAL\n \n Visit the lin...", "creation_timestamp": "2026-06-26T17:42:12.397585Z"} 2026-06-26T17:42:12.397585+00:00 https://vulnerability.circl.lu/sighting/72323327-b4a6-40b3-8535-ac2e173677f8/export 72323327-b4a6-40b3-8535-ac2e173677f8 2026-06-29T15:55:48.371068+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "72323327-b4a6-40b3-8535-ac2e173677f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motn57zsyx2v", "content": "\ud83d\udea8 ALERT: CVE-2026-56073\n\nCVSS 9.4/10\n\n\ud83d\udccb WHAT IT IS:\nCap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verification that allows attackers to bypass email verification by modifying server responses. Attackers can intercept OTP verification requests and manipulate HTTP resp", "creation_timestamp": "2026-06-22T00:32:19.300425Z"} 2026-06-22T00:32:19.300425+00:00 https://vulnerability.circl.lu/sighting/50e46777-b304-4f79-9e9b-3641a6407f28/export 50e46777-b304-4f79-9e9b-3641a6407f28 2026-06-29T15:55:48.371156+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "50e46777-b304-4f79-9e9b-3641a6407f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mopbujmpzo2r", "content": "Cap-go 12.128.2\u672a\u6e80\u306eOTP\u8a8d\u8a3c\u306b\u8106\u5f31\u6027\u3002\u653b\u6483\u8005\u306f\u30e1\u30fc\u30eb\u691c\u8a3c\u3092\u8fc2\u56de\u3057\u30012FA\u4e0d\u6b63\u6709\u52b9\u5316\u3084\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a\u304c\u53ef\u80fd\u3002\nCVE-2026-56073 CVSS 9.4 | CRITICAL", "creation_timestamp": "2026-06-20T06:59:57.193692Z"} 2026-06-20T06:59:57.193692+00:00 https://vulnerability.circl.lu/sighting/4c59b0fb-700f-4a87-a253-6d7153d54cba/export 4c59b0fb-700f-4a87-a253-6d7153d54cba 2026-06-29T15:55:48.371224+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "4c59b0fb-700f-4a87-a253-6d7153d54cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mop3ix2tpp2z", "content": "Daily IT Security Digest \u2014 2026-06-20\nCVE-2026-56073 (CRITICAL) allows OTP bypass through insufficient data authenticity checks, enabling attackers to activate two-factor authentication and take over accounts. EUVD-2026-38100 (8.7) and EUVD-2026-38099 (6.9) involve information disclosure via", "creation_timestamp": "2026-06-20T05:06:06.409474Z"} 2026-06-20T05:06:06.409474+00:00 https://vulnerability.circl.lu/sighting/bdb6f574-09db-4040-be0d-8efc1512d522/export bdb6f574-09db-4040-be0d-8efc1512d522 2026-06-29T15:55:48.371295+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "bdb6f574-09db-4040-be0d-8efc1512d522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56073", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moouic4kvn2u", "content": "Cap-go capgo (<12.128.2) hit by CRITICAL CVE-2026-56073: OTP auth bypass lets attackers enable 2FA & take over accounts. No patch \u2014 monitor vendor channels for updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Security", "creation_timestamp": "2026-06-20T03:00:28.714462Z"} 2026-06-20T03:00:28.714462+00:00 https://vulnerability.circl.lu/sighting/c2c38aa7-3412-46e3-9849-74827f058f5a/export c2c38aa7-3412-46e3-9849-74827f058f5a 2026-06-29T15:55:48.371366+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "c2c38aa7-3412-46e3-9849-74827f058f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56073", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116780199172553168", "content": "CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet \u2014 monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec", "creation_timestamp": "2026-06-20T03:00:27.713564Z"} 2026-06-20T03:00:27.713564+00:00 https://vulnerability.circl.lu/sighting/64e3fa8f-31ef-4b71-8bf6-325c4f08b3df/export 64e3fa8f-31ef-4b71-8bf6-325c4f08b3df 2026-06-29T15:55:48.371430+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "64e3fa8f-31ef-4b71-8bf6-325c4f08b3df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56073", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moohtqinc627", "content": "CVE-2026-56073 - Cap-go - OTP Bypass via Response Manipulation in Email Verification\nCVE ID : CVE-2026-56073\n \n Published : June 19, 2026, 9:39 p.m. | 1\u00a0hour, 30\u00a0minutes ago\n \n Description : Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP verifica...", "creation_timestamp": "2026-06-19T23:14:13.486897Z"} 2026-06-19T23:14:13.486897+00:00 https://vulnerability.circl.lu/sighting/c29b5af4-690f-44b5-adce-bc536e316050/export c29b5af4-690f-44b5-adce-bc536e316050 2026-06-29T15:55:48.371495+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "c29b5af4-690f-44b5-adce-bc536e316050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56076", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mom7at33nr2r", "content": "CVE-2026-56076 - PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint\nCVE ID : CVE-2026-56076\n \n Published : June 18, 2026, 10:12 p.m. | 1\u00a0hour, 19\u00a0minutes ago\n \n Description : PraisonAI before 1.5.128 contains a cros...", "creation_timestamp": "2026-06-19T01:35:09.365871Z"} 2026-06-19T01:35:09.365871+00:00 https://vulnerability.circl.lu/sighting/d11bec72-ff8a-409d-9d8a-ddde823fb9a4/export d11bec72-ff8a-409d-9d8a-ddde823fb9a4 2026-06-29T15:55:48.371565+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d11bec72-ff8a-409d-9d8a-ddde823fb9a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56078", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mom6w2ozwi2r", "content": "CVE-2026-56078 - PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor\nCVE ID : CVE-2026-56078\n \n Published : June 18, 2026, 10:12 p.m. | 1\u00a0hour, 19\u00a0minutes ago\n \n Description : PraisonAI before 1.5.115 contains a path traversal vulnerability in Mul...", "creation_timestamp": "2026-06-19T01:29:08.165676Z"} 2026-06-19T01:29:08.165676+00:00 https://vulnerability.circl.lu/sighting/5c041e01-2c8d-4179-aaa6-eef583e6c4da/export 5c041e01-2c8d-4179-aaa6-eef583e6c4da 2026-06-29T15:55:48.371637+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "5c041e01-2c8d-4179-aaa6-eef583e6c4da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56075", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mom6n4ahpm2z", "content": "CVE-2026-56075 - PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override\nCVE ID : CVE-2026-56075\n \n Published : June 18, 2026, 10:12 p.m. | 1\u00a0hour, 19\u00a0minutes ago\n \n Description : PraisonAI before 4.5.128 contains an arbitrary shell command execution...", "creation_timestamp": "2026-06-19T01:24:07.760018Z"} 2026-06-19T01:24:07.760018+00:00