<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T22:25:37.799762+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/02873064-47e6-4536-a212-da4f28230610/export</id>
    <title>02873064-47e6-4536-a212-da4f28230610</title>
    <updated>2026-07-09T22:25:37.823100+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "02873064-47e6-4536-a212-da4f28230610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58473", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq44uubeqs23", "content": "CVE-2026-58473: topoteretes cognee (&amp;lt;1.2.0) has a CRITICAL vuln \u2014 unauth attackers can hijack LLM config &amp;amp; exfiltrate user data. No fix yet. Restrict settings endpoint &amp;amp; monitor for changes. https://radar.offseq.com/threat/cve-2026-58473-missing-authorization-in-topoterete-619eb25f0ae3e3eb #OffSe...", "creation_timestamp": "2026-07-08T03:00:29.251058Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/02873064-47e6-4536-a212-da4f28230610/export"/>
    <published>2026-07-08T03:00:29.251058+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b25d2659-e74a-43ef-a31c-4e19d53d5a37/export</id>
    <title>b25d2659-e74a-43ef-a31c-4e19d53d5a37</title>
    <updated>2026-07-09T22:25:37.826585+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b25d2659-e74a-43ef-a31c-4e19d53d5a37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-58473", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116882120754434831", "content": "topoteretes cognee (&amp;lt;1.2.0) is affected by CVE-2026-58473 (CRITICAL, CVSS 9.3): improper access control lets unauth attackers overwrite LLM provider config &amp;amp; exfiltrate sensitive data. Restrict endpoint, monitor configs. https://radar.offseq.com/threat/cve-2026-58473-missing-authorization-in-topoterete-619eb25f0ae3e3eb #OffSeq #CVE #Infosec", "creation_timestamp": "2026-07-08T03:00:26.556037Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b25d2659-e74a-43ef-a31c-4e19d53d5a37/export"/>
    <published>2026-07-08T03:00:26.556037+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/d55352ea-870d-4f5b-9570-84badaf35a70/export</id>
    <title>d55352ea-870d-4f5b-9570-84badaf35a70</title>
    <updated>2026-07-09T22:25:37.826959+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "d55352ea-870d-4f5b-9570-84badaf35a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58473", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rk2sdn42k", "content": "CVE-2026-58473 - Cognee\nCVE ID : CVE-2026-58473\n \n Published : July 7, 2026, 9:17 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider con...", "creation_timestamp": "2026-07-07T23:37:34.328100Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/d55352ea-870d-4f5b-9570-84badaf35a70/export"/>
    <published>2026-07-07T23:37:34.328100+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/f8650fa5-d1a4-46aa-ad84-4bb8dc92b72b/export</id>
    <title>f8650fa5-d1a4-46aa-ad84-4bb8dc92b72b</title>
    <updated>2026-07-09T22:25:37.827235+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "f8650fa5-d1a4-46aa-ad84-4bb8dc92b72b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58473", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq3lnftqre2z", "content": "CVE-2026-58473\nAn attacker can create an account and change the way Cognee uses its language model. This allows them to steal information from other users, such as their prompts, documents, and knowledge. To fix this, update\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-07T21:52:04.471387Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/f8650fa5-d1a4-46aa-ad84-4bb8dc92b72b/export"/>
    <published>2026-07-07T21:52:04.471387+00:00</published>
  </entry>
</feed>
