<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-12T09:58:32.605887+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6a3b2385-38b4-48ed-9d9e-27f849c25ead/export</id>
    <title>6a3b2385-38b4-48ed-9d9e-27f849c25ead</title>
    <updated>2026-07-12T09:58:32.626920+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6a3b2385-38b4-48ed-9d9e-27f849c25ead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-60090", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqg6qjk4vg23", "content": "PraisonAI &amp;lt;4.6.78 has a CRITICAL SQL injection flaw (CVE-2026-60090, CVSS 9.3). Unauthenticated attackers can destroy data. Restrict access &amp;amp; update to 4.6.78+ when available. https://radar.offseq.com/threat/cve-2026-60090-improper-neutralization-of-special--a49ea84d7839ded1 #OffSeq #SQLInjection...", "creation_timestamp": "2026-07-12T03:00:27.599343Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6a3b2385-38b4-48ed-9d9e-27f849c25ead/export"/>
    <published>2026-07-12T03:00:27.599343+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/19237cba-adb7-4c1c-b064-0afbdc6b7230/export</id>
    <title>19237cba-adb7-4c1c-b064-0afbdc6b7230</title>
    <updated>2026-07-12T09:58:32.628884+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "19237cba-adb7-4c1c-b064-0afbdc6b7230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-60090", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116904769950802301", "content": "CVE-2026-60090: PraisonAI &amp;lt;4.6.78 suffers CRITICAL SQL injection (CVSS 9.3). Unauthenticated attackers can drop tables or run arbitrary SQL/CQL via create_collection(). Restrict access &amp;amp; upgrade ASAP. https://radar.offseq.com/threat/cve-2026-60090-improper-neutralization-of-special--a49ea84d7839ded1 #OffSeq #infosec #SQLInjection #vuln", "creation_timestamp": "2026-07-12T03:00:25.852885Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/19237cba-adb7-4c1c-b064-0afbdc6b7230/export"/>
    <published>2026-07-12T03:00:25.852885+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a28c658c-cd5a-4fd8-ae94-559fbde4520c/export</id>
    <title>a28c658c-cd5a-4fd8-ae94-559fbde4520c</title>
    <updated>2026-07-12T09:58:32.629022+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a28c658c-cd5a-4fd8-ae94-559fbde4520c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqezqflqeh26", "content": "CVE-2026-60090 - PraisonAI before 4.6.78 SQL/CQL Injection via vector dimension\nCVE ID : CVE-2026-60090\n \n Published : July 11, 2026, 2:16 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PG...", "creation_timestamp": "2026-07-11T15:58:31.571646Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a28c658c-cd5a-4fd8-ae94-559fbde4520c/export"/>
    <published>2026-07-11T15:58:31.571646+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2728f053-d0d0-4ad5-aab7-5368e46d9108/export</id>
    <title>2728f053-d0d0-4ad5-aab7-5368e46d9108</title>
    <updated>2026-07-12T09:58:32.629133+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2728f053-d0d0-4ad5-aab7-5368e46d9108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqewk2gtqw2b", "content": "\ud83d\udd34 CVE-2026-60090 - Critical (9.8)\n\nPraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVecto...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-60090/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-11T15:01:00.741383Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2728f053-d0d0-4ad5-aab7-5368e46d9108/export"/>
    <published>2026-07-11T15:01:00.741383+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0ce43faa-fbe6-4bc1-bd5a-4ca24c390efe/export</id>
    <title>0ce43faa-fbe6-4bc1-bd5a-4ca24c390efe</title>
    <updated>2026-07-12T09:58:32.629240+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0ce43faa-fbe6-4bc1-bd5a-4ca24c390efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqevnii7zw2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-60090 \u0432 PraisonAI: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/FA102B3A-9B07-43C0-BB30-1367FD7BE593", "creation_timestamp": "2026-07-11T14:45:02.856267Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0ce43faa-fbe6-4bc1-bd5a-4ca24c390efe/export"/>
    <published>2026-07-11T14:45:02.856267+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7abec77e-7af2-4dd5-bcba-0bbb03d8fc22/export</id>
    <title>7abec77e-7af2-4dd5-bcba-0bbb03d8fc22</title>
    <updated>2026-07-12T09:58:32.629354+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7abec77e-7af2-4dd5-bcba-0bbb03d8fc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqeulm7xao2h", "content": "CVE-2026-60090\nPraisonAI's knowledge-store in versions before 4.6.78 fails to check user input, allowing malicious users to inject SQL or Cassandra Query Language (CQL) code. This could potentially allow them to access or\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-11T14:26:05.567033Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7abec77e-7af2-4dd5-bcba-0bbb03d8fc22/export"/>
    <published>2026-07-11T14:26:05.567033+00:00</published>
  </entry>
</feed>
