<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-15T22:21:23.886910+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5ba22fe6-b6cd-4086-9c43-b3ba53ae21c9/export</id>
    <title>5ba22fe6-b6cd-4086-9c43-b3ba53ae21c9</title>
    <updated>2026-07-15T22:21:23.905024+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5ba22fe6-b6cd-4086-9c43-b3ba53ae21c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-62327", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqkvmuflp22f", "content": "decolua 9Router \u22640.4.41 has a CRITICAL flaw: unauthenticated access to /api/usage/stats leaks all connected AI API keys &amp;amp; usage. Restrict endpoint or add authentication ASAP. https://radar.offseq.com/threat/cve-2026-62327-missing-authentication-for-critical-4c8f1eac7b8172c7 #OffSeq #CVE #APIsecurity", "creation_timestamp": "2026-07-14T00:00:40.472306Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5ba22fe6-b6cd-4086-9c43-b3ba53ae21c9/export"/>
    <published>2026-07-14T00:00:40.472306+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e391303e-6377-4dcc-a5c2-d2c751a5728b/export</id>
    <title>e391303e-6377-4dcc-a5c2-d2c751a5728b</title>
    <updated>2026-07-15T22:21:23.908801+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e391303e-6377-4dcc-a5c2-d2c751a5728b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-62327", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116915387588740902", "content": "CVE-2026-62327 (CRITICAL): decolua 9Router \u22640.4.41 exposes plaintext API keys &amp;amp; usage stats via unauthenticated /api/usage/stats. No patch yet \u2014 restrict access or add auth controls. Details: https://radar.offseq.com/threat/cve-2026-62327-missing-authentication-for-critical-4c8f1eac7b8172c7 #OffSeq #CVE #APIsecurity #Vuln", "creation_timestamp": "2026-07-14T00:00:38.703535Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e391303e-6377-4dcc-a5c2-d2c751a5728b/export"/>
    <published>2026-07-14T00:00:38.703535+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0a192d44-d4d6-47ef-ad68-09340a96cd09/export</id>
    <title>0a192d44-d4d6-47ef-ad68-09340a96cd09</title>
    <updated>2026-07-15T22:21:23.909001+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0a192d44-d4d6-47ef-ad68-09340a96cd09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-62327", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqkslpine22x", "content": "CVE-2026-62327 - 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats\nCVE ID : CVE-2026-62327\n \n Published : July 13, 2026, 9:37 p.m. | 14\u00a0minutes ago\n \n Description : 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerabil...", "creation_timestamp": "2026-07-13T23:06:19.801872Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0a192d44-d4d6-47ef-ad68-09340a96cd09/export"/>
    <published>2026-07-13T23:06:19.801872+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/82c37dbb-f8a2-4555-86f6-1529212d0a44/export</id>
    <title>82c37dbb-f8a2-4555-86f6-1529212d0a44</title>
    <updated>2026-07-15T22:21:23.909137+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "82c37dbb-f8a2-4555-86f6-1529212d0a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-62327", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkogyu3uw2v", "content": "CVE-2026-62327 - 9router\nThe 9Router software up to version 0.4.41 allows anyone to access sensitive API keys for connected AI services without needing a password. This is a serious issue because attackers\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#9router #decolua #CVE #infosec", "creation_timestamp": "2026-07-13T21:52:06.517905Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/82c37dbb-f8a2-4555-86f6-1529212d0a44/export"/>
    <published>2026-07-13T21:52:06.517905+00:00</published>
  </entry>
</feed>
