<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 15 Jul 2026 19:02:16 +0000</lastBuildDate>
    <item>
      <title>20942a68-8204-4966-becc-da6028e8f1aa</title>
      <link>https://vulnerability.circl.lu/sighting/20942a68-8204-4966-becc-da6028e8f1aa/export</link>
      <description>{"uuid": "20942a68-8204-4966-becc-da6028e8f1aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://mastodon.social/users/hugovalters/statuses/116923900456799491", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:35.487574Z"}</description>
      <content:encoded>{"uuid": "20942a68-8204-4966-becc-da6028e8f1aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://mastodon.social/users/hugovalters/statuses/116923900456799491", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:35.487574Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/20942a68-8204-4966-becc-da6028e8f1aa/export</guid>
      <pubDate>Wed, 15 Jul 2026 12:05:35 +0000</pubDate>
    </item>
    <item>
      <title>0eb7f805-a6ad-4e05-a90e-01016b40ba68</title>
      <link>https://vulnerability.circl.lu/sighting/0eb7f805-a6ad-4e05-a90e-01016b40ba68/export</link>
      <description>{"uuid": "0eb7f805-a6ad-4e05-a90e-01016b40ba68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqoolhshzv2b", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:15.651929Z"}</description>
      <content:encoded>{"uuid": "0eb7f805-a6ad-4e05-a90e-01016b40ba68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mqoolhshzv2b", "content": "CVE-2026-53486 - Critical path traversal in @xhmikosr/decompress for Node.js. CVSS 9.1. Crafted archives can read/write files outside target dir via symlinks and setuid bits. Update to 10.2.1 or 11.1.3 immediately. #CVE #NodeJS #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-53486/", "creation_timestamp": "2026-07-15T12:05:15.651929Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0eb7f805-a6ad-4e05-a90e-01016b40ba68/export</guid>
      <pubDate>Wed, 15 Jul 2026 12:05:15 +0000</pubDate>
    </item>
    <item>
      <title>9e574747-4de1-4ed4-9724-aca3f4d41e14</title>
      <link>https://vulnerability.circl.lu/sighting/9e574747-4de1-4ed4-9724-aca3f4d41e14/export</link>
      <description>{"uuid": "9e574747-4de1-4ed4-9724-aca3f4d41e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnecrumf62l", "content": "CVE-2026-53486 - decompress: Archive extraction can create files and links outside the target directory\nCVE ID : CVE-2026-53486\n \n Published : July 14, 2026, 9:17 p.m. | 35\u00a0minutes ago\n \n Description : The decompress package for Node.js extracts archives. Prior to 10.2.1 and 1...", "creation_timestamp": "2026-07-14T23:28:46.763333Z"}</description>
      <content:encoded>{"uuid": "9e574747-4de1-4ed4-9724-aca3f4d41e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnecrumf62l", "content": "CVE-2026-53486 - decompress: Archive extraction can create files and links outside the target directory\nCVE ID : CVE-2026-53486\n \n Published : July 14, 2026, 9:17 p.m. | 35\u00a0minutes ago\n \n Description : The decompress package for Node.js extracts archives. Prior to 10.2.1 and 1...", "creation_timestamp": "2026-07-14T23:28:46.763333Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9e574747-4de1-4ed4-9724-aca3f4d41e14/export</guid>
      <pubDate>Tue, 14 Jul 2026 23:28:46 +0000</pubDate>
    </item>
    <item>
      <title>931cc843-98ac-482e-ae73-743b6b5c83a0</title>
      <link>https://vulnerability.circl.lu/sighting/931cc843-98ac-482e-ae73-743b6b5c83a0/export</link>
      <description>{"uuid": "931cc843-98ac-482e-ae73-743b6b5c83a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mqhadhd3v72m", "content": "A decompress npm vulnerability (CVE-2026-53486, CVSS 9.1) lets crafted archives write files outside the target folder via path traversal. Patch now.\n\n#decompress #npm #CVE202653486 #PathTraversal #NodeJS #CyberSecurity", "creation_timestamp": "2026-07-12T13:01:36.192441Z"}</description>
      <content:encoded>{"uuid": "931cc843-98ac-482e-ae73-743b6b5c83a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mqhadhd3v72m", "content": "A decompress npm vulnerability (CVE-2026-53486, CVSS 9.1) lets crafted archives write files outside the target folder via path traversal. Patch now.\n\n#decompress #npm #CVE202653486 #PathTraversal #NodeJS #CyberSecurity", "creation_timestamp": "2026-07-12T13:01:36.192441Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/931cc843-98ac-482e-ae73-743b6b5c83a0/export</guid>
      <pubDate>Sun, 12 Jul 2026 13:01:36 +0000</pubDate>
    </item>
    <item>
      <title>3dac3510-5772-46fa-838a-ad2265a0655e</title>
      <link>https://vulnerability.circl.lu/sighting/3dac3510-5772-46fa-838a-ad2265a0655e/export</link>
      <description>{"uuid": "3dac3510-5772-46fa-838a-ad2265a0655e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpyzx5z4fr2x", "content": "CVE-2026-53486 - decompress\nA vulnerability in decompress allows malicious archives to create files and links outside of the intended directory. This can happen when extracting archives from\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#decompress #xhmikosr #npm #CVE #infosec", "creation_timestamp": "2026-07-06T21:30:04.769266Z"}</description>
      <content:encoded>{"uuid": "3dac3510-5772-46fa-838a-ad2265a0655e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53486", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpyzx5z4fr2x", "content": "CVE-2026-53486 - decompress\nA vulnerability in decompress allows malicious archives to create files and links outside of the intended directory. This can happen when extracting archives from\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#decompress #xhmikosr #npm #CVE #infosec", "creation_timestamp": "2026-07-06T21:30:04.769266Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3dac3510-5772-46fa-838a-ad2265a0655e/export</guid>
      <pubDate>Mon, 06 Jul 2026 21:30:04 +0000</pubDate>
    </item>
  </channel>
</rss>
