<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 12 Jul 2026 17:27:32 +0000</lastBuildDate>
    <item>
      <title>cda4d073-60c0-42a6-b711-b655d497ebc3</title>
      <link>https://vulnerability.circl.lu/sighting/cda4d073-60c0-42a6-b711-b655d497ebc3/export</link>
      <description>{"uuid": "cda4d073-60c0-42a6-b711-b655d497ebc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-61876", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqhbx44fvl2j", "content": "CRITICAL XSS in OpenWrt LuCI (CVE-2026-61876): Attackers on your network can inject scripts via DHCPv6 hostnames, targeting admin browsers. Restrict access &amp;amp; check advisories for patches. https://radar.offseq.com/threat/cve-2026-61876-improper-neutralization-of-input-du-90cbeb597700a4fd #OffSeq #...", "creation_timestamp": "2026-07-12T13:30:29.533687Z"}</description>
      <content:encoded>{"uuid": "cda4d073-60c0-42a6-b711-b655d497ebc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-61876", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqhbx44fvl2j", "content": "CRITICAL XSS in OpenWrt LuCI (CVE-2026-61876): Attackers on your network can inject scripts via DHCPv6 hostnames, targeting admin browsers. Restrict access &amp;amp; check advisories for patches. https://radar.offseq.com/threat/cve-2026-61876-improper-neutralization-of-input-du-90cbeb597700a4fd #OffSeq #...", "creation_timestamp": "2026-07-12T13:30:29.533687Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cda4d073-60c0-42a6-b711-b655d497ebc3/export</guid>
      <pubDate>Sun, 12 Jul 2026 13:30:29 +0000</pubDate>
    </item>
    <item>
      <title>d11300f6-18d7-442f-aed9-a2353209c517</title>
      <link>https://vulnerability.circl.lu/sighting/d11300f6-18d7-442f-aed9-a2353209c517/export</link>
      <description>{"uuid": "d11300f6-18d7-442f-aed9-a2353209c517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-61876", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116907247335811041", "content": "OpenWrt LuCI hit by CRITICAL XSS (CVE-2026-61876, CVSS 9.4): DHCPv6 hostnames not properly encoded, enabling adjacent attackers to inject scripts into admin browsers. Restrict interface access, monitor advisories. https://radar.offseq.com/threat/cve-2026-61876-improper-neutralization-of-input-du-90cbeb597700a4fd #OffSeq #OpenWrt #XSS #Infosec", "creation_timestamp": "2026-07-12T13:30:27.742420Z"}</description>
      <content:encoded>{"uuid": "d11300f6-18d7-442f-aed9-a2353209c517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-61876", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116907247335811041", "content": "OpenWrt LuCI hit by CRITICAL XSS (CVE-2026-61876, CVSS 9.4): DHCPv6 hostnames not properly encoded, enabling adjacent attackers to inject scripts into admin browsers. Restrict interface access, monitor advisories. https://radar.offseq.com/threat/cve-2026-61876-improper-neutralization-of-input-du-90cbeb597700a4fd #OffSeq #OpenWrt #XSS #Infosec", "creation_timestamp": "2026-07-12T13:30:27.742420Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d11300f6-18d7-442f-aed9-a2353209c517/export</guid>
      <pubDate>Sun, 12 Jul 2026 13:30:27 +0000</pubDate>
    </item>
    <item>
      <title>8d25d237-0ff3-489a-b9b8-47dc1a03555e</title>
      <link>https://vulnerability.circl.lu/sighting/8d25d237-0ff3-489a-b9b8-47dc1a03555e/export</link>
      <description>{"uuid": "8d25d237-0ff3-489a-b9b8-47dc1a03555e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqhawwrokk27", "content": "CVE-2026-61876 - LuCI DHCPv6 Lease Hostname Stored Cross-Site Scripting\nCVE ID : CVE-2026-61876\n \n Published : July 12, 2026, 12:16 p.m. | 16\u00a0minutes ago\n \n Description : LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing a...", "creation_timestamp": "2026-07-12T13:12:29.728444Z"}</description>
      <content:encoded>{"uuid": "8d25d237-0ff3-489a-b9b8-47dc1a03555e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqhawwrokk27", "content": "CVE-2026-61876 - LuCI DHCPv6 Lease Hostname Stored Cross-Site Scripting\nCVE ID : CVE-2026-61876\n \n Published : July 12, 2026, 12:16 p.m. | 16\u00a0minutes ago\n \n Description : LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing a...", "creation_timestamp": "2026-07-12T13:12:29.728444Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8d25d237-0ff3-489a-b9b8-47dc1a03555e/export</guid>
      <pubDate>Sun, 12 Jul 2026 13:12:29 +0000</pubDate>
    </item>
    <item>
      <title>98be33ec-09c0-4a6f-9010-04a83b77f3b1</title>
      <link>https://vulnerability.circl.lu/sighting/98be33ec-09c0-4a6f-9010-04a83b77f3b1/export</link>
      <description>{"uuid": "98be33ec-09c0-4a6f-9010-04a83b77f3b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqhabnqobz2k", "content": "\ud83d\udfe0 CVE-2026-61876 - High (8.8)\n\nLuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, a...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-61876/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-12T13:00:35.941323Z"}</description>
      <content:encoded>{"uuid": "98be33ec-09c0-4a6f-9010-04a83b77f3b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqhabnqobz2k", "content": "\ud83d\udfe0 CVE-2026-61876 - High (8.8)\n\nLuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, a...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-61876/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-12T13:00:35.941323Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/98be33ec-09c0-4a6f-9010-04a83b77f3b1/export</guid>
      <pubDate>Sun, 12 Jul 2026 13:00:35 +0000</pubDate>
    </item>
    <item>
      <title>a99c3f83-36bc-4f94-b201-803144bc5c1a</title>
      <link>https://vulnerability.circl.lu/sighting/a99c3f83-36bc-4f94-b201-803144bc5c1a/export</link>
      <description>{"uuid": "a99c3f83-36bc-4f94-b201-803144bc5c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hqwuyt2t", "content": "CVE-2026-61876 - luci\nAn attacker on the same network can inject malicious code into LuCI's DHCP lease pages, potentially allowing them to take control of an administrator's browser. This vulnerability affects\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#luci #openwrt #CVE #infosec", "creation_timestamp": "2026-07-12T12:46:06.467960Z"}</description>
      <content:encoded>{"uuid": "a99c3f83-36bc-4f94-b201-803144bc5c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hqwuyt2t", "content": "CVE-2026-61876 - luci\nAn attacker on the same network can inject malicious code into LuCI's DHCP lease pages, potentially allowing them to take control of an administrator's browser. This vulnerability affects\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#luci #openwrt #CVE #infosec", "creation_timestamp": "2026-07-12T12:46:06.467960Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a99c3f83-36bc-4f94-b201-803144bc5c1a/export</guid>
      <pubDate>Sun, 12 Jul 2026 12:46:06 +0000</pubDate>
    </item>
    <item>
      <title>b4854d25-53b9-4c58-9c14-714771099ef4</title>
      <link>https://vulnerability.circl.lu/sighting/b4854d25-53b9-4c58-9c14-714771099ef4/export</link>
      <description>{"uuid": "b4854d25-53b9-4c58-9c14-714771099ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6fkg4lk2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61876 \u0432 LuCI: \u0440\u0438\u0441\u043a\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/AEF34173-ABD7-41C1-A44D-39C2BD0AD815", "creation_timestamp": "2026-07-12T12:26:59.221298Z"}</description>
      <content:encoded>{"uuid": "b4854d25-53b9-4c58-9c14-714771099ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61876", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6fkg4lk2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61876 \u0432 LuCI: \u0440\u0438\u0441\u043a\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/AEF34173-ABD7-41C1-A44D-39C2BD0AD815", "creation_timestamp": "2026-07-12T12:26:59.221298Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b4854d25-53b9-4c58-9c14-714771099ef4/export</guid>
      <pubDate>Sun, 12 Jul 2026 12:26:59 +0000</pubDate>
    </item>
  </channel>
</rss>
