<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 01 Jul 2026 02:26:29 +0000</lastBuildDate>
    <item>
      <title>29e18c94-e412-4489-8350-ce249def4b3d</title>
      <link>https://vulnerability.circl.lu/sighting/29e18c94-e412-4489-8350-ce249def4b3d/export</link>
      <description>{"uuid": "29e18c94-e412-4489-8350-ce249def4b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3movzfimayj25", "content": "\ud83d\udea8  ALERT: CVE-2026-10523\n\nCVSS 9.9/10\n\n\ud83d\udccb WHAT IT IS:\nAn Authentication Bypass vulnerability (CWE-288)\u00a0in Ivanti\u00a0Sentry before the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access\n\n\ud83c\udfaf WHO'S ", "creation_timestamp": "2026-06-22T23:17:00.920403Z"}</description>
      <content:encoded>{"uuid": "29e18c94-e412-4489-8350-ce249def4b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3movzfimayj25", "content": "\ud83d\udea8  ALERT: CVE-2026-10523\n\nCVSS 9.9/10\n\n\ud83d\udccb WHAT IT IS:\nAn Authentication Bypass vulnerability (CWE-288)\u00a0in Ivanti\u00a0Sentry before the\u00a0R10.5.2, R10.6.2 and R10.7.1\u00a0versions\u00a0allows\u00a0a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access\n\n\ud83c\udfaf WHO'S ", "creation_timestamp": "2026-06-22T23:17:00.920403Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/29e18c94-e412-4489-8350-ce249def4b3d/export</guid>
      <pubDate>Mon, 22 Jun 2026 23:17:00 +0000</pubDate>
    </item>
    <item>
      <title>5abbd62f-b46c-43ab-af29-ac0e749814cf</title>
      <link>https://vulnerability.circl.lu/sighting/5abbd62f-b46c-43ab-af29-ac0e749814cf/export</link>
      <description>{"uuid": "5abbd62f-b46c-43ab-af29-ac0e749814cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mold76bpv22p", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-18T17:13:12.755684Z"}</description>
      <content:encoded>{"uuid": "5abbd62f-b46c-43ab-af29-ac0e749814cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mold76bpv22p", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-18T17:13:12.755684Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5abbd62f-b46c-43ab-af29-ac0e749814cf/export</guid>
      <pubDate>Thu, 18 Jun 2026 17:13:12 +0000</pubDate>
    </item>
    <item>
      <title>fbf5aabd-f669-41cd-b85e-950e82af1c2f</title>
      <link>https://vulnerability.circl.lu/sighting/fbf5aabd-f669-41cd-b85e-950e82af1c2f/export</link>
      <description>{"uuid": "fbf5aabd-f669-41cd-b85e-950e82af1c2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3moanazs5422y", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-14T11:14:10.119226Z"}</description>
      <content:encoded>{"uuid": "fbf5aabd-f669-41cd-b85e-950e82af1c2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3moanazs5422y", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-14T11:14:10.119226Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fbf5aabd-f669-41cd-b85e-950e82af1c2f/export</guid>
      <pubDate>Sun, 14 Jun 2026 11:14:10 +0000</pubDate>
    </item>
    <item>
      <title>42c18e15-2f31-4706-960d-71f2780f01b8</title>
      <link>https://vulnerability.circl.lu/sighting/42c18e15-2f31-4706-960d-71f2780f01b8/export</link>
      <description>{"uuid": "42c18e15-2f31-4706-960d-71f2780f01b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mo733rilfs2s", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-13T20:16:54.894792Z"}</description>
      <content:encoded>{"uuid": "42c18e15-2f31-4706-960d-71f2780f01b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mo733rilfs2s", "content": "\ud83d\udee1\ufe0f Manual T\u00e9cnico de Mitigaci\u00f3n: Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry www.newstecnicas.com/2026/06/manu...", "creation_timestamp": "2026-06-13T20:16:54.894792Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/42c18e15-2f31-4706-960d-71f2780f01b8/export</guid>
      <pubDate>Sat, 13 Jun 2026 20:16:54 +0000</pubDate>
    </item>
    <item>
      <title>7b3b4711-0bd7-4481-9d23-54246eb4efb9</title>
      <link>https://vulnerability.circl.lu/sighting/7b3b4711-0bd7-4481-9d23-54246eb4efb9/export</link>
      <description>{"uuid": "7b3b4711-0bd7-4481-9d23-54246eb4efb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mo5njpbitq2w", "content": "Just when we thought we could have a quiet cup of tea, Ivanti drops CVE-2026-10520 and CVE-2026-10523 to remind us of our endless mortality. These stunning flaws allow unauthenticated freeloaders to gain root-level command execution or simply create administrative accounts to run...\n\nRead full story", "creation_timestamp": "2026-06-13T06:40:43.862878Z"}</description>
      <content:encoded>{"uuid": "7b3b4711-0bd7-4481-9d23-54246eb4efb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mo5njpbitq2w", "content": "Just when we thought we could have a quiet cup of tea, Ivanti drops CVE-2026-10520 and CVE-2026-10523 to remind us of our endless mortality. These stunning flaws allow unauthenticated freeloaders to gain root-level command execution or simply create administrative accounts to run...\n\nRead full story", "creation_timestamp": "2026-06-13T06:40:43.862878Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7b3b4711-0bd7-4481-9d23-54246eb4efb9/export</guid>
      <pubDate>Sat, 13 Jun 2026 06:40:43 +0000</pubDate>
    </item>
    <item>
      <title>01d32a42-a801-4808-92e9-9d16abc6f92c</title>
      <link>https://vulnerability.circl.lu/sighting/01d32a42-a801-4808-92e9-9d16abc6f92c/export</link>
      <description>{"uuid": "01d32a42-a801-4808-92e9-9d16abc6f92c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-root-level-remote-code-execution-and-authentication-bypass", "content": "", "creation_timestamp": "2026-06-12T06:56:22.000000Z"}</description>
      <content:encoded>{"uuid": "01d32a42-a801-4808-92e9-9d16abc6f92c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-root-level-remote-code-execution-and-authentication-bypass", "content": "", "creation_timestamp": "2026-06-12T06:56:22.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/01d32a42-a801-4808-92e9-9d16abc6f92c/export</guid>
      <pubDate>Fri, 12 Jun 2026 06:56:22 +0000</pubDate>
    </item>
    <item>
      <title>2d7b5918-4109-4787-afbc-d0a9282f7308</title>
      <link>https://vulnerability.circl.lu/sighting/2d7b5918-4109-4787-afbc-d0a9282f7308/export</link>
      <description>{"uuid": "2d7b5918-4109-4787-afbc-d0a9282f7308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mnz2pvprxk2h", "content": "Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)\n\nIvanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not kn\u2026\n#hackernews #news", "creation_timestamp": "2026-06-11T10:53:32.387132Z"}</description>
      <content:encoded>{"uuid": "2d7b5918-4109-4787-afbc-d0a9282f7308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mnz2pvprxk2h", "content": "Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)\n\nIvanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not kn\u2026\n#hackernews #news", "creation_timestamp": "2026-06-11T10:53:32.387132Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2d7b5918-4109-4787-afbc-d0a9282f7308/export</guid>
      <pubDate>Thu, 11 Jun 2026 10:53:32 +0000</pubDate>
    </item>
    <item>
      <title>4b14a140-fff4-4e64-9838-5ba1469eea49</title>
      <link>https://vulnerability.circl.lu/sighting/4b14a140-fff4-4e64-9838-5ba1469eea49/export</link>
      <description>{"uuid": "4b14a140-fff4-4e64-9838-5ba1469eea49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0180", "content": "Ivanti heeft twee kwetsbaarheden verholpen in Sentry. De kwetsbaarheid met kenmerk CVE-2026-10520, waarvan Ivanti een CVSS-score van 10 heeft toegekend, kan een ongeauthenticeerde kwaadwillende op afstand in staat stellen willekeurige code uitvoeren met root rechten. De kwetsbaarheid met kenmerk CVE-2026-10523, die Ivanti een CVSS score van 9.9, heeft gegeven, kan door een ongeauthenticeerde kwaadwillende op afstand worden misbruikt om administratieve accounts aan te maken.\n\nMisbruik van deze kwetsbaarheden is mogelijk, maar de randvoorwaarden die nodig zijn om deze kwetsbaarheden op afstand uit te buiten, vereisen dat een managementpoort aan het internet is ontsloten. Deze randvoorwaarden zijn niet aanwezig in standaardimplementaties van Ivanti Sentry.\n\nDe kwetsbaarheden hebben Ivanti bereikt via responsible disclosure. Momenteel vindt er, voor zover bekend, geen actief misbruik van deze kwetsbaarheden plaats en is er geen publieke PoC code beschikbaar. Het NCSC verwacht echter dat dit op korte termijn zal veranderen.", "creation_timestamp": "2026-06-11T09:11:03.000000Z"}</description>
      <content:encoded>{"uuid": "4b14a140-fff4-4e64-9838-5ba1469eea49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0180", "content": "Ivanti heeft twee kwetsbaarheden verholpen in Sentry. De kwetsbaarheid met kenmerk CVE-2026-10520, waarvan Ivanti een CVSS-score van 10 heeft toegekend, kan een ongeauthenticeerde kwaadwillende op afstand in staat stellen willekeurige code uitvoeren met root rechten. De kwetsbaarheid met kenmerk CVE-2026-10523, die Ivanti een CVSS score van 9.9, heeft gegeven, kan door een ongeauthenticeerde kwaadwillende op afstand worden misbruikt om administratieve accounts aan te maken.\n\nMisbruik van deze kwetsbaarheden is mogelijk, maar de randvoorwaarden die nodig zijn om deze kwetsbaarheden op afstand uit te buiten, vereisen dat een managementpoort aan het internet is ontsloten. Deze randvoorwaarden zijn niet aanwezig in standaardimplementaties van Ivanti Sentry.\n\nDe kwetsbaarheden hebben Ivanti bereikt via responsible disclosure. Momenteel vindt er, voor zover bekend, geen actief misbruik van deze kwetsbaarheden plaats en is er geen publieke PoC code beschikbaar. Het NCSC verwacht echter dat dit op korte termijn zal veranderen.", "creation_timestamp": "2026-06-11T09:11:03.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4b14a140-fff4-4e64-9838-5ba1469eea49/export</guid>
      <pubDate>Thu, 11 Jun 2026 09:11:03 +0000</pubDate>
    </item>
    <item>
      <title>d889366d-8138-4e9d-8625-2a2ba0a11668</title>
      <link>https://vulnerability.circl.lu/sighting/d889366d-8138-4e9d-8625-2a2ba0a11668/export</link>
      <description>{"uuid": "d889366d-8138-4e9d-8625-2a2ba0a11668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mnxkrgqk6z2r", "content": "On June 9, 2026, Ivanti disclosed two critical vulnerabilities in Ivanti Sentry: CVE-2026-10520 (OS command injection, CVSS 10.0) and CVE-2026-10523 (authentication bypass, CVSS 9.9). Both allow remote unauthenticated attackers to execute commands and gain administrative access.", "creation_timestamp": "2026-06-10T20:35:23.999811Z"}</description>
      <content:encoded>{"uuid": "d889366d-8138-4e9d-8625-2a2ba0a11668", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mnxkrgqk6z2r", "content": "On June 9, 2026, Ivanti disclosed two critical vulnerabilities in Ivanti Sentry: CVE-2026-10520 (OS command injection, CVSS 10.0) and CVE-2026-10523 (authentication bypass, CVSS 9.9). Both allow remote unauthenticated attackers to execute commands and gain administrative access.", "creation_timestamp": "2026-06-10T20:35:23.999811Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d889366d-8138-4e9d-8625-2a2ba0a11668/export</guid>
      <pubDate>Wed, 10 Jun 2026 20:35:23 +0000</pubDate>
    </item>
    <item>
      <title>1da1a54e-2043-41e6-923e-ce9481735b57</title>
      <link>https://vulnerability.circl.lu/sighting/1da1a54e-2043-41e6-923e-ce9481735b57/export</link>
      <description>{"uuid": "1da1a54e-2043-41e6-923e-ce9481735b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116726647250447781", "content": "The Hacker News: Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html @thehackernews \nPosted yesterday: \nIvanti: Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523\nOnapsis: SAP Security Notes: June 2026 Patch Day https://onapsis.com/blog/sap-security-patch-day-june-2026/ $infosec #Ivanti #vulnerability", "creation_timestamp": "2026-06-10T16:06:30.767481Z"}</description>
      <content:encoded>{"uuid": "1da1a54e-2043-41e6-923e-ce9481735b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10523", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116726647250447781", "content": "The Hacker News: Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html @thehackernews \nPosted yesterday: \nIvanti: Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523\nOnapsis: SAP Security Notes: June 2026 Patch Day https://onapsis.com/blog/sap-security-patch-day-june-2026/ $infosec #Ivanti #vulnerability", "creation_timestamp": "2026-06-10T16:06:30.767481Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1da1a54e-2043-41e6-923e-ce9481735b57/export</guid>
      <pubDate>Wed, 10 Jun 2026 16:06:30 +0000</pubDate>
    </item>
  </channel>
</rss>
