https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 20 Jun 2026 04:58:19 +0000 https://vulnerability.circl.lu/sighting/24ec3193-6341-428d-b6d8-9e2265d5db74/export {"uuid": "24ec3193-6341-428d-b6d8-9e2265d5db74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/bfOUhtYO5_knJKoj_if_OKxt7hZq78r0zHfwCUUuIAza2Gk", "content": "", "creation_timestamp": "2026-06-11T11:00:12.000000Z"} {"uuid": "24ec3193-6341-428d-b6d8-9e2265d5db74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/bfOUhtYO5_knJKoj_if_OKxt7hZq78r0zHfwCUUuIAza2Gk", "content": "", "creation_timestamp": "2026-06-11T11:00:12.000000Z"} https://vulnerability.circl.lu/sighting/24ec3193-6341-428d-b6d8-9e2265d5db74/export Thu, 11 Jun 2026 11:00:12 +0000 https://vulnerability.circl.lu/sighting/2adf6c81-f349-45fb-b13c-feca9696bd66/export {"uuid": "2adf6c81-f349-45fb-b13c-feca9696bd66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnz35knkmi2n", "content": "\ud83d\udfe0 CVE-2026-10795 - High (8.1)\n\nThe UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authenticatio...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10795/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T11:01:11.012062Z"} {"uuid": "2adf6c81-f349-45fb-b13c-feca9696bd66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnz35knkmi2n", "content": "\ud83d\udfe0 CVE-2026-10795 - High (8.1)\n\nThe UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authenticatio...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-10795/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-11T11:01:11.012062Z"} https://vulnerability.circl.lu/sighting/2adf6c81-f349-45fb-b13c-feca9696bd66/export Thu, 11 Jun 2026 11:01:11 +0000 https://vulnerability.circl.lu/sighting/55117bcf-e9f7-44bf-a545-202529fa8e68/export {"uuid": "55117bcf-e9f7-44bf-a545-202529fa8e68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnz6hbl2ed2n", "content": "UpdraftPlus backup plugin leaks everything: backups, configs, databases. Auth bypass in all versions through 1.26.4. CVE-2026-10795, CVSS 8.1. Update immediately. Scan your WordPress site: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-06-11T12:00:17.135208Z"} {"uuid": "55117bcf-e9f7-44bf-a545-202529fa8e68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/pulse-wp.com/post/3mnz6hbl2ed2n", "content": "UpdraftPlus backup plugin leaks everything: backups, configs, databases. Auth bypass in all versions through 1.26.4. CVE-2026-10795, CVSS 8.1. Update immediately. Scan your WordPress site: pulse-wp.com\n#WordPress #RCE #CyberSecurity", "creation_timestamp": "2026-06-11T12:00:17.135208Z"} https://vulnerability.circl.lu/sighting/55117bcf-e9f7-44bf-a545-202529fa8e68/export Thu, 11 Jun 2026 12:00:17 +0000 https://vulnerability.circl.lu/sighting/562497c5-b23e-42e6-9d20-5142a13e60f5/export {"uuid": "562497c5-b23e-42e6-9d20-5142a13e60f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/P4OAF6tyxAIVXey_izy-TP1JEXG6oDmgsdsL3rMnBYotsT0", "content": "", "creation_timestamp": "2026-06-11T15:00:06.000000Z"} {"uuid": "562497c5-b23e-42e6-9d20-5142a13e60f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/P4OAF6tyxAIVXey_izy-TP1JEXG6oDmgsdsL3rMnBYotsT0", "content": "", "creation_timestamp": "2026-06-11T15:00:06.000000Z"} https://vulnerability.circl.lu/sighting/562497c5-b23e-42e6-9d20-5142a13e60f5/export Thu, 11 Jun 2026 15:00:06 +0000 https://vulnerability.circl.lu/sighting/60e7898e-2f00-4570-adb2-faa74856cb70/export {"uuid": "60e7898e-2f00-4570-adb2-faa74856cb70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/qE6f29_aVOJA4ORgQTQStDqLz7TqoxzfPbinGVmKV8o4EU8", "content": "", "creation_timestamp": "2026-06-11T15:00:13.000000Z"} {"uuid": "60e7898e-2f00-4570-adb2-faa74856cb70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/qE6f29_aVOJA4ORgQTQStDqLz7TqoxzfPbinGVmKV8o4EU8", "content": "", "creation_timestamp": "2026-06-11T15:00:13.000000Z"} https://vulnerability.circl.lu/sighting/60e7898e-2f00-4570-adb2-faa74856cb70/export Thu, 11 Jun 2026 15:00:13 +0000 https://vulnerability.circl.lu/sighting/607d7208-5cfb-4699-8070-ec4becf366e9/export {"uuid": "607d7208-5cfb-4699-8070-ec4becf366e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/fCG7WKzSZ3J5MxWk4q33cwgoeWrsZeYEI50sN5k5RlUMOc4", "content": "", "creation_timestamp": "2026-06-11T23:00:06.000000Z"} {"uuid": "607d7208-5cfb-4699-8070-ec4becf366e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "published-proof-of-concept", "source": "Telegram/fCG7WKzSZ3J5MxWk4q33cwgoeWrsZeYEI50sN5k5RlUMOc4", "content": "", "creation_timestamp": "2026-06-11T23:00:06.000000Z"} https://vulnerability.circl.lu/sighting/607d7208-5cfb-4699-8070-ec4becf366e9/export Thu, 11 Jun 2026 23:00:06 +0000 https://vulnerability.circl.lu/sighting/b6fa068c-be91-40a4-8fa7-8bc997ee076f/export {"uuid": "b6fa068c-be91-40a4-8fa7-8bc997ee076f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mo2hl2aa5v26", "content": "CVE-2026-10795 updraftplus (CVSS Score 8.1) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept #updraftplus", "creation_timestamp": "2026-06-12T00:16:07.144002Z"} {"uuid": "b6fa068c-be91-40a4-8fa7-8bc997ee076f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mo2hl2aa5v26", "content": "CVE-2026-10795 updraftplus (CVSS Score 8.1) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept #updraftplus", "creation_timestamp": "2026-06-12T00:16:07.144002Z"} https://vulnerability.circl.lu/sighting/b6fa068c-be91-40a4-8fa7-8bc997ee076f/export Fri, 12 Jun 2026 00:16:07 +0000 https://vulnerability.circl.lu/sighting/5a8ed900-56b2-4c00-b336-c10686b72527/export {"uuid": "5a8ed900-56b2-4c00-b336-c10686b72527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3modadvsxiy2p", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-10795\n\n\u2022 CVE ID: CVE-2026-10795\n\u2022 CVSS Score: 8.1 (High)\n\u2022 Affected: Popular WordPress \n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-15T12:00:48.912357Z"} {"uuid": "5a8ed900-56b2-4c00-b336-c10686b72527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3modadvsxiy2p", "content": "\ud83d\udea8 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-10795\n\n\u2022 CVE ID: CVE-2026-10795\n\u2022 CVSS Score: 8.1 (High)\n\u2022 Affected: Popular WordPress \n\nhttps://securitycyber.uk", "creation_timestamp": "2026-06-15T12:00:48.912357Z"} https://vulnerability.circl.lu/sighting/5a8ed900-56b2-4c00-b336-c10686b72527/export Mon, 15 Jun 2026 12:00:48 +0000 https://vulnerability.circl.lu/sighting/e64d4daa-c4b5-43d9-b8a5-7e7a13bef673/export {"uuid": "e64d4daa-c4b5-43d9-b8a5-7e7a13bef673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://gist.github.com/gnanet/0b305a2d339361a4d762a8fe497845be", "content": "Having faced a mystery, where wordpress/woocommerce shops went nuts, i found out i was hit by the CVE-2026-10795\n\nIOC were:\n\n- Found an \"undeletable\" mu-plugin: `mu-plugins/turbo-watcher-x.php`\n- 2 plugins got lost: `w3-total-cache` and `woocommerce-german-market`\n- Found a new user admin_{HASH},or adm_{HASH} \n- any administrator who logged in, got automatically the same `session_tokens` additionally to it's own login\n\nSecondary IOC was inside `options` table\n\n```\nSELECT * FROM wp_options WHERE (LENGTH(option_name) = 12 AND option_name REGEXP '^[0-9a-f]+$') OR option_name like 'sc\\_%'\n```\n\nOne option_value was the key to above SQL conditions: `3.1.0|php.x-rehctaw-obrut`\n\nand an interesting option_key `sc_last_rpc` , with option_value `https://0xrpc.io/eth`\n\n\nI wanted to analyse the dropped PHP, tried lot online deobfuscators, but the biggest initial help was\n[reverse-php-malware](https://github.com/bediger4000/reverse-php-malware)\n\nIt helped me to undestand how the token collection was interpreted, how it choose values function names etc.\n\nI attached `dict-test.php` which contains an original string from the dropped-php in the comments, but running it is safe, because the re-write below the comments will only print out the obfuscated tokens/words/etc in cleartext.", "creation_timestamp": "2026-06-19T08:00:58.000000Z"} {"uuid": "e64d4daa-c4b5-43d9-b8a5-7e7a13bef673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "seen", "source": "https://gist.github.com/gnanet/0b305a2d339361a4d762a8fe497845be", "content": "Having faced a mystery, where wordpress/woocommerce shops went nuts, i found out i was hit by the CVE-2026-10795\n\nIOC were:\n\n- Found an \"undeletable\" mu-plugin: `mu-plugins/turbo-watcher-x.php`\n- 2 plugins got lost: `w3-total-cache` and `woocommerce-german-market`\n- Found a new user admin_{HASH},or adm_{HASH} \n- any administrator who logged in, got automatically the same `session_tokens` additionally to it's own login\n\nSecondary IOC was inside `options` table\n\n```\nSELECT * FROM wp_options WHERE (LENGTH(option_name) = 12 AND option_name REGEXP '^[0-9a-f]+$') OR option_name like 'sc\\_%'\n```\n\nOne option_value was the key to above SQL conditions: `3.1.0|php.x-rehctaw-obrut`\n\nand an interesting option_key `sc_last_rpc` , with option_value `https://0xrpc.io/eth`\n\n\nI wanted to analyse the dropped PHP, tried lot online deobfuscators, but the biggest initial help was\n[reverse-php-malware](https://github.com/bediger4000/reverse-php-malware)\n\nIt helped me to undestand how the token collection was interpreted, how it choose values function names etc.\n\nI attached `dict-test.php` which contains an original string from the dropped-php in the comments, but running it is safe, because the re-write below the comments will only print out the obfuscated tokens/words/etc in cleartext.", "creation_timestamp": "2026-06-19T08:00:58.000000Z"} https://vulnerability.circl.lu/sighting/e64d4daa-c4b5-43d9-b8a5-7e7a13bef673/export Fri, 19 Jun 2026 08:00:58 +0000 https://vulnerability.circl.lu/sighting/1760aece-cfa7-4269-bb27-6945bedac911/export {"uuid": "1760aece-cfa7-4269-bb27-6945bedac911", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/013f12c2-9644-4cbd-a79b-77116751fe2c", "content": "", "creation_timestamp": "2026-06-19T12:45:07.332041Z"} {"uuid": "1760aece-cfa7-4269-bb27-6945bedac911", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10795", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/013f12c2-9644-4cbd-a79b-77116751fe2c", "content": "", "creation_timestamp": "2026-06-19T12:45:07.332041Z"} https://vulnerability.circl.lu/sighting/1760aece-cfa7-4269-bb27-6945bedac911/export Fri, 19 Jun 2026 12:45:07 +0000