<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 17 Jul 2026 06:25:10 +0000</lastBuildDate>
    <item>
      <title>6b27f752-c750-4a47-945c-5f9d2ac3001c</title>
      <link>https://vulnerability.circl.lu/sighting/6b27f752-c750-4a47-945c-5f9d2ac3001c/export</link>
      <description>{"uuid": "6b27f752-c750-4a47-945c-5f9d2ac3001c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12536", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqknu2mb5q2x", "content": "CVE-2026-12536 - Avada Builder\nCVE ID : CVE-2026-12536\n \n Published : July 13, 2026, 8:16 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Module Title\u2019 parameter in all version...", "creation_timestamp": "2026-07-13T21:41:30.907989Z"}</description>
      <content:encoded>{"uuid": "6b27f752-c750-4a47-945c-5f9d2ac3001c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12536", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqknu2mb5q2x", "content": "CVE-2026-12536 - Avada Builder\nCVE ID : CVE-2026-12536\n \n Published : July 13, 2026, 8:16 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Module Title\u2019 parameter in all version...", "creation_timestamp": "2026-07-13T21:41:30.907989Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6b27f752-c750-4a47-945c-5f9d2ac3001c/export</guid>
      <pubDate>Mon, 13 Jul 2026 21:41:30 +0000</pubDate>
    </item>
    <item>
      <title>24e60155-cd97-4e2e-b7e5-c75f9827a367</title>
      <link>https://vulnerability.circl.lu/sighting/24e60155-cd97-4e2e-b7e5-c75f9827a367/export</link>
      <description>{"uuid": "24e60155-cd97-4e2e-b7e5-c75f9827a367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12535", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqk7lekcft2w", "content": "CVE-2026-12535 - drupal/formatter_field\nAn attacker with permission to edit certain content in Drupal can inject malicious data into the Formatter Field. This can happen when the core\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#drupal #Packagisthttpspackagesdrupalorg8 #CVE #infosec", "creation_timestamp": "2026-07-13T17:26:06.745012Z"}</description>
      <content:encoded>{"uuid": "24e60155-cd97-4e2e-b7e5-c75f9827a367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12535", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqk7lekcft2w", "content": "CVE-2026-12535 - drupal/formatter_field\nAn attacker with permission to edit certain content in Drupal can inject malicious data into the Formatter Field. This can happen when the core\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#drupal #Packagisthttpspackagesdrupalorg8 #CVE #infosec", "creation_timestamp": "2026-07-13T17:26:06.745012Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/24e60155-cd97-4e2e-b7e5-c75f9827a367/export</guid>
      <pubDate>Mon, 13 Jul 2026 17:26:06 +0000</pubDate>
    </item>
    <item>
      <title>21eca65d-fc0d-45a7-a735-2486bbb15e73</title>
      <link>https://vulnerability.circl.lu/sighting/21eca65d-fc0d-45a7-a735-2486bbb15e73/export</link>
      <description>{"uuid": "21eca65d-fc0d-45a7-a735-2486bbb15e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpfd3vdhxd2f", "content": "Gemini CLI Vulnerability Hits Maximum CVSS 10\u00a0Score\n\nA critical Gemini CLI vulnerability (CVE-2026-12537) exposes developer workflows to maximum severity attacks. Google disclosed this CVSS 10 rating flaw recently. TL;DR A critical Gemini CLI vulnerability allows OS command injection in continuous\u2026", "creation_timestamp": "2026-06-29T01:20:33.393042Z"}</description>
      <content:encoded>{"uuid": "21eca65d-fc0d-45a7-a735-2486bbb15e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpfd3vdhxd2f", "content": "Gemini CLI Vulnerability Hits Maximum CVSS 10\u00a0Score\n\nA critical Gemini CLI vulnerability (CVE-2026-12537) exposes developer workflows to maximum severity attacks. Google disclosed this CVSS 10 rating flaw recently. TL;DR A critical Gemini CLI vulnerability allows OS command injection in continuous\u2026", "creation_timestamp": "2026-06-29T01:20:33.393042Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/21eca65d-fc0d-45a7-a735-2486bbb15e73/export</guid>
      <pubDate>Mon, 29 Jun 2026 01:20:33 +0000</pubDate>
    </item>
    <item>
      <title>67dfe455-f005-46ba-9973-b07f0763cfc1</title>
      <link>https://vulnerability.circl.lu/sighting/67dfe455-f005-46ba-9973-b07f0763cfc1/export</link>
      <description>{"uuid": "67dfe455-f005-46ba-9973-b07f0763cfc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2ie25yct2k", "content": "CVE-2026-12537 - Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows\nCVE ID : CVE-2026-12537\n \n Published : June 24, 2026, 1:37 p.m. | 3\u00a0hours, 33\u00a0minutes ago\n \n Description : Improper Neutralization used in an OS Command in the container launcher in Google Gem...", "creation_timestamp": "2026-06-24T17:55:17.558979Z"}</description>
      <content:encoded>{"uuid": "67dfe455-f005-46ba-9973-b07f0763cfc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2ie25yct2k", "content": "CVE-2026-12537 - Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows\nCVE ID : CVE-2026-12537\n \n Published : June 24, 2026, 1:37 p.m. | 3\u00a0hours, 33\u00a0minutes ago\n \n Description : Improper Neutralization used in an OS Command in the container launcher in Google Gem...", "creation_timestamp": "2026-06-24T17:55:17.558979Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/67dfe455-f005-46ba-9973-b07f0763cfc1/export</guid>
      <pubDate>Wed, 24 Jun 2026 17:55:17 +0000</pubDate>
    </item>
    <item>
      <title>2d28967e-e65a-4bee-9d5c-8e21aa29b37b</title>
      <link>https://vulnerability.circl.lu/sighting/2d28967e-e65a-4bee-9d5c-8e21aa29b37b/export</link>
      <description>{"uuid": "2d28967e-e65a-4bee-9d5c-8e21aa29b37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12530", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojicjxaln2z", "content": "CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()\nCVE ID : CVE-2026-12530\n \n Published : June 17, 2026, 9:05 p.m. | 2\u00a0hours, 25\u00a0minutes ago\n \n Description : Improper neutralization of argument delimiters in t...", "creation_timestamp": "2026-06-17T23:39:11.209189Z"}</description>
      <content:encoded>{"uuid": "2d28967e-e65a-4bee-9d5c-8e21aa29b37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12530", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojicjxaln2z", "content": "CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()\nCVE ID : CVE-2026-12530\n \n Published : June 17, 2026, 9:05 p.m. | 2\u00a0hours, 25\u00a0minutes ago\n \n Description : Improper neutralization of argument delimiters in t...", "creation_timestamp": "2026-06-17T23:39:11.209189Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2d28967e-e65a-4bee-9d5c-8e21aa29b37b/export</guid>
      <pubDate>Wed, 17 Jun 2026 23:39:11 +0000</pubDate>
    </item>
    <item>
      <title>14195179-89ae-4c85-9592-458bf646147c</title>
      <link>https://vulnerability.circl.lu/sighting/14195179-89ae-4c85-9592-458bf646147c/export</link>
      <description>{"uuid": "14195179-89ae-4c85-9592-458bf646147c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12530", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mojcrnyd3x2t", "content": "CRITICAL: AWS Bedrock AgentCore Python SDK (v1.1.3 \u2013 1.6.1) is vulnerable (CVE-2026-12530). Attackers can bypass package validation. Check your versions &amp;amp; update! https://radar.offseq.com/threat/cve-2026-12530-improper-neutralization-of-argument-917f42dfcc3cfd56 #OffSeq #AWSSecurity #Python", "creation_timestamp": "2026-06-17T22:00:17.050244Z"}</description>
      <content:encoded>{"uuid": "14195179-89ae-4c85-9592-458bf646147c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12530", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mojcrnyd3x2t", "content": "CRITICAL: AWS Bedrock AgentCore Python SDK (v1.1.3 \u2013 1.6.1) is vulnerable (CVE-2026-12530). Attackers can bypass package validation. Check your versions &amp;amp; update! https://radar.offseq.com/threat/cve-2026-12530-improper-neutralization-of-argument-917f42dfcc3cfd56 #OffSeq #AWSSecurity #Python", "creation_timestamp": "2026-06-17T22:00:17.050244Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/14195179-89ae-4c85-9592-458bf646147c/export</guid>
      <pubDate>Wed, 17 Jun 2026 22:00:17 +0000</pubDate>
    </item>
  </channel>
</rss>
