<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 01 Jul 2026 07:14:11 +0000</lastBuildDate>
    <item>
      <title>a809ce38-07c9-40db-993b-68410dcc8c34</title>
      <link>https://vulnerability.circl.lu/sighting/a809ce38-07c9-40db-993b-68410dcc8c34/export</link>
      <description>{"uuid": "a809ce38-07c9-40db-993b-68410dcc8c34", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-24423", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9d46fb90-1d7c-4cb5-8731-ff8853bd4fb0", "content": "", "creation_timestamp": "2026-06-30T09:23:46.408392Z"}</description>
      <content:encoded>{"uuid": "a809ce38-07c9-40db-993b-68410dcc8c34", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-24423", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9d46fb90-1d7c-4cb5-8731-ff8853bd4fb0", "content": "", "creation_timestamp": "2026-06-30T09:23:46.408392Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a809ce38-07c9-40db-993b-68410dcc8c34/export</guid>
      <pubDate>Tue, 30 Jun 2026 09:23:46 +0000</pubDate>
    </item>
    <item>
      <title>c2b99967-ed8d-467b-918e-714f7138aeb0</title>
      <link>https://vulnerability.circl.lu/sighting/c2b99967-ed8d-467b-918e-714f7138aeb0/export</link>
      <description>{"uuid": "c2b99967-ed8d-467b-918e-714f7138aeb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://gist.github.com/alon710/b22b0dd984dd927be769bc999880e7f3", "content": "# CVE-2026-49205: CVE-2026-49205: Missing Authorization in phpMyFAQ Public REST API Write Endpoints\n\n&amp;gt; **CVSS Score:** 6.5\n&amp;gt; **Published:** 2026-06-23\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-49205\n\n## Summary\nAn incomplete security patch for CVE-2026-24421 in phpMyFAQ allows authenticated low-privileged users to bypass role-based access controls. While the initial patch addressed missing authorization in the BackupController, it left four critical write-enabled endpoints vulnerable. This allows remote attackers with a valid low-privilege API token to perform unauthorized data modifications, creating categories, creating FAQs, updating FAQs, and injecting questions directly into the database.\n\n## TL;DR\nAn incomplete fix for CVE-2026-24421 in phpMyFAQ leaves four REST API endpoints vulnerable to missing authorization, enabling low-privileged authenticated users to modify categories, FAQs, and system questions without the required role permissions.\n\n## Technical Details\n\n- **CWE ID**: CWE-862: Missing Authorization\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 6.5 (Medium)\n- **Exploit Maturity**: None / Unproven\n- **EPSS Score**: 0.0024\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- phpMyFAQ open-source FAQ web application\n- **phpMyFAQ**: &amp;lt; 4.1.4 (Fixed in: `4.1.4`)\n\n## Mitigation\n\n- Upgrade phpMyFAQ to version 4.1.4 or higher.\n- Implement a manual code-level patch to enforce role validation on all public REST API write endpoints.\n- Deploy WAF rules to restrict POST and PUT requests to public API controllers based on user roles.\n\n**Remediation Steps:**\n1. Download phpMyFAQ version 4.1.4 from the official repository.\n2. Apply database and application updates following the standard phpMyFAQ upgrade documentation.\n3. Validate API security policies by attempting a write request using a low-privileged API token.\n\n## References\n\n- [GitHub Security Advisory GHSA-8c6h-7g6x-m5x4](https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-8c6h-7g6x-m5x4)\n- [CVE-2026-49205 Record](https://www.cve.org/CVERecord?id=CVE-2026-49205)\n- [CWE-862 Reference](https://cwe.mitre.org/data/definitions/862.html)\n- [MITRE ATT&amp;amp;CK T1068 Reference](https://attack.mitre.org/techniques/T1068/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-49205) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-23T22:42:14.000000Z"}</description>
      <content:encoded>{"uuid": "c2b99967-ed8d-467b-918e-714f7138aeb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://gist.github.com/alon710/b22b0dd984dd927be769bc999880e7f3", "content": "# CVE-2026-49205: CVE-2026-49205: Missing Authorization in phpMyFAQ Public REST API Write Endpoints\n\n&amp;gt; **CVSS Score:** 6.5\n&amp;gt; **Published:** 2026-06-23\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-49205\n\n## Summary\nAn incomplete security patch for CVE-2026-24421 in phpMyFAQ allows authenticated low-privileged users to bypass role-based access controls. While the initial patch addressed missing authorization in the BackupController, it left four critical write-enabled endpoints vulnerable. This allows remote attackers with a valid low-privilege API token to perform unauthorized data modifications, creating categories, creating FAQs, updating FAQs, and injecting questions directly into the database.\n\n## TL;DR\nAn incomplete fix for CVE-2026-24421 in phpMyFAQ leaves four REST API endpoints vulnerable to missing authorization, enabling low-privileged authenticated users to modify categories, FAQs, and system questions without the required role permissions.\n\n## Technical Details\n\n- **CWE ID**: CWE-862: Missing Authorization\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 6.5 (Medium)\n- **Exploit Maturity**: None / Unproven\n- **EPSS Score**: 0.0024\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- phpMyFAQ open-source FAQ web application\n- **phpMyFAQ**: &amp;lt; 4.1.4 (Fixed in: `4.1.4`)\n\n## Mitigation\n\n- Upgrade phpMyFAQ to version 4.1.4 or higher.\n- Implement a manual code-level patch to enforce role validation on all public REST API write endpoints.\n- Deploy WAF rules to restrict POST and PUT requests to public API controllers based on user roles.\n\n**Remediation Steps:**\n1. Download phpMyFAQ version 4.1.4 from the official repository.\n2. Apply database and application updates following the standard phpMyFAQ upgrade documentation.\n3. Validate API security policies by attempting a write request using a low-privileged API token.\n\n## References\n\n- [GitHub Security Advisory GHSA-8c6h-7g6x-m5x4](https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-8c6h-7g6x-m5x4)\n- [CVE-2026-49205 Record](https://www.cve.org/CVERecord?id=CVE-2026-49205)\n- [CWE-862 Reference](https://cwe.mitre.org/data/definitions/862.html)\n- [MITRE ATT&amp;amp;CK T1068 Reference](https://attack.mitre.org/techniques/T1068/)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-49205) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-23T22:42:14.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c2b99967-ed8d-467b-918e-714f7138aeb0/export</guid>
      <pubDate>Tue, 23 Jun 2026 22:42:14 +0000</pubDate>
    </item>
    <item>
      <title>56063b1e-c3ef-4e91-825f-25c907607d45</title>
      <link>https://vulnerability.circl.lu/sighting/56063b1e-c3ef-4e91-825f-25c907607d45/export</link>
      <description>{"uuid": "56063b1e-c3ef-4e91-825f-25c907607d45", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24423", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/493f4fb6-5b30-40be-b61f-7d134221362d", "content": "", "creation_timestamp": "2026-06-23T14:03:44.120809Z"}</description>
      <content:encoded>{"uuid": "56063b1e-c3ef-4e91-825f-25c907607d45", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24423", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/493f4fb6-5b30-40be-b61f-7d134221362d", "content": "", "creation_timestamp": "2026-06-23T14:03:44.120809Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/56063b1e-c3ef-4e91-825f-25c907607d45/export</guid>
      <pubDate>Tue, 23 Jun 2026 14:03:44 +0000</pubDate>
    </item>
    <item>
      <title>0e597246-fb8f-4cc1-af4a-214d1535af3a</title>
      <link>https://vulnerability.circl.lu/sighting/0e597246-fb8f-4cc1-af4a-214d1535af3a/export</link>
      <description>{"uuid": "0e597246-fb8f-4cc1-af4a-214d1535af3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24425", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmp5sgbv2m", "content": "\ud83d\udea8  ALERT: CVE-2026-24425\n\nCVSS 8.8/10\n\n\ud83d\udccb WHAT IT IS:\nTwig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce fil", "creation_timestamp": "2026-06-22T00:24:27.136461Z"}</description>
      <content:encoded>{"uuid": "0e597246-fb8f-4cc1-af4a-214d1535af3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24425", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmp5sgbv2m", "content": "\ud83d\udea8  ALERT: CVE-2026-24425\n\nCVSS 8.8/10\n\n\ud83d\udccb WHAT IT IS:\nTwig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce fil", "creation_timestamp": "2026-06-22T00:24:27.136461Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0e597246-fb8f-4cc1-af4a-214d1535af3a/export</guid>
      <pubDate>Mon, 22 Jun 2026 00:24:27 +0000</pubDate>
    </item>
    <item>
      <title>923d3b0b-b831-4e42-944c-0ba8c68843a9</title>
      <link>https://vulnerability.circl.lu/sighting/923d3b0b-b831-4e42-944c-0ba8c68843a9/export</link>
      <description>{"uuid": "923d3b0b-b831-4e42-944c-0ba8c68843a9", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24423", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9ac1ab73-c6d2-4411-ae2f-0fb425710ffe", "content": "", "creation_timestamp": "2026-06-19T12:45:18.001416Z"}</description>
      <content:encoded>{"uuid": "923d3b0b-b831-4e42-944c-0ba8c68843a9", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24423", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9ac1ab73-c6d2-4411-ae2f-0fb425710ffe", "content": "", "creation_timestamp": "2026-06-19T12:45:18.001416Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/923d3b0b-b831-4e42-944c-0ba8c68843a9/export</guid>
      <pubDate>Fri, 19 Jun 2026 12:45:18 +0000</pubDate>
    </item>
    <item>
      <title>66d0490e-c218-4bd5-9d70-13a94e24b21b</title>
      <link>https://vulnerability.circl.lu/sighting/66d0490e-c218-4bd5-9d70-13a94e24b21b/export</link>
      <description>{"uuid": "66d0490e-c218-4bd5-9d70-13a94e24b21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3molwlpwmh22a", "content": "\ud83d\udea8 EUVD-2026-37954\n\ud83d\udcca 6.5/10\n\ud83c\udfe2 thorsten\n\n\ud83d\udcdd phpMyFAQ is an open source FAQ web application. Versions prior to  4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 address...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-37954\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-18T23:00:11.464972Z"}</description>
      <content:encoded>{"uuid": "66d0490e-c218-4bd5-9d70-13a94e24b21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3molwlpwmh22a", "content": "\ud83d\udea8 EUVD-2026-37954\n\ud83d\udcca 6.5/10\n\ud83c\udfe2 thorsten\n\n\ud83d\udcdd phpMyFAQ is an open source FAQ web application. Versions prior to  4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 address...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-37954\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-18T23:00:11.464972Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/66d0490e-c218-4bd5-9d70-13a94e24b21b/export</guid>
      <pubDate>Thu, 18 Jun 2026 23:00:11 +0000</pubDate>
    </item>
    <item>
      <title>2cd1a42a-4b3a-4f6e-9b01-b6786d70b26e</title>
      <link>https://vulnerability.circl.lu/sighting/2cd1a42a-4b3a-4f6e-9b01-b6786d70b26e/export</link>
      <description>{"uuid": "2cd1a42a-4b3a-4f6e-9b01-b6786d70b26e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24425", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnbkrxiwwe2o", "content": "\ud83d\udccc CVE-2026-24425 - Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with tem... https://www.cyberhub.blog/cves/CVE-2026-24425", "creation_timestamp": "2026-06-02T02:37:07.582127Z"}</description>
      <content:encoded>{"uuid": "2cd1a42a-4b3a-4f6e-9b01-b6786d70b26e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24425", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnbkrxiwwe2o", "content": "\ud83d\udccc CVE-2026-24425 - Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with tem... https://www.cyberhub.blog/cves/CVE-2026-24425", "creation_timestamp": "2026-06-02T02:37:07.582127Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2cd1a42a-4b3a-4f6e-9b01-b6786d70b26e/export</guid>
      <pubDate>Tue, 02 Jun 2026 02:37:07 +0000</pubDate>
    </item>
    <item>
      <title>a1b60a35-d601-40c9-9738-73639107d8f7</title>
      <link>https://vulnerability.circl.lu/sighting/a1b60a35-d601-40c9-9738-73639107d8f7/export</link>
      <description>{"uuid": "a1b60a35-d601-40c9-9738-73639107d8f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24425", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmcawp4kev2t", "content": "CVE-2026-24425 - Twig 2.16.x &amp;amp; 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface\nCVE ID : CVE-2026-24425\n \n Published : May 20, 2026, 1:45 p.m. | 30\u00a0minutes ago\n \n Description : Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using...", "creation_timestamp": "2026-05-20T15:48:16.818958Z"}</description>
      <content:encoded>{"uuid": "a1b60a35-d601-40c9-9738-73639107d8f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24425", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmcawp4kev2t", "content": "CVE-2026-24425 - Twig 2.16.x &amp;amp; 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface\nCVE ID : CVE-2026-24425\n \n Published : May 20, 2026, 1:45 p.m. | 30\u00a0minutes ago\n \n Description : Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using...", "creation_timestamp": "2026-05-20T15:48:16.818958Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a1b60a35-d601-40c9-9738-73639107d8f7/export</guid>
      <pubDate>Wed, 20 May 2026 15:48:16 +0000</pubDate>
    </item>
    <item>
      <title>bac19b66-2767-447f-9296-662f06bde1ad</title>
      <link>https://vulnerability.circl.lu/sighting/bac19b66-2767-447f-9296-662f06bde1ad/export</link>
      <description>{"uuid": "bac19b66-2767-447f-9296-662f06bde1ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-24425", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbp6dmkls26", "content": "\ud83d\udd10 CVE-2026-24425: Possible sandbox bypass when using a source policy\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-24425-possible-sandbox-bypass-when-using-a-source-policy", "creation_timestamp": "2026-05-20T10:30:25.630460Z"}</description>
      <content:encoded>{"uuid": "bac19b66-2767-447f-9296-662f06bde1ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-24425", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbp6dmkls26", "content": "\ud83d\udd10 CVE-2026-24425: Possible sandbox bypass when using a source policy\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-24425-possible-sandbox-bypass-when-using-a-source-policy", "creation_timestamp": "2026-05-20T10:30:25.630460Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bac19b66-2767-447f-9296-662f06bde1ad/export</guid>
      <pubDate>Wed, 20 May 2026 10:30:25 +0000</pubDate>
    </item>
    <item>
      <title>ff2b9bf9-af6b-45e1-ad79-ccd87cbee448</title>
      <link>https://vulnerability.circl.lu/sighting/ff2b9bf9-af6b-45e1-ad79-ccd87cbee448/export</link>
      <description>{"uuid": "ff2b9bf9-af6b-45e1-ad79-ccd87cbee448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3mkmvgdbvrs27", "content": "\ud83d\udea8 New Exploit: phpMyFAQ  4.0.16 - Improper Authorization\n\ud83d\udccb CVE: CVE-2026-24421\n\ud83d\udc64 Author: contact\n\n\ud83d\udd17 https://www.exploit-db.com/exploits/52523\n\n#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24421", "creation_timestamp": "2026-04-29T10:31:09.819568Z"}</description>
      <content:encoded>{"uuid": "ff2b9bf9-af6b-45e1-ad79-ccd87cbee448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24421", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3mkmvgdbvrs27", "content": "\ud83d\udea8 New Exploit: phpMyFAQ  4.0.16 - Improper Authorization\n\ud83d\udccb CVE: CVE-2026-24421\n\ud83d\udc64 Author: contact\n\n\ud83d\udd17 https://www.exploit-db.com/exploits/52523\n\n#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24421", "creation_timestamp": "2026-04-29T10:31:09.819568Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ff2b9bf9-af6b-45e1-ad79-ccd87cbee448/export</guid>
      <pubDate>Wed, 29 Apr 2026 10:31:09 +0000</pubDate>
    </item>
  </channel>
</rss>
