<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 08 Jul 2026 21:15:50 +0000</lastBuildDate>
    <item>
      <title>6cc70ec7-f1f2-4869-84e5-03afa542e848</title>
      <link>https://vulnerability.circl.lu/sighting/6cc70ec7-f1f2-4869-84e5-03afa542e848/export</link>
      <description>{"uuid": "6cc70ec7-f1f2-4869-84e5-03afa542e848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpzrgv5c4723", "content": "CRITICAL: coollabsio coolify (=4.0.0-beta.464) has an auth bypass (CVE-2026-34037) allowing cross-tenant resource cloning. Upgrade to 4.0.0-beta.464 ASAP. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vulnerability #coolify", "creation_timestamp": "2026-07-07T04:30:29.501406Z"}</description>
      <content:encoded>{"uuid": "6cc70ec7-f1f2-4869-84e5-03afa542e848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpzrgv5c4723", "content": "CRITICAL: coollabsio coolify (=4.0.0-beta.464) has an auth bypass (CVE-2026-34037) allowing cross-tenant resource cloning. Upgrade to 4.0.0-beta.464 ASAP. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vulnerability #coolify", "creation_timestamp": "2026-07-07T04:30:29.501406Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6cc70ec7-f1f2-4869-84e5-03afa542e848/export</guid>
      <pubDate>Tue, 07 Jul 2026 04:30:29 +0000</pubDate>
    </item>
    <item>
      <title>2b790be1-ad43-4935-9dbe-371dcaef9916</title>
      <link>https://vulnerability.circl.lu/sighting/2b790be1-ad43-4935-9dbe-371dcaef9916/export</link>
      <description>{"uuid": "2b790be1-ad43-4935-9dbe-371dcaef9916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116876812363283069", "content": "CVE-2026-34037: CRITICAL auth bypass in coollabsio coolify (=4.0.0-beta.464). Privileged users can clone resources into other teams, risking cross-tenant data exposure. Fix: upgrade to 4.0.0-beta.464. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vuln #coolify #Infosec", "creation_timestamp": "2026-07-07T04:30:26.920257Z"}</description>
      <content:encoded>{"uuid": "2b790be1-ad43-4935-9dbe-371dcaef9916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34037", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116876812363283069", "content": "CVE-2026-34037: CRITICAL auth bypass in coollabsio coolify (=4.0.0-beta.464). Privileged users can clone resources into other teams, risking cross-tenant data exposure. Fix: upgrade to 4.0.0-beta.464. https://radar.offseq.com/threat/cve-2026-34037-cwe-639-authorization-bypass-throug-4bc62cd3de2ba764 #OffSeq #Vuln #coolify #Infosec", "creation_timestamp": "2026-07-07T04:30:26.920257Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2b790be1-ad43-4935-9dbe-371dcaef9916/export</guid>
      <pubDate>Tue, 07 Jul 2026 04:30:26 +0000</pubDate>
    </item>
    <item>
      <title>d1bdd787-050d-466b-afa4-dfa6dbc99ef1</title>
      <link>https://vulnerability.circl.lu/sighting/d1bdd787-050d-466b-afa4-dfa6dbc99ef1/export</link>
      <description>{"uuid": "d1bdd787-050d-466b-afa4-dfa6dbc99ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzqxmsj2d2u", "content": "CVE-2026-34037 - Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()\nCVE ID : CVE-2026-34037\n \n Published : July 7, 2026, 3:21 a.m. | 26\u00a0minutes ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers, application...", "creation_timestamp": "2026-07-07T04:21:56.340324Z"}</description>
      <content:encoded>{"uuid": "d1bdd787-050d-466b-afa4-dfa6dbc99ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzqxmsj2d2u", "content": "CVE-2026-34037 - Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()\nCVE ID : CVE-2026-34037\n \n Published : July 7, 2026, 3:21 a.m. | 26\u00a0minutes ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers, application...", "creation_timestamp": "2026-07-07T04:21:56.340324Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d1bdd787-050d-466b-afa4-dfa6dbc99ef1/export</guid>
      <pubDate>Tue, 07 Jul 2026 04:21:56 +0000</pubDate>
    </item>
    <item>
      <title>e29d6eba-658f-4a52-b6d7-84848433db07</title>
      <link>https://vulnerability.circl.lu/sighting/e29d6eba-658f-4a52-b6d7-84848433db07/export</link>
      <description>{"uuid": "e29d6eba-658f-4a52-b6d7-84848433db07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpzpxpr5wr2h", "content": "CVE-2026-34037 - coolify\nA previous version of Coolify allowed authorized users to copy resources into accounts they shouldn't have access to. This means they could potentially access or modify sensitive\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#coolify #coollabsio #CVE #infosec", "creation_timestamp": "2026-07-07T04:04:05.789820Z"}</description>
      <content:encoded>{"uuid": "e29d6eba-658f-4a52-b6d7-84848433db07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34037", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpzpxpr5wr2h", "content": "CVE-2026-34037 - coolify\nA previous version of Coolify allowed authorized users to copy resources into accounts they shouldn't have access to. This means they could potentially access or modify sensitive\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#coolify #coollabsio #CVE #infosec", "creation_timestamp": "2026-07-07T04:04:05.789820Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e29d6eba-658f-4a52-b6d7-84848433db07/export</guid>
      <pubDate>Tue, 07 Jul 2026 04:04:05 +0000</pubDate>
    </item>
  </channel>
</rss>
