<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 07:22:51 +0000</lastBuildDate>
    <item>
      <title>681ddadb-de0b-42d7-9db1-873a3aa4888d</title>
      <link>https://vulnerability.circl.lu/sighting/681ddadb-de0b-42d7-9db1-873a3aa4888d/export</link>
      <description>{"uuid": "681ddadb-de0b-42d7-9db1-873a3aa4888d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-26T00:00:04.340396Z"}</description>
      <content:encoded>{"uuid": "681ddadb-de0b-42d7-9db1-873a3aa4888d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-26T00:00:04.340396Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/681ddadb-de0b-42d7-9db1-873a3aa4888d/export</guid>
      <pubDate>Fri, 26 Jun 2026 00:00:04 +0000</pubDate>
    </item>
    <item>
      <title>8f3ed49c-ee74-4a4e-8f91-fa6c30343ff2</title>
      <link>https://vulnerability.circl.lu/sighting/8f3ed49c-ee74-4a4e-8f91-fa6c30343ff2/export</link>
      <description>{"uuid": "8f3ed49c-ee74-4a4e-8f91-fa6c30343ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-25T00:00:03.765298Z"}</description>
      <content:encoded>{"uuid": "8f3ed49c-ee74-4a4e-8f91-fa6c30343ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-25T00:00:03.765298Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8f3ed49c-ee74-4a4e-8f91-fa6c30343ff2/export</guid>
      <pubDate>Thu, 25 Jun 2026 00:00:03 +0000</pubDate>
    </item>
    <item>
      <title>dba08076-a86b-415e-b0fc-9cae1978b6e6</title>
      <link>https://vulnerability.circl.lu/sighting/dba08076-a86b-415e-b0fc-9cae1978b6e6/export</link>
      <description>{"uuid": "dba08076-a86b-415e-b0fc-9cae1978b6e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-24T15:00:04.443903Z"}</description>
      <content:encoded>{"uuid": "dba08076-a86b-415e-b0fc-9cae1978b6e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-24T15:00:04.443903Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/dba08076-a86b-415e-b0fc-9cae1978b6e6/export</guid>
      <pubDate>Wed, 24 Jun 2026 15:00:04 +0000</pubDate>
    </item>
    <item>
      <title>3125be7c-4c21-414b-8753-ee442bf334a7</title>
      <link>https://vulnerability.circl.lu/sighting/3125be7c-4c21-414b-8753-ee442bf334a7/export</link>
      <description>{"uuid": "3125be7c-4c21-414b-8753-ee442bf334a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-21T15:34:04.000000Z"}</description>
      <content:encoded>{"uuid": "3125be7c-4c21-414b-8753-ee442bf334a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-34413.yaml", "content": "", "creation_timestamp": "2026-06-21T15:34:04.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3125be7c-4c21-414b-8753-ee442bf334a7/export</guid>
      <pubDate>Sun, 21 Jun 2026 15:34:04 +0000</pubDate>
    </item>
    <item>
      <title>0c0d9bcc-61b4-4a0e-b4b0-07b83fea5a16</title>
      <link>https://vulnerability.circl.lu/sighting/0c0d9bcc-61b4-4a0e-b4b0-07b83fea5a16/export</link>
      <description>{"uuid": "0c0d9bcc-61b4-4a0e-b4b0-07b83fea5a16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/xerte_unauthenticated_mediaupload.rb", "content": "{\"aliases\": [], \"arch\": \"php\", \"author\": [\"bootstrapbool \"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This module bypasses authentication failure, extension blacklist,\\n          and path traversal vulnerabilities in the /editor/elfinder/php/connector.php\\n          endpoint to upload and execute a shell in Xerte Online Toolkits\\n          versions 3.15 (commit 4e40f8030a2e3267267db7ce03e0ff57270be6f5 as\\n          there's no patch versions used) and earlier.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/xerte_unauthenticated_mediaupload\", \"is_install_path\": true, \"mod_time\": \"2026-06-13 16:01:29 +0000\", \"name\": \"Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload\", \"needs_cleanup\": true, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"artifacts-on-disk\", \"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/xerte_unauthenticated_mediaupload.rb\", \"platform\": \"Linux,PHP\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/xerte_unauthenticated_mediaupload\", \"references\": [\"CVE-2026-34413\", \"CVE-2026-34414\", \"CVE-2026-34415\", \"CVE-2026-41459\", \"URL-https://github.com/bootstrapbool/xerteonlinetoolkits-rce\"], \"rport\": 80, \"session_types\": false, \"targets\": [\"PHP\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-06-16T15:57:16.000000Z"}</description>
      <content:encoded>{"uuid": "0c0d9bcc-61b4-4a0e-b4b0-07b83fea5a16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/xerte_unauthenticated_mediaupload.rb", "content": "{\"aliases\": [], \"arch\": \"php\", \"author\": [\"bootstrapbool \"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This module bypasses authentication failure, extension blacklist,\\n          and path traversal vulnerabilities in the /editor/elfinder/php/connector.php\\n          endpoint to upload and execute a shell in Xerte Online Toolkits\\n          versions 3.15 (commit 4e40f8030a2e3267267db7ce03e0ff57270be6f5 as\\n          there's no patch versions used) and earlier.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/xerte_unauthenticated_mediaupload\", \"is_install_path\": true, \"mod_time\": \"2026-06-13 16:01:29 +0000\", \"name\": \"Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload\", \"needs_cleanup\": true, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"artifacts-on-disk\", \"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/xerte_unauthenticated_mediaupload.rb\", \"platform\": \"Linux,PHP\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/xerte_unauthenticated_mediaupload\", \"references\": [\"CVE-2026-34413\", \"CVE-2026-34414\", \"CVE-2026-34415\", \"CVE-2026-41459\", \"URL-https://github.com/bootstrapbool/xerteonlinetoolkits-rce\"], \"rport\": 80, \"session_types\": false, \"targets\": [\"PHP\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-06-16T15:57:16.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0c0d9bcc-61b4-4a0e-b4b0-07b83fea5a16/export</guid>
      <pubDate>Tue, 16 Jun 2026 15:57:16 +0000</pubDate>
    </item>
    <item>
      <title>97a93ee2-c300-4ed3-ae5d-d6c2a2183721</title>
      <link>https://vulnerability.circl.lu/sighting/97a93ee2-c300-4ed3-ae5d-d6c2a2183721/export</link>
      <description>{"uuid": "97a93ee2-c300-4ed3-ae5d-d6c2a2183721", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mk4hye5zil2k", "content": "", "creation_timestamp": "2026-04-22T21:48:07.145593Z"}</description>
      <content:encoded>{"uuid": "97a93ee2-c300-4ed3-ae5d-d6c2a2183721", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mk4hye5zil2k", "content": "", "creation_timestamp": "2026-04-22T21:48:07.145593Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/97a93ee2-c300-4ed3-ae5d-d6c2a2183721/export</guid>
      <pubDate>Wed, 22 Apr 2026 21:48:07 +0000</pubDate>
    </item>
    <item>
      <title>0b51e9d7-f005-4130-84c7-db946ed9a990</title>
      <link>https://vulnerability.circl.lu/sighting/0b51e9d7-f005-4130-84c7-db946ed9a990/export</link>
      <description>{"uuid": "0b51e9d7-f005-4130-84c7-db946ed9a990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "Telegram/cbjF4apLmtnn3LGsfm2VGkmWkt4o1cHj2IZCQ7x38CS5FMw", "content": "", "creation_timestamp": "2026-04-22T21:20:52.000000Z"}</description>
      <content:encoded>{"uuid": "0b51e9d7-f005-4130-84c7-db946ed9a990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "Telegram/cbjF4apLmtnn3LGsfm2VGkmWkt4o1cHj2IZCQ7x38CS5FMw", "content": "", "creation_timestamp": "2026-04-22T21:20:52.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0b51e9d7-f005-4130-84c7-db946ed9a990/export</guid>
      <pubDate>Wed, 22 Apr 2026 21:20:52 +0000</pubDate>
    </item>
    <item>
      <title>b2f184c8-d251-4057-9b8f-e9ecd4ec0317</title>
      <link>https://vulnerability.circl.lu/sighting/b2f184c8-d251-4057-9b8f-e9ecd4ec0317/export</link>
      <description>{"uuid": "b2f184c8-d251-4057-9b8f-e9ecd4ec0317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4c2qqza22k", "content": "", "creation_timestamp": "2026-04-22T20:02:05.101174Z"}</description>
      <content:encoded>{"uuid": "b2f184c8-d251-4057-9b8f-e9ecd4ec0317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34413", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4c2qqza22k", "content": "", "creation_timestamp": "2026-04-22T20:02:05.101174Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b2f184c8-d251-4057-9b8f-e9ecd4ec0317/export</guid>
      <pubDate>Wed, 22 Apr 2026 20:02:05 +0000</pubDate>
    </item>
  </channel>
</rss>
