https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 23 Jun 2026 15:38:35 +0000 https://vulnerability.circl.lu/sighting/cc89c12f-7d91-4a43-9f42-52de5c2e0d44/export {"uuid": "cc89c12f-7d91-4a43-9f42-52de5c2e0d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mordczgryp2n", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 27 interactions\nCVE-2026-54420: 27 interactions\nCVE-2026-20262: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-9082: 12 interactions\nCVE-2026-11551: 5 interactions\nCVE-2026-4020: 4 interactions\n", "creation_timestamp": "2026-06-21T02:33:27.721018Z"} {"uuid": "cc89c12f-7d91-4a43-9f42-52de5c2e0d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mordczgryp2n", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 27 interactions\nCVE-2026-54420: 27 interactions\nCVE-2026-20262: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-9082: 12 interactions\nCVE-2026-11551: 5 interactions\nCVE-2026-4020: 4 interactions\n", "creation_timestamp": "2026-06-21T02:33:27.721018Z"} https://vulnerability.circl.lu/sighting/cc89c12f-7d91-4a43-9f42-52de5c2e0d44/export Sun, 21 Jun 2026 02:33:27 +0000 https://vulnerability.circl.lu/sighting/9db6d681-4c7c-4037-9c58-02ff4d209725/export {"uuid": "9db6d681-4c7c-4037-9c58-02ff4d209725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mos42sedb32w", "content": "\ud83e\udd16 CVE-2026-4020 (CVSS 5.3): Active exploitation of Gravity SMTP WordPress plugin (~100k sites). Unauthenticated attackers extract API keys, secrets & OAuth tokens. Patch available.\nhttps://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-21T09:54:04.612803Z"} {"uuid": "9db6d681-4c7c-4037-9c58-02ff4d209725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mos42sedb32w", "content": "\ud83e\udd16 CVE-2026-4020 (CVSS 5.3): Active exploitation of Gravity SMTP WordPress plugin (~100k sites). Unauthenticated attackers extract API keys, secrets & OAuth tokens. Patch available.\nhttps://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html", "creation_timestamp": "2026-06-21T09:54:04.612803Z"} https://vulnerability.circl.lu/sighting/9db6d681-4c7c-4037-9c58-02ff4d209725/export Sun, 21 Jun 2026 09:54:04 +0000 https://vulnerability.circl.lu/sighting/a9ca767b-da80-40c9-b173-d8cd8d494bb2/export {"uuid": "a9ca767b-da80-40c9-b173-d8cd8d494bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3moses5jsnc2h", "content": "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys\n\nThreat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), i\u2026\n#hackernews #news", "creation_timestamp": "2026-06-21T12:30:17.939459Z"} {"uuid": "a9ca767b-da80-40c9-b173-d8cd8d494bb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3moses5jsnc2h", "content": "Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys\n\nThreat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites.\n\nThe vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), i\u2026\n#hackernews #news", "creation_timestamp": "2026-06-21T12:30:17.939459Z"} https://vulnerability.circl.lu/sighting/a9ca767b-da80-40c9-b173-d8cd8d494bb2/export Sun, 21 Jun 2026 12:30:17 +0000 https://vulnerability.circl.lu/sighting/bcddf82f-f69a-4b8e-8980-d12d2005b01d/export {"uuid": "bcddf82f-f69a-4b8e-8980-d12d2005b01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/guardian360.bsky.social/post/3moui5bnqnw2c", "content": "The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens configured for the plugin's email", "creation_timestamp": "2026-06-22T08:35:31.869136Z"} {"uuid": "bcddf82f-f69a-4b8e-8980-d12d2005b01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/guardian360.bsky.social/post/3moui5bnqnw2c", "content": "The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens configured for the plugin's email", "creation_timestamp": "2026-06-22T08:35:31.869136Z"} https://vulnerability.circl.lu/sighting/bcddf82f-f69a-4b8e-8980-d12d2005b01d/export Mon, 22 Jun 2026 08:35:31 +0000 https://vulnerability.circl.lu/sighting/64c72cea-5657-43e9-9714-34f637c94743/export {"uuid": "64c72cea-5657-43e9-9714-34f637c94743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mouwwwtnvt2o", "content": "Attackers are exploiting CVE-2026-4020 in Gravity SMTP before 2.1.5 to pull system reports from WordPress sites, exposing server details, config data, API keys, tokens, and email credentials. #GravitySMTP #CVE2026-4020 #WordPress", "creation_timestamp": "2026-06-22T13:00:25.492116Z"} {"uuid": "64c72cea-5657-43e9-9714-34f637c94743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mouwwwtnvt2o", "content": "Attackers are exploiting CVE-2026-4020 in Gravity SMTP before 2.1.5 to pull system reports from WordPress sites, exposing server details, config data, API keys, tokens, and email credentials. #GravitySMTP #CVE2026-4020 #WordPress", "creation_timestamp": "2026-06-22T13:00:25.492116Z"} https://vulnerability.circl.lu/sighting/64c72cea-5657-43e9-9714-34f637c94743/export Mon, 22 Jun 2026 13:00:25 +0000 https://vulnerability.circl.lu/sighting/7ac62e65-1d20-41f2-be70-a10d0dfb6833/export {"uuid": "7ac62e65-1d20-41f2-be70-a10d0dfb6833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/kaldata.bsky.social/post/3movguhrua32o", "content": "\u0425\u0430\u043a\u0435\u0440\u0438 \u0430\u0442\u0430\u043a\u0443\u0432\u0430\u0442 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d WP \u043f\u043b\u044a\u0433\u0438\u043d \u0441 \u043d\u0430\u0434 100 000 \u0430\u043a\u0442\u0438\u0432\u043d\u0438\u00a0\u0438\u043d\u0441\u0442\u0430\u043b\u0430\u0446\u0438\u0438\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u0442\u0430 \u0437\u0430 \u043a\u0438\u0431\u0435\u0440\u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442 Defiant \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0432\u0430, \u0447\u0435 \u0445\u0430\u043a\u0435\u0440\u0438 \u0430\u0442\u0430\u043a\u0443\u0432\u0430\u0442 \u043c\u0430\u0441\u043e\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442 \u0432 WordPress \u043f\u043b\u044a\u0433\u0438\u043d. \u0421\u0442\u0430\u0432\u0430 \u0434\u0443\u043c\u0430 \u0437\u0430 Gravity SMTP, \u0440\u0430\u0437\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0441 \u043d\u0430\u0434 100 000 \u0430\u043a\u0442\u0438\u0432\u043d\u0438 \u0438\u043d\u0441\u0442\u0430\u043b\u0430\u0446\u0438\u0438. \u0415\u043a\u0441\u043f\u043b\u043e\u0430\u0442\u0438\u0440\u0430\u043d\u0435\u0442\u043e \u043d\u0430 CVE-2026-4020 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0430\u2026", "creation_timestamp": "2026-06-22T17:45:23.531029Z"} {"uuid": "7ac62e65-1d20-41f2-be70-a10d0dfb6833", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/kaldata.bsky.social/post/3movguhrua32o", "content": "\u0425\u0430\u043a\u0435\u0440\u0438 \u0430\u0442\u0430\u043a\u0443\u0432\u0430\u0442 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d WP \u043f\u043b\u044a\u0433\u0438\u043d \u0441 \u043d\u0430\u0434 100 000 \u0430\u043a\u0442\u0438\u0432\u043d\u0438\u00a0\u0438\u043d\u0441\u0442\u0430\u043b\u0430\u0446\u0438\u0438\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u0442\u0430 \u0437\u0430 \u043a\u0438\u0431\u0435\u0440\u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442 Defiant \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0432\u0430, \u0447\u0435 \u0445\u0430\u043a\u0435\u0440\u0438 \u0430\u0442\u0430\u043a\u0443\u0432\u0430\u0442 \u043c\u0430\u0441\u043e\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442 \u0432 WordPress \u043f\u043b\u044a\u0433\u0438\u043d. \u0421\u0442\u0430\u0432\u0430 \u0434\u0443\u043c\u0430 \u0437\u0430 Gravity SMTP, \u0440\u0430\u0437\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0441 \u043d\u0430\u0434 100 000 \u0430\u043a\u0442\u0438\u0432\u043d\u0438 \u0438\u043d\u0441\u0442\u0430\u043b\u0430\u0446\u0438\u0438. \u0415\u043a\u0441\u043f\u043b\u043e\u0430\u0442\u0438\u0440\u0430\u043d\u0435\u0442\u043e \u043d\u0430 CVE-2026-4020 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0432\u0430\u2026", "creation_timestamp": "2026-06-22T17:45:23.531029Z"} https://vulnerability.circl.lu/sighting/7ac62e65-1d20-41f2-be70-a10d0dfb6833/export Mon, 22 Jun 2026 17:45:23 +0000 https://vulnerability.circl.lu/sighting/8219d372-9073-4589-bb83-4cabf764016f/export {"uuid": "8219d372-9073-4589-bb83-4cabf764016f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mowe7iydwb2a", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 28 interactions\nCVE-2026-20262: 23 interactions\nCVE-2026-54420: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-4020: 5 interactions\nCVE-2026-6645: 5 interactions\nCVE-2025-66336: 4 interactions\n", "creation_timestamp": "2026-06-23T02:30:32.102967Z"} {"uuid": "8219d372-9073-4589-bb83-4cabf764016f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mowe7iydwb2a", "content": "Top 3 CVE for last 7 days:\nCVE-2026-50656: 28 interactions\nCVE-2026-20262: 23 interactions\nCVE-2026-54420: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-4020: 5 interactions\nCVE-2026-6645: 5 interactions\nCVE-2025-66336: 4 interactions\n", "creation_timestamp": "2026-06-23T02:30:32.102967Z"} https://vulnerability.circl.lu/sighting/8219d372-9073-4589-bb83-4cabf764016f/export Tue, 23 Jun 2026 02:30:32 +0000 https://vulnerability.circl.lu/sighting/c3c769e6-1969-44e2-a762-b0426426fda7/export {"uuid": "c3c769e6-1969-44e2-a762-b0426426fda7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mowlgicqoc2j", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u300cGravity SMTP\u300d\u306e\u8106\u5f31\u6027\u304c\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u306b\u60aa\u7528\u4e2d(CVE-2026-4020)\n\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews #cyberattack #incident", "creation_timestamp": "2026-06-23T04:39:45.738099Z"} {"uuid": "c3c769e6-1969-44e2-a762-b0426426fda7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mowlgicqoc2j", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3\u300cGravity SMTP\u300d\u306e\u8106\u5f31\u6027\u304c\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u306b\u60aa\u7528\u4e2d(CVE-2026-4020)\n\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews #cyberattack #incident", "creation_timestamp": "2026-06-23T04:39:45.738099Z"} https://vulnerability.circl.lu/sighting/c3c769e6-1969-44e2-a762-b0426426fda7/export Tue, 23 Jun 2026 04:39:45 +0000 https://vulnerability.circl.lu/sighting/e19d187d-efb9-4de1-b61f-49b3b68e8b9b/export {"uuid": "e19d187d-efb9-4de1-b61f-49b3b68e8b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mowouslqki2v", "content": "Gravity SMTP Vulnerability Exploited to Steal WordPress API\u00a0Keys\n\nSometimes a leak starts not with a hacked admin panel, but with an open service request. Attackers are using exactly that method against WordPress sites that run the Gravity SMTP plugin. The vulnerability, tracked as CVE-2026-4020,\u2026", "creation_timestamp": "2026-06-23T05:41:24.499481Z"} {"uuid": "e19d187d-efb9-4de1-b61f-49b3b68e8b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mowouslqki2v", "content": "Gravity SMTP Vulnerability Exploited to Steal WordPress API\u00a0Keys\n\nSometimes a leak starts not with a hacked admin panel, but with an open service request. Attackers are using exactly that method against WordPress sites that run the Gravity SMTP plugin. The vulnerability, tracked as CVE-2026-4020,\u2026", "creation_timestamp": "2026-06-23T05:41:24.499481Z"} https://vulnerability.circl.lu/sighting/e19d187d-efb9-4de1-b61f-49b3b68e8b9b/export Tue, 23 Jun 2026 05:41:24 +0000 https://vulnerability.circl.lu/sighting/468b7e66-23fb-43e2-b7fc-c402a5174ef1/export {"uuid": "468b7e66-23fb-43e2-b7fc-c402a5174ef1", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1d0f87f0-35b7-498e-8c08-7868fef52eff", "content": "", "creation_timestamp": "2026-06-23T14:02:56.123734Z"} {"uuid": "468b7e66-23fb-43e2-b7fc-c402a5174ef1", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4020", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1d0f87f0-35b7-498e-8c08-7868fef52eff", "content": "", "creation_timestamp": "2026-06-23T14:02:56.123734Z"} https://vulnerability.circl.lu/sighting/468b7e66-23fb-43e2-b7fc-c402a5174ef1/export Tue, 23 Jun 2026 14:02:56 +0000