<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Tue, 14 Jul 2026 21:59:16 +0000</lastBuildDate>
    <item>
      <title>45ae3bda-1017-41e9-8f1d-93efb5737d2b</title>
      <link>https://vulnerability.circl.lu/sighting/45ae3bda-1017-41e9-8f1d-93efb5737d2b/export</link>
      <description>{"uuid": "45ae3bda-1017-41e9-8f1d-93efb5737d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqlbpw4hwo2f", "content": "\ud83d\udccc CVE-2026-41041 - URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: from 1.0.0 before ... https://www.cyberhub.blog/cves/CVE-2026-41041", "creation_timestamp": "2026-07-14T03:37:07.030137Z"}</description>
      <content:encoded>{"uuid": "45ae3bda-1017-41e9-8f1d-93efb5737d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqlbpw4hwo2f", "content": "\ud83d\udccc CVE-2026-41041 - URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: from 1.0.0 before ... https://www.cyberhub.blog/cves/CVE-2026-41041", "creation_timestamp": "2026-07-14T03:37:07.030137Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/45ae3bda-1017-41e9-8f1d-93efb5737d2b/export</guid>
      <pubDate>Tue, 14 Jul 2026 03:37:07 +0000</pubDate>
    </item>
    <item>
      <title>fc86f251-0761-4a6c-85b8-3fd8d5161db2</title>
      <link>https://vulnerability.circl.lu/sighting/fc86f251-0761-4a6c-85b8-3fd8d5161db2/export</link>
      <description>{"uuid": "fc86f251-0761-4a6c-85b8-3fd8d5161db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkzdjoiir2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/645D99B0-7BBC-4833-BF58-A1849630DF4D", "creation_timestamp": "2026-07-14T01:07:01.254042Z"}</description>
      <content:encoded>{"uuid": "fc86f251-0761-4a6c-85b8-3fd8d5161db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkzdjoiir2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/645D99B0-7BBC-4833-BF58-A1849630DF4D", "creation_timestamp": "2026-07-14T01:07:01.254042Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fc86f251-0761-4a6c-85b8-3fd8d5161db2/export</guid>
      <pubDate>Tue, 14 Jul 2026 01:07:01 +0000</pubDate>
    </item>
    <item>
      <title>e35e002f-27e5-4a03-af0e-d5c74ddf2cf2</title>
      <link>https://vulnerability.circl.lu/sighting/e35e002f-27e5-4a03-af0e-d5c74ddf2cf2/export</link>
      <description>{"uuid": "e35e002f-27e5-4a03-af0e-d5c74ddf2cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkaefjajh24", "content": "CVE-2026-41041 - apache gravitino\nApache Gravitino's MCP REST client fails to properly encode user input in URLs, potentially allowing attackers to access sensitive data or API endpoints.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachegravitino #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-13T17:40:06.874702Z"}</description>
      <content:encoded>{"uuid": "e35e002f-27e5-4a03-af0e-d5c74ddf2cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkaefjajh24", "content": "CVE-2026-41041 - apache gravitino\nApache Gravitino's MCP REST client fails to properly encode user input in URLs, potentially allowing attackers to access sensitive data or API endpoints.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachegravitino #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-13T17:40:06.874702Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e35e002f-27e5-4a03-af0e-d5c74ddf2cf2/export</guid>
      <pubDate>Mon, 13 Jul 2026 17:40:06 +0000</pubDate>
    </item>
    <item>
      <title>8cddc32b-fae1-450c-bf7d-6a5dacc249f0</title>
      <link>https://vulnerability.circl.lu/sighting/8cddc32b-fae1-450c-bf7d-6a5dacc249f0/export</link>
      <description>{"uuid": "8cddc32b-fae1-450c-bf7d-6a5dacc249f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjvvulqhy2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/B1084611-D2B9-4763-9D66-2B1AF7A0D054", "creation_timestamp": "2026-07-13T14:33:01.834703Z"}</description>
      <content:encoded>{"uuid": "8cddc32b-fae1-450c-bf7d-6a5dacc249f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjvvulqhy2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41041 \u0432 Apache: \u0443\u0433\u0440\u043e\u0437\u0430 URL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b\n\n\n\nhttps://kripta.biz/posts/B1084611-D2B9-4763-9D66-2B1AF7A0D054", "creation_timestamp": "2026-07-13T14:33:01.834703Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8cddc32b-fae1-450c-bf7d-6a5dacc249f0/export</guid>
      <pubDate>Mon, 13 Jul 2026 14:33:01 +0000</pubDate>
    </item>
    <item>
      <title>b1858760-2f04-435b-b5aa-b83f1ad1aae8</title>
      <link>https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export</link>
      <description>{"uuid": "b1858760-2f04-435b-b5aa-b83f1ad1aae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mqito7op4j2u", "content": "CVE-2026-41041: Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.", "creation_timestamp": "2026-07-13T04:20:18.084410Z"}</description>
      <content:encoded>{"uuid": "b1858760-2f04-435b-b5aa-b83f1ad1aae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41041", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mqito7op4j2u", "content": "CVE-2026-41041: Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.", "creation_timestamp": "2026-07-13T04:20:18.084410Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b1858760-2f04-435b-b5aa-b83f1ad1aae8/export</guid>
      <pubDate>Mon, 13 Jul 2026 04:20:18 +0000</pubDate>
    </item>
    <item>
      <title>fb66ab41-8a3a-4093-824a-99b5801253f2</title>
      <link>https://vulnerability.circl.lu/sighting/fb66ab41-8a3a-4093-824a-99b5801253f2/export</link>
      <description>{"uuid": "fb66ab41-8a3a-4093-824a-99b5801253f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5jrsw37s22", "content": "CVE-2026-41042\nApache Gravitino, a Java-based tool, has a security issue when using H2 databases for testing. An attacker can execute malicious code on the server if they know the server is using H2. To fix this, update to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-08T16:24:04.328773Z"}</description>
      <content:encoded>{"uuid": "fb66ab41-8a3a-4093-824a-99b5801253f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5jrsw37s22", "content": "CVE-2026-41042\nApache Gravitino, a Java-based tool, has a security issue when using H2 databases for testing. An attacker can execute malicious code on the server if they know the server is using H2. To fix this, update to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-08T16:24:04.328773Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fb66ab41-8a3a-4093-824a-99b5801253f2/export</guid>
      <pubDate>Wed, 08 Jul 2026 16:24:04 +0000</pubDate>
    </item>
    <item>
      <title>aa03509f-f563-44cc-9c82-eb8735ba8695</title>
      <link>https://vulnerability.circl.lu/sighting/aa03509f-f563-44cc-9c82-eb8735ba8695/export</link>
      <description>{"uuid": "aa03509f-f563-44cc-9c82-eb8735ba8695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq5jlooecl2f", "content": "CVE-2026-41042: Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter", "creation_timestamp": "2026-07-08T16:20:38.680935Z"}</description>
      <content:encoded>{"uuid": "aa03509f-f563-44cc-9c82-eb8735ba8695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq5jlooecl2f", "content": "CVE-2026-41042: Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter", "creation_timestamp": "2026-07-08T16:20:38.680935Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/aa03509f-f563-44cc-9c82-eb8735ba8695/export</guid>
      <pubDate>Wed, 08 Jul 2026 16:20:38 +0000</pubDate>
    </item>
    <item>
      <title>cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80</title>
      <link>https://vulnerability.circl.lu/sighting/cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80/export</link>
      <description>{"uuid": "cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3movysuxn772i", "content": "CVE-2026-41045 - Privilege Escalation in Qsnapper. TOCTOU flaw in polkit auth allows local root access. CVSS 8.1. No patch available. Mitigate immediately. #CVE #infosec #Linux\n\nhttps://www.valtersit.com/cve/CVE-2026-41045/", "creation_timestamp": "2026-06-22T23:06:37.278130Z"}</description>
      <content:encoded>{"uuid": "cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41045", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3movysuxn772i", "content": "CVE-2026-41045 - Privilege Escalation in Qsnapper. TOCTOU flaw in polkit auth allows local root access. CVSS 8.1. No patch available. Mitigate immediately. #CVE #infosec #Linux\n\nhttps://www.valtersit.com/cve/CVE-2026-41045/", "creation_timestamp": "2026-06-22T23:06:37.278130Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/cf30eb4f-9494-42a8-a7cb-f1f9dfd09d80/export</guid>
      <pubDate>Mon, 22 Jun 2026 23:06:37 +0000</pubDate>
    </item>
    <item>
      <title>72999106-c3a3-4006-8791-ff85c40797f2</title>
      <link>https://vulnerability.circl.lu/sighting/72999106-c3a3-4006-8791-ff85c40797f2/export</link>
      <description>{"uuid": "72999106-c3a3-4006-8791-ff85c40797f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movn3snyzh2m", "content": "CVE-2026-41048 - Caching of Authentication allows Authentication Bypass in qSnapper\nCVE ID : CVE-2026-41048\n \n Published : June 22, 2026, 3:31 p.m. | 3\u00a0hours, 39\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different polkit methods in qSnapper befor...", "creation_timestamp": "2026-06-22T19:36:51.968989Z"}</description>
      <content:encoded>{"uuid": "72999106-c3a3-4006-8791-ff85c40797f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movn3snyzh2m", "content": "CVE-2026-41048 - Caching of Authentication allows Authentication Bypass in qSnapper\nCVE ID : CVE-2026-41048\n \n Published : June 22, 2026, 3:31 p.m. | 3\u00a0hours, 39\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different polkit methods in qSnapper befor...", "creation_timestamp": "2026-06-22T19:36:51.968989Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/72999106-c3a3-4006-8791-ff85c40797f2/export</guid>
      <pubDate>Mon, 22 Jun 2026 19:36:51 +0000</pubDate>
    </item>
    <item>
      <title>3d569253-e2e3-48ab-9e8f-4c8df2acf053</title>
      <link>https://vulnerability.circl.lu/sighting/3d569253-e2e3-48ab-9e8f-4c8df2acf053/export</link>
      <description>{"uuid": "3d569253-e2e3-48ab-9e8f-4c8df2acf053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41049", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmnfwkqp2h", "content": "CVE-2026-41049 - Caching of Authentication allows Authentication Bypass between users in qSnapper\nCVE ID : CVE-2026-41049\n \n Published : June 22, 2026, 3:32 p.m. | 3\u00a0hours, 37\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different users of the\u00a0 qSna...", "creation_timestamp": "2026-06-22T19:28:48.001386Z"}</description>
      <content:encoded>{"uuid": "3d569253-e2e3-48ab-9e8f-4c8df2acf053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41049", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmnfwkqp2h", "content": "CVE-2026-41049 - Caching of Authentication allows Authentication Bypass between users in qSnapper\nCVE ID : CVE-2026-41049\n \n Published : June 22, 2026, 3:32 p.m. | 3\u00a0hours, 37\u00a0minutes ago\n \n Description : Incorrect caching of authentication between different users of the\u00a0 qSna...", "creation_timestamp": "2026-06-22T19:28:48.001386Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3d569253-e2e3-48ab-9e8f-4c8df2acf053/export</guid>
      <pubDate>Mon, 22 Jun 2026 19:28:48 +0000</pubDate>
    </item>
  </channel>
</rss>
