Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 28 Jun 2026 05:18:22 +0000 eea2c778-08e9-4d9e-9266-3f99a3d90886 https://vulnerability.circl.lu/sighting/eea2c778-08e9-4d9e-9266-3f99a3d90886/export {"uuid": "eea2c778-08e9-4d9e-9266-3f99a3d90886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42055", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3momr3spaum2v", "content": "\ud83d\udcf0 Picu Kerusakan Memori, F5 Rilis Patch Darurat Tutup Celah Kritis RCE pada NGINX\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/19/f5-rilis-patch-darurat-celah-kritis-nginx/\n\n#aslr #bufferOverflow #cve-2026-42055 #cve-2026-42530 #dos #f5 #http3 #nginx #outOfBand #patchDarurat ", "creation_timestamp": "2026-06-19T06:54:28.499995Z"} {"uuid": "eea2c778-08e9-4d9e-9266-3f99a3d90886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42055", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3momr3spaum2v", "content": "\ud83d\udcf0 Picu Kerusakan Memori, F5 Rilis Patch Darurat Tutup Celah Kritis RCE pada NGINX\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/19/f5-rilis-patch-darurat-celah-kritis-nginx/\n\n#aslr #bufferOverflow #cve-2026-42055 #cve-2026-42530 #dos #f5 #http3 #nginx #outOfBand #patchDarurat ", "creation_timestamp": "2026-06-19T06:54:28.499995Z"} https://vulnerability.circl.lu/sighting/eea2c778-08e9-4d9e-9266-3f99a3d90886/export Fri, 19 Jun 2026 06:54:28 +0000 28d9557d-8c87-465c-8434-a529b7ebf6b2 https://vulnerability.circl.lu/sighting/28d9557d-8c87-465c-8434-a529b7ebf6b2/export {"uuid": "28d9557d-8c87-465c-8434-a529b7ebf6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116775720185561378", "content": "F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus\nF5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.\n**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing \"quic\" from all listen directives, and remove the \"ignore_invalid_headers off\" directive or shrink \"large_client_header_buffers\" to block these attacks until you update.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L", "creation_timestamp": "2026-06-19T13:20:06.012658Z"} {"uuid": "28d9557d-8c87-465c-8434-a529b7ebf6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116775720185561378", "content": "F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus\nF5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.\n**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing \"quic\" from all listen directives, and remove the \"ignore_invalid_headers off\" directive or shrink \"large_client_header_buffers\" to block these attacks until you update.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L", "creation_timestamp": "2026-06-19T13:20:06.012658Z"} https://vulnerability.circl.lu/sighting/28d9557d-8c87-465c-8434-a529b7ebf6b2/export Fri, 19 Jun 2026 13:20:06 +0000 75b96418-1e26-4553-832d-85f6ddd20b1f https://vulnerability.circl.lu/sighting/75b96418-1e26-4553-832d-85f6ddd20b1f/export {"uuid": "75b96418-1e26-4553-832d-85f6ddd20b1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3monjucmz5s2h", "content": "F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution\n\nF5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnera\u2026\n#hackernews #news", "creation_timestamp": "2026-06-19T14:17:41.146746Z"} {"uuid": "75b96418-1e26-4553-832d-85f6ddd20b1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3monjucmz5s2h", "content": "F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution\n\nF5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnera\u2026\n#hackernews #news", "creation_timestamp": "2026-06-19T14:17:41.146746Z"} https://vulnerability.circl.lu/sighting/75b96418-1e26-4553-832d-85f6ddd20b1f/export Fri, 19 Jun 2026 14:17:41 +0000 fd6e90a2-0252-4d3a-9762-a7a3c4a379cb https://vulnerability.circl.lu/sighting/fd6e90a2-0252-4d3a-9762-a7a3c4a379cb/export {"uuid": "fd6e90a2-0252-4d3a-9762-a7a3c4a379cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7o7bs2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:53.287974Z"} {"uuid": "fd6e90a2-0252-4d3a-9762-a7a3c4a379cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7o7bs2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:53.287974Z"} https://vulnerability.circl.lu/sighting/fd6e90a2-0252-4d3a-9762-a7a3c4a379cb/export Fri, 19 Jun 2026 16:15:53 +0000 e9567ef2-bbc9-40bd-9480-e291a8fd8908 https://vulnerability.circl.lu/sighting/e9567ef2-bbc9-40bd-9480-e291a8fd8908/export {"uuid": "e9567ef2-bbc9-40bd-9480-e291a8fd8908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oj2c2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:55.143782Z"} {"uuid": "e9567ef2-bbc9-40bd-9480-e291a8fd8908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oj2c2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:55.143782Z"} https://vulnerability.circl.lu/sighting/e9567ef2-bbc9-40bd-9480-e291a8fd8908/export Fri, 19 Jun 2026 16:15:55 +0000 a76787a2-f0ce-4eac-aaa6-4a1b1633a25e https://vulnerability.circl.lu/sighting/a76787a2-f0ce-4eac-aaa6-4a1b1633a25e/export {"uuid": "a76787a2-f0ce-4eac-aaa6-4a1b1633a25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oly22s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:57.061829Z"} {"uuid": "a76787a2-f0ce-4eac-aaa6-4a1b1633a25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oly22s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:57.061829Z"} https://vulnerability.circl.lu/sighting/a76787a2-f0ce-4eac-aaa6-4a1b1633a25e/export Fri, 19 Jun 2026 16:15:57 +0000 6c0bd62e-c94e-4fb4-898f-5d33c3493222 https://vulnerability.circl.lu/sighting/6c0bd62e-c94e-4fb4-898f-5d33c3493222/export {"uuid": "6c0bd62e-c94e-4fb4-898f-5d33c3493222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motml63t7d2v", "content": "\ud83d\udea8 ALERT: CVE-2026-42055\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the HTTP/2 module. A remote unauthenticated attacker can send a specially crafted HTTP/2 request that causes a heap buffer overflow in the NGINX worker process. This may allow remote code execution. Exploit", "creation_timestamp": "2026-06-22T00:22:13.030462Z"} {"uuid": "6c0bd62e-c94e-4fb4-898f-5d33c3493222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motml63t7d2v", "content": "\ud83d\udea8 ALERT: CVE-2026-42055\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the HTTP/2 module. A remote unauthenticated attacker can send a specially crafted HTTP/2 request that causes a heap buffer overflow in the NGINX worker process. This may allow remote code execution. Exploit", "creation_timestamp": "2026-06-22T00:22:13.030462Z"} https://vulnerability.circl.lu/sighting/6c0bd62e-c94e-4fb4-898f-5d33c3493222/export Mon, 22 Jun 2026 00:22:13 +0000 057ec4f4-06f0-4514-a983-e11d21f0c081 https://vulnerability.circl.lu/sighting/057ec4f4-06f0-4514-a983-e11d21f0c081/export {"uuid": "057ec4f4-06f0-4514-a983-e11d21f0c081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b", "content": "# \u26a0\ufe0f SECURITY ALERT: Multiple CVEs Affecting Popular Packages (June 2026)\n\n## CVE-2026-48931 \u2014 Node.js 24.17 / node-fetch Premature Close\n- **Impact:** Affects Node.js 24.17 and any app using node-fetch\n- **Severity:** High\n- **Affected:** Backstage (20\ud83d\udc4d issue), any Node.js app on 24.17\n- **Fix:** Update Node.js or apply backport\n- **Issue:** https://github.com/backstage/backstage/issues/34651\n\n## CVE-2026-54297 \u2014 Faraday Dependency Vulnerability\n- **Impact:** Affects Fastlane and apps using Faraday\n- **Severity:** High\n- **Affected:** Fastlane (9\ud83d\udc4d issue), any Ruby app using Faraday\n- **Fix:** Update Faraday dependency\n- **Issue:** https://github.com/fastlane/fastlane/issues/30086\n\n## CVE-2026-42530 & CVE-2026-42055 \u2014 nginx Vulnerabilities\n- **Impact:** Affects nginx and mailcow-dockerized\n- **Severity:** High\n- **Affected:** mailcow-dockerized (7\ud83d\udc4d issue), any nginx deployment\n- **Fix:** Update nginx to patched version\n- **Issue:** https://github.com/mailcow/mailcow-dockerized/issues/7299\n\n## js-yaml Quadratic DoS (v3.x)\n- **Impact:** Affects any app using js-yaml v3.x for YAML parsing\n- **Severity:** Medium-High\n- **Affected:** 15\ud83d\udc4d issue requesting backport from v4.2.0 to v3\n- **Fix:** Update to js-yaml v4.2.0+ or apply backport\n- **Issue:** https://github.com/nodeca/js-yaml/issues/762\n\n## How to Check If You're Affected\n1. Check your Node.js version: `node --version`\n2. Check your Ruby/Bundler dependencies: `bundle list | grep faraday`\n3. Check your nginx version: `nginx -v`\n4. Check your js-yaml version: `npm ls js-yaml`\n\n## What to Do\n1. Update affected dependencies immediately\n2. Review logs for suspicious activity\n3. Rotate credentials if exposure is suspected\n\n---\n*If this alert helped you: https://buymeacoffee.com/muhamedfazalps*\n", "creation_timestamp": "2026-06-23T13:41:44.000000Z"} {"uuid": "057ec4f4-06f0-4514-a983-e11d21f0c081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b", "content": "# \u26a0\ufe0f SECURITY ALERT: Multiple CVEs Affecting Popular Packages (June 2026)\n\n## CVE-2026-48931 \u2014 Node.js 24.17 / node-fetch Premature Close\n- **Impact:** Affects Node.js 24.17 and any app using node-fetch\n- **Severity:** High\n- **Affected:** Backstage (20\ud83d\udc4d issue), any Node.js app on 24.17\n- **Fix:** Update Node.js or apply backport\n- **Issue:** https://github.com/backstage/backstage/issues/34651\n\n## CVE-2026-54297 \u2014 Faraday Dependency Vulnerability\n- **Impact:** Affects Fastlane and apps using Faraday\n- **Severity:** High\n- **Affected:** Fastlane (9\ud83d\udc4d issue), any Ruby app using Faraday\n- **Fix:** Update Faraday dependency\n- **Issue:** https://github.com/fastlane/fastlane/issues/30086\n\n## CVE-2026-42530 & CVE-2026-42055 \u2014 nginx Vulnerabilities\n- **Impact:** Affects nginx and mailcow-dockerized\n- **Severity:** High\n- **Affected:** mailcow-dockerized (7\ud83d\udc4d issue), any nginx deployment\n- **Fix:** Update nginx to patched version\n- **Issue:** https://github.com/mailcow/mailcow-dockerized/issues/7299\n\n## js-yaml Quadratic DoS (v3.x)\n- **Impact:** Affects any app using js-yaml v3.x for YAML parsing\n- **Severity:** Medium-High\n- **Affected:** 15\ud83d\udc4d issue requesting backport from v4.2.0 to v3\n- **Fix:** Update to js-yaml v4.2.0+ or apply backport\n- **Issue:** https://github.com/nodeca/js-yaml/issues/762\n\n## How to Check If You're Affected\n1. Check your Node.js version: `node --version`\n2. Check your Ruby/Bundler dependencies: `bundle list | grep faraday`\n3. Check your nginx version: `nginx -v`\n4. Check your js-yaml version: `npm ls js-yaml`\n\n## What to Do\n1. Update affected dependencies immediately\n2. Review logs for suspicious activity\n3. Rotate credentials if exposure is suspected\n\n---\n*If this alert helped you: https://buymeacoffee.com/muhamedfazalps*\n", "creation_timestamp": "2026-06-23T13:41:44.000000Z"} https://vulnerability.circl.lu/sighting/057ec4f4-06f0-4514-a983-e11d21f0c081/export Tue, 23 Jun 2026 13:41:44 +0000 a4cd1633-da38-466f-8a50-ce191b98782a https://vulnerability.circl.lu/sighting/a4cd1633-da38-466f-8a50-ce191b98782a/export {"uuid": "a4cd1633-da38-466f-8a50-ce191b98782a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/insomnisec.bsky.social/post/3mp2q6blryx2v", "content": "\ud83d\udce1 Two More Critical NGINX Vulnerabilities: CVE-2026-42530 and CVE-2026-42055", "creation_timestamp": "2026-06-24T20:15:13.948593Z"} {"uuid": "a4cd1633-da38-466f-8a50-ce191b98782a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/insomnisec.bsky.social/post/3mp2q6blryx2v", "content": "\ud83d\udce1 Two More Critical NGINX Vulnerabilities: CVE-2026-42530 and CVE-2026-42055", "creation_timestamp": "2026-06-24T20:15:13.948593Z"} https://vulnerability.circl.lu/sighting/a4cd1633-da38-466f-8a50-ce191b98782a/export Wed, 24 Jun 2026 20:15:13 +0000 7996d7bb-891a-4645-8a7f-adca7a5c8498 https://vulnerability.circl.lu/sighting/7996d7bb-891a-4645-8a7f-adca7a5c8498/export {"uuid": "7996d7bb-891a-4645-8a7f-adca7a5c8498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://www.acn.gov.it/portale/w/risolte-vulnerabilita-nei-prodotti-nginix", "content": "", "creation_timestamp": "2026-06-25T16:45:41.757988Z"} {"uuid": "7996d7bb-891a-4645-8a7f-adca7a5c8498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://www.acn.gov.it/portale/w/risolte-vulnerabilita-nei-prodotti-nginix", "content": "", "creation_timestamp": "2026-06-25T16:45:41.757988Z"} https://vulnerability.circl.lu/sighting/7996d7bb-891a-4645-8a7f-adca7a5c8498/export Thu, 25 Jun 2026 16:45:41 +0000