<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 04:20:21 +0000</lastBuildDate>
    <item>
      <title>27445fd5-8c30-44f2-ad08-0059ff5c8164</title>
      <link>https://vulnerability.circl.lu/sighting/27445fd5-8c30-44f2-ad08-0059ff5c8164/export</link>
      <description>{"uuid": "27445fd5-8c30-44f2-ad08-0059ff5c8164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42506", "type": "seen", "source": "https://gist.github.com/illoyd/2131d93f5933897a469738feaf75a3e9", "content": "#!/usr/bin/env bash\n#\n# Bulk-triage GitHub code-scanning alerts by rule/CVE id.\n#\n# Dismiss (or reopen) EVERY open alert matching a CVE in one shot, recording a\n# reason + comment. Dismissing keeps the alert tracked \u2014 it leaves the active\n# list but is retained under `is:dismissed`, and when a later scan no longer\n# finds the CVE (e.g. upstream ships the fix and we bump the package) GitHub\n# auto-closes it as \"fixed\". This is preferable to a scan-time `.trivyignore`\n# for upstream / won't-fix CVEs, which would hide the finding entirely and never\n# signal resolution.\n#\n# Matching is by `rule.id`, which for Trivy/Dependabot is the CVE (e.g.\n# CVE-2026-42506) \u2014 so a single run also covers a CVE that fans out across\n# several sibling packages.\n#\n# Usage:\n#   bin/code-scanning-triage   [comment]\n#\n#   action:  wontfix | falsepositive | usedintest | reopen\n#   comment: required when dismissing; recorded on each alert (audited).\n#            Quote it \u2014 it is a single argument.\n#\n# Examples:\n#   bin/code-scanning-triage CVE-2026-42506 wontfix \\\n#     \"Upstream: thruster must bump golang.org/x/net; x/net/html not linked.\"\n#   bin/code-scanning-triage CVE-2026-42506 reopen\n#\n# Env:\n#   DRY_RUN=1   print the alerts that would change, without modifying anything.\n#\n# Requires: gh (authenticated, with security-events/repo write scope) + jq.\nset -euo pipefail\n\ndie() { echo \"error: $*\" &amp;gt;&amp;amp;2; exit 1; }\n\ncve=\"${1:-}\"\naction_raw=\"${2:-}\"\ncomment=\"${3:-}\"\n\n[ -n \"$cve\" ]        || die \"missing CVE/rule id (arg 1), e.g. CVE-2026-42506\"\n[ -n \"$action_raw\" ] || die \"missing action (arg 2): wontfix | falsepositive | usedintest | reopen\"\n[[ \"$cve\" =~ ^[A-Za-z0-9._-]+$ ]] || die \"invalid rule/CVE id: '$cve'\"\n\ncommand -v gh &amp;gt;/dev/null || die \"gh CLI not found\"\ncommand -v jq &amp;gt;/dev/null || die \"jq not found\"\n\n# Normalise the action (lower-case, strip punctuation/spaces) -&amp;gt; GitHub state.\nnorm=\"$(printf '%s' \"$action_raw\" | tr '[:upper:]' '[:lower:]' | tr -cd 'a-z')\"\ncase \"$norm\" in\n  wontfix|wont)          state=dismissed; reason=\"won't fix\";      list_state=open ;;\n  falsepositive|fp)      state=dismissed; reason=\"false positive\"; list_state=open ;;\n  usedintest|test|tests) state=dismissed; reason=\"used in test\";   list_state=open ;;\n  reopen|open)           state=open;      reason=\"\";               list_state=dismissed ;;\n  *) die \"unknown action '$action_raw' (use: wontfix | falsepositive | usedintest | reopen)\" ;;\nesac\n\nif [ \"$state\" = dismissed ] &amp;amp;&amp;amp; [ -z \"$comment\" ]; then\n  die \"a comment is required when dismissing (arg 3) \u2014 quote it\"\nfi\n\nrepo=\"$(gh repo view --json nameWithOwner -q .nameWithOwner)\" || die \"not in a GitHub repo (or gh not authenticated)\"\n\necho \"repo:    $repo\"\necho \"rule:    $cve\"\necho \"action:  $action_raw  -&amp;gt;  state=$state${reason:+, reason=\\\"$reason\\\"}\"\n[ -n \"$comment\" ] &amp;amp;&amp;amp; echo \"comment: $comment\"\necho\n\n# Collect matching alert numbers (filter by rule id client-side).\nraw=\"$(gh api --paginate -X GET \"repos/$repo/code-scanning/alerts\" \\\n        -f state=\"$list_state\" -f per_page=100 \\\n        --jq \".[] | select(.rule.id == \\\"$cve\\\") | .number\")\" \\\n  || die \"failed to query code-scanning alerts (token scope? security-events:write)\"\n\n# shellcheck disable=SC2206  # alert numbers are integers \u2014 word-splitting is safe\nnumbers=( $raw )\ncount=${#numbers[@]}\n\nif [ \"$count\" -eq 0 ]; then\n  echo \"no $list_state alert(s) found for $cve \u2014 nothing to do.\"\n  exit 0\nfi\necho \"matched $count $list_state alert(s): ${numbers[*]}\"\n\nif [ \"${DRY_RUN:-}\" = \"1\" ]; then\n  echo \"DRY_RUN=1 \u2014 no changes made.\"\n  exit 0\nfi\n\nfor n in \"${numbers[@]}\"; do\n  if [ \"$state\" = dismissed ]; then\n    gh api -X PATCH \"repos/$repo/code-scanning/alerts/$n\" \\\n      -f state=dismissed -f dismissed_reason=\"$reason\" -f dismissed_comment=\"$comment\" \\\n      --jq '\"  #\\(.number) -&amp;gt; \\(.state) (\\(.dismissed_reason))\"'\n  else\n    gh api -X PATCH \"repos/$repo/code-scanning/alerts/$n\" \\\n      -f state=open \\\n      --jq '\"  #\\(.number) -&amp;gt; \\(.state)\"'\n  fi\ndone\n\necho \"done: $count alert(s) updated.\"\n\n# Bulk-triage code-scanning alerts by CVE. Dismissing keeps them tracked\n# (filter `is:dismissed`) and auto-resolves to \"fixed\" once a later scan no\n# longer finds the CVE. action: wontfix | falsepositive | usedintest | reopen.\n#   mise run cve-triage CVE-2026-42506 wontfix \"Depends on upstream thruster bump\"\n#   DRY_RUN=1 mise run cve-triage CVE-2026-42506 wontfix \"preview only\"\n[tasks.cve-triage]\ndescription = \"Dismiss/reopen all open code-scanning alerts for a CVE, with a comment\"\nrun = \"bin/code-scanning-triage {{arg(name='cve')}} {{arg(name='action')}} {{arg(name='comment', required=false)}}\"\n", "creation_timestamp": "2026-06-30T01:29:32.450597Z"}</description>
      <content:encoded>{"uuid": "27445fd5-8c30-44f2-ad08-0059ff5c8164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42506", "type": "seen", "source": "https://gist.github.com/illoyd/2131d93f5933897a469738feaf75a3e9", "content": "#!/usr/bin/env bash\n#\n# Bulk-triage GitHub code-scanning alerts by rule/CVE id.\n#\n# Dismiss (or reopen) EVERY open alert matching a CVE in one shot, recording a\n# reason + comment. Dismissing keeps the alert tracked \u2014 it leaves the active\n# list but is retained under `is:dismissed`, and when a later scan no longer\n# finds the CVE (e.g. upstream ships the fix and we bump the package) GitHub\n# auto-closes it as \"fixed\". This is preferable to a scan-time `.trivyignore`\n# for upstream / won't-fix CVEs, which would hide the finding entirely and never\n# signal resolution.\n#\n# Matching is by `rule.id`, which for Trivy/Dependabot is the CVE (e.g.\n# CVE-2026-42506) \u2014 so a single run also covers a CVE that fans out across\n# several sibling packages.\n#\n# Usage:\n#   bin/code-scanning-triage   [comment]\n#\n#   action:  wontfix | falsepositive | usedintest | reopen\n#   comment: required when dismissing; recorded on each alert (audited).\n#            Quote it \u2014 it is a single argument.\n#\n# Examples:\n#   bin/code-scanning-triage CVE-2026-42506 wontfix \\\n#     \"Upstream: thruster must bump golang.org/x/net; x/net/html not linked.\"\n#   bin/code-scanning-triage CVE-2026-42506 reopen\n#\n# Env:\n#   DRY_RUN=1   print the alerts that would change, without modifying anything.\n#\n# Requires: gh (authenticated, with security-events/repo write scope) + jq.\nset -euo pipefail\n\ndie() { echo \"error: $*\" &amp;gt;&amp;amp;2; exit 1; }\n\ncve=\"${1:-}\"\naction_raw=\"${2:-}\"\ncomment=\"${3:-}\"\n\n[ -n \"$cve\" ]        || die \"missing CVE/rule id (arg 1), e.g. CVE-2026-42506\"\n[ -n \"$action_raw\" ] || die \"missing action (arg 2): wontfix | falsepositive | usedintest | reopen\"\n[[ \"$cve\" =~ ^[A-Za-z0-9._-]+$ ]] || die \"invalid rule/CVE id: '$cve'\"\n\ncommand -v gh &amp;gt;/dev/null || die \"gh CLI not found\"\ncommand -v jq &amp;gt;/dev/null || die \"jq not found\"\n\n# Normalise the action (lower-case, strip punctuation/spaces) -&amp;gt; GitHub state.\nnorm=\"$(printf '%s' \"$action_raw\" | tr '[:upper:]' '[:lower:]' | tr -cd 'a-z')\"\ncase \"$norm\" in\n  wontfix|wont)          state=dismissed; reason=\"won't fix\";      list_state=open ;;\n  falsepositive|fp)      state=dismissed; reason=\"false positive\"; list_state=open ;;\n  usedintest|test|tests) state=dismissed; reason=\"used in test\";   list_state=open ;;\n  reopen|open)           state=open;      reason=\"\";               list_state=dismissed ;;\n  *) die \"unknown action '$action_raw' (use: wontfix | falsepositive | usedintest | reopen)\" ;;\nesac\n\nif [ \"$state\" = dismissed ] &amp;amp;&amp;amp; [ -z \"$comment\" ]; then\n  die \"a comment is required when dismissing (arg 3) \u2014 quote it\"\nfi\n\nrepo=\"$(gh repo view --json nameWithOwner -q .nameWithOwner)\" || die \"not in a GitHub repo (or gh not authenticated)\"\n\necho \"repo:    $repo\"\necho \"rule:    $cve\"\necho \"action:  $action_raw  -&amp;gt;  state=$state${reason:+, reason=\\\"$reason\\\"}\"\n[ -n \"$comment\" ] &amp;amp;&amp;amp; echo \"comment: $comment\"\necho\n\n# Collect matching alert numbers (filter by rule id client-side).\nraw=\"$(gh api --paginate -X GET \"repos/$repo/code-scanning/alerts\" \\\n        -f state=\"$list_state\" -f per_page=100 \\\n        --jq \".[] | select(.rule.id == \\\"$cve\\\") | .number\")\" \\\n  || die \"failed to query code-scanning alerts (token scope? security-events:write)\"\n\n# shellcheck disable=SC2206  # alert numbers are integers \u2014 word-splitting is safe\nnumbers=( $raw )\ncount=${#numbers[@]}\n\nif [ \"$count\" -eq 0 ]; then\n  echo \"no $list_state alert(s) found for $cve \u2014 nothing to do.\"\n  exit 0\nfi\necho \"matched $count $list_state alert(s): ${numbers[*]}\"\n\nif [ \"${DRY_RUN:-}\" = \"1\" ]; then\n  echo \"DRY_RUN=1 \u2014 no changes made.\"\n  exit 0\nfi\n\nfor n in \"${numbers[@]}\"; do\n  if [ \"$state\" = dismissed ]; then\n    gh api -X PATCH \"repos/$repo/code-scanning/alerts/$n\" \\\n      -f state=dismissed -f dismissed_reason=\"$reason\" -f dismissed_comment=\"$comment\" \\\n      --jq '\"  #\\(.number) -&amp;gt; \\(.state) (\\(.dismissed_reason))\"'\n  else\n    gh api -X PATCH \"repos/$repo/code-scanning/alerts/$n\" \\\n      -f state=open \\\n      --jq '\"  #\\(.number) -&amp;gt; \\(.state)\"'\n  fi\ndone\n\necho \"done: $count alert(s) updated.\"\n\n# Bulk-triage code-scanning alerts by CVE. Dismissing keeps them tracked\n# (filter `is:dismissed`) and auto-resolves to \"fixed\" once a later scan no\n# longer finds the CVE. action: wontfix | falsepositive | usedintest | reopen.\n#   mise run cve-triage CVE-2026-42506 wontfix \"Depends on upstream thruster bump\"\n#   DRY_RUN=1 mise run cve-triage CVE-2026-42506 wontfix \"preview only\"\n[tasks.cve-triage]\ndescription = \"Dismiss/reopen all open code-scanning alerts for a CVE, with a comment\"\nrun = \"bin/code-scanning-triage {{arg(name='cve')}} {{arg(name='action')}} {{arg(name='comment', required=false)}}\"\n", "creation_timestamp": "2026-06-30T01:29:32.450597Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/27445fd5-8c30-44f2-ad08-0059ff5c8164/export</guid>
      <pubDate>Tue, 30 Jun 2026 01:29:32 +0000</pubDate>
    </item>
    <item>
      <title>7b8dbbcd-09e9-482d-b702-f2079e78bd56</title>
      <link>https://vulnerability.circl.lu/sighting/7b8dbbcd-09e9-482d-b702-f2079e78bd56/export</link>
      <description>{"uuid": "7b8dbbcd-09e9-482d-b702-f2079e78bd56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnu5kzbt4b2p", "content": "\ud83d\udd0d Lambda Watchdog detected that CVE-2026-42507 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/545 #AWS #Lambda #Security #CVE #DevOps #SecOps", "creation_timestamp": "2026-06-09T12:01:10.038119Z"}</description>
      <content:encoded>{"uuid": "7b8dbbcd-09e9-482d-b702-f2079e78bd56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnu5kzbt4b2p", "content": "\ud83d\udd0d Lambda Watchdog detected that CVE-2026-42507 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/545 #AWS #Lambda #Security #CVE #DevOps #SecOps", "creation_timestamp": "2026-06-09T12:01:10.038119Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7b8dbbcd-09e9-482d-b702-f2079e78bd56/export</guid>
      <pubDate>Tue, 09 Jun 2026 12:01:10 +0000</pubDate>
    </item>
    <item>
      <title>d9b0e497-1e0e-4d69-ba09-f124eaf482d1</title>
      <link>https://vulnerability.circl.lu/sighting/d9b0e497-1e0e-4d69-ba09-f124eaf482d1/export</link>
      <description>{"uuid": "d9b0e497-1e0e-4d69-ba09-f124eaf482d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnu5kolpvk2r", "content": "\ud83d\udd0d Lambda Watchdog detected that CVE-2026-42504 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/544 #AWS #Lambda #Security #CVE #DevOps #SecOps", "creation_timestamp": "2026-06-09T12:01:00.024847Z"}</description>
      <content:encoded>{"uuid": "d9b0e497-1e0e-4d69-ba09-f124eaf482d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnu5kolpvk2r", "content": "\ud83d\udd0d Lambda Watchdog detected that CVE-2026-42504 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/544 #AWS #Lambda #Security #CVE #DevOps #SecOps", "creation_timestamp": "2026-06-09T12:01:00.024847Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d9b0e497-1e0e-4d69-ba09-f124eaf482d1/export</guid>
      <pubDate>Tue, 09 Jun 2026 12:01:00 +0000</pubDate>
    </item>
    <item>
      <title>4a7ecb5b-e7d9-4004-ba6b-34f96e3b82b7</title>
      <link>https://vulnerability.circl.lu/sighting/4a7ecb5b-e7d9-4004-ba6b-34f96e3b82b7/export</link>
      <description>{"uuid": "4a7ecb5b-e7d9-4004-ba6b-34f96e3b82b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnrrjo3cdf2d", "content": "\ud83d\udd17 CVE : CVE-2026-42504, CVE-2026-42507, CVE-2026-42504, CVE-2026-42507", "creation_timestamp": "2026-06-08T13:20:20.481798Z"}</description>
      <content:encoded>{"uuid": "4a7ecb5b-e7d9-4004-ba6b-34f96e3b82b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnrrjo3cdf2d", "content": "\ud83d\udd17 CVE : CVE-2026-42504, CVE-2026-42507, CVE-2026-42504, CVE-2026-42507", "creation_timestamp": "2026-06-08T13:20:20.481798Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4a7ecb5b-e7d9-4004-ba6b-34f96e3b82b7/export</guid>
      <pubDate>Mon, 08 Jun 2026 13:20:20 +0000</pubDate>
    </item>
    <item>
      <title>b8b4e732-4cde-44f8-ab33-afc30793a7bb</title>
      <link>https://vulnerability.circl.lu/sighting/b8b4e732-4cde-44f8-ab33-afc30793a7bb/export</link>
      <description>{"uuid": "b8b4e732-4cde-44f8-ab33-afc30793a7bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnrrjo3cdf2d", "content": "\ud83d\udd17 CVE : CVE-2026-42504, CVE-2026-42507, CVE-2026-42504, CVE-2026-42507", "creation_timestamp": "2026-06-08T13:20:20.329890Z"}</description>
      <content:encoded>{"uuid": "b8b4e732-4cde-44f8-ab33-afc30793a7bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnrrjo3cdf2d", "content": "\ud83d\udd17 CVE : CVE-2026-42504, CVE-2026-42507, CVE-2026-42504, CVE-2026-42507", "creation_timestamp": "2026-06-08T13:20:20.329890Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b8b4e732-4cde-44f8-ab33-afc30793a7bb/export</guid>
      <pubDate>Mon, 08 Jun 2026 13:20:20 +0000</pubDate>
    </item>
    <item>
      <title>7ba05050-e489-4578-a04d-c5793c895f3f</title>
      <link>https://vulnerability.circl.lu/sighting/7ba05050-e489-4578-a04d-c5793c895f3f/export</link>
      <description>{"uuid": "7ba05050-e489-4578-a04d-c5793c895f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mngx35ltr62l", "content": "\ud83d\udfe0 CVE-2026-42504 - High (7.5)\n\nDecoding a maliciously-crafted MIME header containing many invalid encoded-words can consume exce...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42504/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-04T06:00:20.152680Z"}</description>
      <content:encoded>{"uuid": "7ba05050-e489-4578-a04d-c5793c895f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mngx35ltr62l", "content": "\ud83d\udfe0 CVE-2026-42504 - High (7.5)\n\nDecoding a maliciously-crafted MIME header containing many invalid encoded-words can consume exce...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42504/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-04T06:00:20.152680Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/7ba05050-e489-4578-a04d-c5793c895f3f/export</guid>
      <pubDate>Thu, 04 Jun 2026 06:00:20 +0000</pubDate>
    </item>
    <item>
      <title>8f5d3102-1463-4dd3-a1ac-1c286a5e1c56</title>
      <link>https://vulnerability.circl.lu/sighting/8f5d3102-1463-4dd3-a1ac-1c286a5e1c56/export</link>
      <description>{"uuid": "8f5d3102-1463-4dd3-a1ac-1c286a5e1c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2rtqtu32f", "content": "\n\ud83d\udea8 New UNKNOWN CVE detected in AWS Lambda \ud83d\udea8\nCVE-2026-42507 impacts stdlib in 26 Lambda base images.\n\nDetails: https://github.com/aws/aws-lambda-base-images/issues/545\nMore: https://lambdawatchdog.com/\n\n#AWS #Lambda #CVE #CloudSecurity #Serverless", "creation_timestamp": "2026-06-03T12:01:22.342155Z"}</description>
      <content:encoded>{"uuid": "8f5d3102-1463-4dd3-a1ac-1c286a5e1c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2rtqtu32f", "content": "\n\ud83d\udea8 New UNKNOWN CVE detected in AWS Lambda \ud83d\udea8\nCVE-2026-42507 impacts stdlib in 26 Lambda base images.\n\nDetails: https://github.com/aws/aws-lambda-base-images/issues/545\nMore: https://lambdawatchdog.com/\n\n#AWS #Lambda #CVE #CloudSecurity #Serverless", "creation_timestamp": "2026-06-03T12:01:22.342155Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8f5d3102-1463-4dd3-a1ac-1c286a5e1c56/export</guid>
      <pubDate>Wed, 03 Jun 2026 12:01:22 +0000</pubDate>
    </item>
    <item>
      <title>0e1af7bb-8dd8-44cd-8595-29850223cc1e</title>
      <link>https://vulnerability.circl.lu/sighting/0e1af7bb-8dd8-44cd-8595-29850223cc1e/export</link>
      <description>{"uuid": "0e1af7bb-8dd8-44cd-8595-29850223cc1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2rgkfkm2f", "content": "\n\ud83d\udea8 New UNKNOWN CVE detected in AWS Lambda \ud83d\udea8\nCVE-2026-42504 impacts stdlib in 26 Lambda base images.\n\nDetails: https://github.com/aws/aws-lambda-base-images/issues/544\nMore: https://lambdawatchdog.com/\n\n#AWS #Lambda #CVE #CloudSecurity #Serverless", "creation_timestamp": "2026-06-03T12:01:07.923514Z"}</description>
      <content:encoded>{"uuid": "0e1af7bb-8dd8-44cd-8595-29850223cc1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mnf2rgkfkm2f", "content": "\n\ud83d\udea8 New UNKNOWN CVE detected in AWS Lambda \ud83d\udea8\nCVE-2026-42504 impacts stdlib in 26 Lambda base images.\n\nDetails: https://github.com/aws/aws-lambda-base-images/issues/544\nMore: https://lambdawatchdog.com/\n\n#AWS #Lambda #CVE #CloudSecurity #Serverless", "creation_timestamp": "2026-06-03T12:01:07.923514Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0e1af7bb-8dd8-44cd-8595-29850223cc1e/export</guid>
      <pubDate>Wed, 03 Jun 2026 12:01:07 +0000</pubDate>
    </item>
    <item>
      <title>ddb6fdbb-a0fe-4d3f-b65c-d9512808781d</title>
      <link>https://vulnerability.circl.lu/sighting/ddb6fdbb-a0fe-4d3f-b65c-d9512808781d/export</link>
      <description>{"uuid": "ddb6fdbb-a0fe-4d3f-b65c-d9512808781d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne3iwbcgy25", "content": "CVE-2026-42507 - Arbitrary inputs are included in errors without any escaping in net/textproto\nCVE ID : CVE-2026-42507\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : When returning errors, functions in the net/textproto package would include...", "creation_timestamp": "2026-06-03T02:41:36.702296Z"}</description>
      <content:encoded>{"uuid": "ddb6fdbb-a0fe-4d3f-b65c-d9512808781d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42507", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne3iwbcgy25", "content": "CVE-2026-42507 - Arbitrary inputs are included in errors without any escaping in net/textproto\nCVE ID : CVE-2026-42507\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : When returning errors, functions in the net/textproto package would include...", "creation_timestamp": "2026-06-03T02:41:36.702296Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ddb6fdbb-a0fe-4d3f-b65c-d9512808781d/export</guid>
      <pubDate>Wed, 03 Jun 2026 02:41:36 +0000</pubDate>
    </item>
    <item>
      <title>d53b3d3d-4b46-4fb4-b786-045ac6c07f86</title>
      <link>https://vulnerability.circl.lu/sighting/d53b3d3d-4b46-4fb4-b786-045ac6c07f86/export</link>
      <description>{"uuid": "d53b3d3d-4b46-4fb4-b786-045ac6c07f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne3ga4eue23", "content": "CVE-2026-42504 - Quadratic complexity in WordDecoder.DecodeHeader in mime\nCVE ID : CVE-2026-42504\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume exc...", "creation_timestamp": "2026-06-03T02:40:06.818766Z"}</description>
      <content:encoded>{"uuid": "d53b3d3d-4b46-4fb4-b786-045ac6c07f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42504", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne3ga4eue23", "content": "CVE-2026-42504 - Quadratic complexity in WordDecoder.DecodeHeader in mime\nCVE ID : CVE-2026-42504\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume exc...", "creation_timestamp": "2026-06-03T02:40:06.818766Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d53b3d3d-4b46-4fb4-b786-045ac6c07f86/export</guid>
      <pubDate>Wed, 03 Jun 2026 02:40:06 +0000</pubDate>
    </item>
  </channel>
</rss>
