https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 26 Jun 2026 06:11:06 +0000 https://vulnerability.circl.lu/sighting/3fd610fc-abf0-4982-baf0-7bf9c13c7195/export {"uuid": "3fd610fc-abf0-4982-baf0-7bf9c13c7195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://gist.github.com/alon710/6783c7f2ed7c6e138aaba0f21814c8e7", "content": "# CVE-2026-45491: CVE-2026-45491: Directory Traversal via Improper Link Resolution in .NET System.Formats.Tar\n\n> **CVSS Score:** 6.2\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45491\n\n## Summary\nA directory traversal vulnerability exists in the Microsoft .NET System.Formats.Tar library during archive extraction. When extracting a TAR archive using the TarFile.ExtractToDirectory API, the extraction engine improperly resolves symbolic links prior to file creation, allowing local unauthorized attackers to write or overwrite arbitrary files outside the target directory. This can lead to local tampering, privilege escalation, or arbitrary code execution.\n\n## TL;DR\nSystem.Formats.Tar in .NET 8.0, 9.0, and 10.0 fails to validate symbolic link targets during extraction, enabling local directory traversal and arbitrary file writes (Tar Slip).\n\n## Technical Details\n\n- **CWE ID**: CWE-59\n- **Attack Vector**: Local\n- **CVSS Base Score**: 6.2\n- **EPSS Score**: 0.00301 (21.55 percentile)\n- **Impact**: High Integrity Tampering / Privilege Escalation\n- **Exploit Status**: No public weaponized exploit code available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- .NET Core and .NET runtimes on Linux (Ubuntu, RHEL, Rocky, Alma, Amazon Linux, Alpine, Oracle Linux)\n- .NET Core and .NET runtimes on Windows\n- ASP.NET Core applications incorporating archive upload or processing components\n- **.NET 8.0**: >= 8.0.0 to < 8.0.28 (Fixed in: `8.0.28`)\n- **.NET 9.0**: >= 9.0.0 to < 9.0.17 (Fixed in: `9.0.17`)\n- **.NET 10.0**: >= 10.0.0 to < 10.0.9 (Fixed in: `10.0.9`)\n\n## Mitigation\n\n- Upgrade .NET Core and .NET Runtimes to patched versions (8.0.28, 9.0.17, 10.0.9).\n- Sanitize and resolve archive path boundaries manually before calling extraction APIs if upgrading is not immediately possible.\n- Implement strict system privilege boundaries so .NET processes run with the least necessary privileges.\n\n**Remediation Steps:**\n1. Locate all installations of the .NET SDK and Runtime across development environments and production servers.\n2. Apply June 2026 security updates using system package managers or by rebuilding container images with official updated base images.\n3. Scan existing codebases for calls to System.Formats.Tar.TarFile.ExtractToDirectory and ensure they only ingest trusted archives.\n4. Configure File Integrity Monitoring (FIM) to monitor sensitive directories for unexpected write activity.\n\n## References\n\n- [Microsoft Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-45491)\n- [Wiz Security Vulnerability DB Record](https://www.wiz.io/vulnerability-database/cve/cve-2026-45491)\n- [Official .NET Runtime Repository](https://github.com/dotnet/runtime)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45491) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T15:31:48.000000Z"} {"uuid": "3fd610fc-abf0-4982-baf0-7bf9c13c7195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://gist.github.com/alon710/6783c7f2ed7c6e138aaba0f21814c8e7", "content": "# CVE-2026-45491: CVE-2026-45491: Directory Traversal via Improper Link Resolution in .NET System.Formats.Tar\n\n> **CVSS Score:** 6.2\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45491\n\n## Summary\nA directory traversal vulnerability exists in the Microsoft .NET System.Formats.Tar library during archive extraction. When extracting a TAR archive using the TarFile.ExtractToDirectory API, the extraction engine improperly resolves symbolic links prior to file creation, allowing local unauthorized attackers to write or overwrite arbitrary files outside the target directory. This can lead to local tampering, privilege escalation, or arbitrary code execution.\n\n## TL;DR\nSystem.Formats.Tar in .NET 8.0, 9.0, and 10.0 fails to validate symbolic link targets during extraction, enabling local directory traversal and arbitrary file writes (Tar Slip).\n\n## Technical Details\n\n- **CWE ID**: CWE-59\n- **Attack Vector**: Local\n- **CVSS Base Score**: 6.2\n- **EPSS Score**: 0.00301 (21.55 percentile)\n- **Impact**: High Integrity Tampering / Privilege Escalation\n- **Exploit Status**: No public weaponized exploit code available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- .NET Core and .NET runtimes on Linux (Ubuntu, RHEL, Rocky, Alma, Amazon Linux, Alpine, Oracle Linux)\n- .NET Core and .NET runtimes on Windows\n- ASP.NET Core applications incorporating archive upload or processing components\n- **.NET 8.0**: >= 8.0.0 to < 8.0.28 (Fixed in: `8.0.28`)\n- **.NET 9.0**: >= 9.0.0 to < 9.0.17 (Fixed in: `9.0.17`)\n- **.NET 10.0**: >= 10.0.0 to < 10.0.9 (Fixed in: `10.0.9`)\n\n## Mitigation\n\n- Upgrade .NET Core and .NET Runtimes to patched versions (8.0.28, 9.0.17, 10.0.9).\n- Sanitize and resolve archive path boundaries manually before calling extraction APIs if upgrading is not immediately possible.\n- Implement strict system privilege boundaries so .NET processes run with the least necessary privileges.\n\n**Remediation Steps:**\n1. Locate all installations of the .NET SDK and Runtime across development environments and production servers.\n2. Apply June 2026 security updates using system package managers or by rebuilding container images with official updated base images.\n3. Scan existing codebases for calls to System.Formats.Tar.TarFile.ExtractToDirectory and ensure they only ingest trusted archives.\n4. Configure File Integrity Monitoring (FIM) to monitor sensitive directories for unexpected write activity.\n\n## References\n\n- [Microsoft Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-45491)\n- [Wiz Security Vulnerability DB Record](https://www.wiz.io/vulnerability-database/cve/cve-2026-45491)\n- [Official .NET Runtime Repository](https://github.com/dotnet/runtime)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45491) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T15:31:48.000000Z"} https://vulnerability.circl.lu/sighting/3fd610fc-abf0-4982-baf0-7bf9c13c7195/export Tue, 16 Jun 2026 15:31:48 +0000 https://vulnerability.circl.lu/sighting/cd54a6c0-84f0-43dd-a751-bedb7567f321/export {"uuid": "cd54a6c0-84f0-43dd-a751-bedb7567f321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://gist.github.com/alon710/a6c468e4494cbab0d52196d8ff716d7b", "content": "# CVE-2026-45491: CVE-2026-45491: Directory Traversal via Improper Link Resolution in .NET System.Formats.Tar\n\n> **CVSS Score:** 6.2\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45491\n\n## Summary\nA directory traversal vulnerability exists in the Microsoft .NET System.Formats.Tar library during archive extraction. When extracting a TAR archive using the TarFile.ExtractToDirectory API, the extraction engine improperly resolves symbolic links prior to file creation, allowing local unauthorized attackers to write or overwrite arbitrary files outside the target directory. This can lead to local tampering, privilege escalation, or arbitrary code execution.\n\n## TL;DR\nSystem.Formats.Tar in .NET 8.0, 9.0, and 10.0 fails to validate symbolic link targets during extraction, enabling local directory traversal and arbitrary file writes (Tar Slip).\n\n## Technical Details\n\n- **CWE ID**: CWE-59\n- **Attack Vector**: Local\n- **CVSS Base Score**: 6.2\n- **EPSS Score**: 0.00301 (21.55 percentile)\n- **Impact**: High Integrity Tampering / Privilege Escalation\n- **Exploit Status**: No public weaponized exploit code available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- .NET Core and .NET runtimes on Linux (Ubuntu, RHEL, Rocky, Alma, Amazon Linux, Alpine, Oracle Linux)\n- .NET Core and .NET runtimes on Windows\n- ASP.NET Core applications incorporating archive upload or processing components\n- **.NET 8.0**: >= 8.0.0 to < 8.0.28 (Fixed in: `8.0.28`)\n- **.NET 9.0**: >= 9.0.0 to < 9.0.17 (Fixed in: `9.0.17`)\n- **.NET 10.0**: >= 10.0.0 to < 10.0.9 (Fixed in: `10.0.9`)\n\n## Mitigation\n\n- Upgrade .NET Core and .NET Runtimes to patched versions (8.0.28, 9.0.17, 10.0.9).\n- Sanitize and resolve archive path boundaries manually before calling extraction APIs if upgrading is not immediately possible.\n- Implement strict system privilege boundaries so .NET processes run with the least necessary privileges.\n\n**Remediation Steps:**\n1. Locate all installations of the .NET SDK and Runtime across development environments and production servers.\n2. Apply June 2026 security updates using system package managers or by rebuilding container images with official updated base images.\n3. Scan existing codebases for calls to System.Formats.Tar.TarFile.ExtractToDirectory and ensure they only ingest trusted archives.\n4. Configure File Integrity Monitoring (FIM) to monitor sensitive directories for unexpected write activity.\n\n## References\n\n- [Microsoft Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-45491)\n- [Wiz Security Vulnerability DB Record](https://www.wiz.io/vulnerability-database/cve/cve-2026-45491)\n- [Official .NET Runtime Repository](https://github.com/dotnet/runtime)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45491) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T15:41:21.000000Z"} {"uuid": "cd54a6c0-84f0-43dd-a751-bedb7567f321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://gist.github.com/alon710/a6c468e4494cbab0d52196d8ff716d7b", "content": "# CVE-2026-45491: CVE-2026-45491: Directory Traversal via Improper Link Resolution in .NET System.Formats.Tar\n\n> **CVSS Score:** 6.2\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45491\n\n## Summary\nA directory traversal vulnerability exists in the Microsoft .NET System.Formats.Tar library during archive extraction. When extracting a TAR archive using the TarFile.ExtractToDirectory API, the extraction engine improperly resolves symbolic links prior to file creation, allowing local unauthorized attackers to write or overwrite arbitrary files outside the target directory. This can lead to local tampering, privilege escalation, or arbitrary code execution.\n\n## TL;DR\nSystem.Formats.Tar in .NET 8.0, 9.0, and 10.0 fails to validate symbolic link targets during extraction, enabling local directory traversal and arbitrary file writes (Tar Slip).\n\n## Technical Details\n\n- **CWE ID**: CWE-59\n- **Attack Vector**: Local\n- **CVSS Base Score**: 6.2\n- **EPSS Score**: 0.00301 (21.55 percentile)\n- **Impact**: High Integrity Tampering / Privilege Escalation\n- **Exploit Status**: No public weaponized exploit code available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- .NET Core and .NET runtimes on Linux (Ubuntu, RHEL, Rocky, Alma, Amazon Linux, Alpine, Oracle Linux)\n- .NET Core and .NET runtimes on Windows\n- ASP.NET Core applications incorporating archive upload or processing components\n- **.NET 8.0**: >= 8.0.0 to < 8.0.28 (Fixed in: `8.0.28`)\n- **.NET 9.0**: >= 9.0.0 to < 9.0.17 (Fixed in: `9.0.17`)\n- **.NET 10.0**: >= 10.0.0 to < 10.0.9 (Fixed in: `10.0.9`)\n\n## Mitigation\n\n- Upgrade .NET Core and .NET Runtimes to patched versions (8.0.28, 9.0.17, 10.0.9).\n- Sanitize and resolve archive path boundaries manually before calling extraction APIs if upgrading is not immediately possible.\n- Implement strict system privilege boundaries so .NET processes run with the least necessary privileges.\n\n**Remediation Steps:**\n1. Locate all installations of the .NET SDK and Runtime across development environments and production servers.\n2. Apply June 2026 security updates using system package managers or by rebuilding container images with official updated base images.\n3. Scan existing codebases for calls to System.Formats.Tar.TarFile.ExtractToDirectory and ensure they only ingest trusted archives.\n4. Configure File Integrity Monitoring (FIM) to monitor sensitive directories for unexpected write activity.\n\n## References\n\n- [Microsoft Security Advisory](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45491)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-45491)\n- [Wiz Security Vulnerability DB Record](https://www.wiz.io/vulnerability-database/cve/cve-2026-45491)\n- [Official .NET Runtime Repository](https://github.com/dotnet/runtime)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45491) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T15:41:21.000000Z"} https://vulnerability.circl.lu/sighting/cd54a6c0-84f0-43dd-a751-bedb7567f321/export Tue, 16 Jun 2026 15:41:21 +0000 https://vulnerability.circl.lu/sighting/ad02ff49-f6ca-4040-9fea-5ce742b0353e/export {"uuid": "ad02ff49-f6ca-4040-9fea-5ce742b0353e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mog6ajxxym2y", "content": "\ud83d\udea8 EUVD-2026-35675\n\ud83d\udcca 6.2/10\n\ud83c\udfe2 Microsoft\n\n\ud83d\udcdd Microsoft Security Advisory CVE-2026-45491 \u2013 .NET Tampering Vulnerability\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-35675\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-16T16:01:07.420921Z"} {"uuid": "ad02ff49-f6ca-4040-9fea-5ce742b0353e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45491", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mog6ajxxym2y", "content": "\ud83d\udea8 EUVD-2026-35675\n\ud83d\udcca 6.2/10\n\ud83c\udfe2 Microsoft\n\n\ud83d\udcdd Microsoft Security Advisory CVE-2026-45491 \u2013 .NET Tampering Vulnerability\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-35675\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-16T16:01:07.420921Z"} https://vulnerability.circl.lu/sighting/ad02ff49-f6ca-4040-9fea-5ce742b0353e/export Tue, 16 Jun 2026 16:01:07 +0000 https://vulnerability.circl.lu/sighting/4b034ddf-e0aa-4be0-bdd0-a4d89dbc5f28/export {"uuid": "4b034ddf-e0aa-4be0-bdd0-a4d89dbc5f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mogmsxghdl2v", "content": "Every Windows machine running Microsoft Defender $MSFT is exposed until the latest Antimalware Platform update is installed. RedSun (CVE-2026-41091) lets any local user become SYSTEM; UnDefend (CVE-2026-45498) silently blocks Defender updates. Both actively exploited. CISA KEV deadline June 3.", "creation_timestamp": "2026-06-16T20:21:58.377278Z"} {"uuid": "4b034ddf-e0aa-4be0-bdd0-a4d89dbc5f28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mogmsxghdl2v", "content": "Every Windows machine running Microsoft Defender $MSFT is exposed until the latest Antimalware Platform update is installed. RedSun (CVE-2026-41091) lets any local user become SYSTEM; UnDefend (CVE-2026-45498) silently blocks Defender updates. Both actively exploited. CISA KEV deadline June 3.", "creation_timestamp": "2026-06-16T20:21:58.377278Z"} https://vulnerability.circl.lu/sighting/4b034ddf-e0aa-4be0-bdd0-a4d89dbc5f28/export Tue, 16 Jun 2026 20:21:58 +0000 https://vulnerability.circl.lu/sighting/ca6b960b-6009-483a-b880-0dbc289a5813/export {"uuid": "ca6b960b-6009-483a-b880-0dbc289a5813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moj45ndbgc2y", "content": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u304cUnDefend\u3068RedSun Defender\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u305f\u30d1\u30c3\u30c1\u3092\u516c\u958b\n\n\u6700\u521d\u306e\u8106\u5f31\u6027\u306fCVE-2026-41091\uff08CVSS\u30b9\u30b3\u30a27.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u304a\u308a\u3001\u653b\u6483\u8005\u304c\u30b7\u30b9\u30c6\u30e0\u6a29\u9650\u306b\u6607\u683c\u3067\u304d\u308b\u30ea\u30f3\u30af\u8ffd\u8de1\u306e\u554f\u984c\u3068\u3057\u3066\u8aac\u660e\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n\n\u300cMicrosoft Defender\u3067\u306f\u3001\u30d5\u30a1\u30a4\u30eb\u30a2\u30af\u30bb\u30b9\u524d\u306e\u30ea\u30f3\u30af\u89e3\u6c7a\uff08\u300c\u30ea\u30f3\u30af\u306e\u8ffd\u8de1\u300d\uff09\u304c\u4e0d\u9069\u5207\u3067\u3042\u308b\u305f\u3081\u3001\u6a29\u9650\u306e\u3042\u308b\u653b\u6483\u8005\u304c\u30ed\u30fc\u30ab\u30eb\u3067\u6a29\u9650\u3092\u6607\u683c\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u300d\u3068\u3001Microsoft\u306f\u7c21\u6f54\u306a\u52e7\u544a\u306e\u4e2d\u3067\u6307\u6458\u3057\u3066\u3044\u308b\u3002\n\n2\u3064\u76ee\u306e\u30d0\u30b0\u306f\u3001CVE-2026-45498\uff08CVSS\u30b9\u30b3\u30a24.0\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u304a\u308a\u3001\u30b5\u30fc...", "creation_timestamp": "2026-06-17T20:01:46.883287Z"} {"uuid": "ca6b960b-6009-483a-b880-0dbc289a5813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moj45ndbgc2y", "content": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u304cUnDefend\u3068RedSun Defender\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u305f\u30d1\u30c3\u30c1\u3092\u516c\u958b\n\n\u6700\u521d\u306e\u8106\u5f31\u6027\u306fCVE-2026-41091\uff08CVSS\u30b9\u30b3\u30a27.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u304a\u308a\u3001\u653b\u6483\u8005\u304c\u30b7\u30b9\u30c6\u30e0\u6a29\u9650\u306b\u6607\u683c\u3067\u304d\u308b\u30ea\u30f3\u30af\u8ffd\u8de1\u306e\u554f\u984c\u3068\u3057\u3066\u8aac\u660e\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n\n\u300cMicrosoft Defender\u3067\u306f\u3001\u30d5\u30a1\u30a4\u30eb\u30a2\u30af\u30bb\u30b9\u524d\u306e\u30ea\u30f3\u30af\u89e3\u6c7a\uff08\u300c\u30ea\u30f3\u30af\u306e\u8ffd\u8de1\u300d\uff09\u304c\u4e0d\u9069\u5207\u3067\u3042\u308b\u305f\u3081\u3001\u6a29\u9650\u306e\u3042\u308b\u653b\u6483\u8005\u304c\u30ed\u30fc\u30ab\u30eb\u3067\u6a29\u9650\u3092\u6607\u683c\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u300d\u3068\u3001Microsoft\u306f\u7c21\u6f54\u306a\u52e7\u544a\u306e\u4e2d\u3067\u6307\u6458\u3057\u3066\u3044\u308b\u3002\n\n2\u3064\u76ee\u306e\u30d0\u30b0\u306f\u3001CVE-2026-45498\uff08CVSS\u30b9\u30b3\u30a24.0\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u304a\u308a\u3001\u30b5\u30fc...", "creation_timestamp": "2026-06-17T20:01:46.883287Z"} https://vulnerability.circl.lu/sighting/ca6b960b-6009-483a-b880-0dbc289a5813/export Wed, 17 Jun 2026 20:01:46 +0000 https://vulnerability.circl.lu/sighting/d5de4181-efff-49b6-a6d5-9b5f329d2b17/export {"uuid": "d5de4181-efff-49b6-a6d5-9b5f329d2b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3molmkbqrgk2q", "content": "\u7c73\u5f53\u5c40\u3001\u8106\u5f31\u6027\u60aa\u7528\u78ba\u8a8d\u30ea\u30b9\u30c8\u306b7\u4ef6\u8ffd\u52a0 - IE\u306a\u3069\u65e7\u88fd\u54c1\u95a2\u9023\u3082\n\n\u7c73\u5f53\u5c40\u306f\u3001\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b\u8106\u5f31\u60277\u4ef6\u306b\u3064\u3044\u3066\u6ce8\u610f\u559a\u8d77\u3092\u884c\u3063\u305f\u3002\u3053\u306e\u3046\u30612\u4ef6\u306f2026\u5e745\u6708\u306b\u5224\u660e\u3057\u305f\u8106\u5f31\u6027\u3060\u304c\u3001\u306e\u3053\u308b5\u4ef6\u306f2010\u5e74\u4ee5\u524d\u306e\u8106\u5f31\u6027\u3068\u306a\u3063\u3066\u3044\u308b\u3002\n\n\u7c73\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u73fe\u5730\u6642\u95932026\u5e745\u670820\u65e5\u3001\u300c\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\uff08KEV\uff09\u300d\u3078\u8106\u5f31\u60277\u4ef6\u3092\u767b\u9332\u3002\u7c73\u56fd\u5185\u306e\u884c\u653f\u6a5f\u95a2\u3078\u5bfe\u7b56\u3092\u4fc3\u3059\u3068\u3068\u3082\u306b\u3001\u5e83\u304f\u6ce8\u610f\u3092\u547c\u3073\u304b\u3051\u3066\u3044\u308b\u3002\n\n\u4eca\u56de\u767b\u9332\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u3046\u3061\u30012026\u5e74\u306b\u5224\u660e\u3057\u305f\u8106\u5f31\u6027\u306f\u300cCVE-2026-41091\u300d\u300cCVE-2026-45498\u300d\u306e2\u4ef6...", "creation_timestamp": "2026-06-18T20:00:27.599062Z"} {"uuid": "d5de4181-efff-49b6-a6d5-9b5f329d2b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3molmkbqrgk2q", "content": "\u7c73\u5f53\u5c40\u3001\u8106\u5f31\u6027\u60aa\u7528\u78ba\u8a8d\u30ea\u30b9\u30c8\u306b7\u4ef6\u8ffd\u52a0 - IE\u306a\u3069\u65e7\u88fd\u54c1\u95a2\u9023\u3082\n\n\u7c73\u5f53\u5c40\u306f\u3001\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b\u8106\u5f31\u60277\u4ef6\u306b\u3064\u3044\u3066\u6ce8\u610f\u559a\u8d77\u3092\u884c\u3063\u305f\u3002\u3053\u306e\u3046\u30612\u4ef6\u306f2026\u5e745\u6708\u306b\u5224\u660e\u3057\u305f\u8106\u5f31\u6027\u3060\u304c\u3001\u306e\u3053\u308b5\u4ef6\u306f2010\u5e74\u4ee5\u524d\u306e\u8106\u5f31\u6027\u3068\u306a\u3063\u3066\u3044\u308b\u3002\n\n\u7c73\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5e81\uff08CISA\uff09\u306f\u73fe\u5730\u6642\u95932026\u5e745\u670820\u65e5\u3001\u300c\u60aa\u7528\u304c\u78ba\u8a8d\u3055\u308c\u305f\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\uff08KEV\uff09\u300d\u3078\u8106\u5f31\u60277\u4ef6\u3092\u767b\u9332\u3002\u7c73\u56fd\u5185\u306e\u884c\u653f\u6a5f\u95a2\u3078\u5bfe\u7b56\u3092\u4fc3\u3059\u3068\u3068\u3082\u306b\u3001\u5e83\u304f\u6ce8\u610f\u3092\u547c\u3073\u304b\u3051\u3066\u3044\u308b\u3002\n\n\u4eca\u56de\u767b\u9332\u3055\u308c\u305f\u8106\u5f31\u6027\u306e\u3046\u3061\u30012026\u5e74\u306b\u5224\u660e\u3057\u305f\u8106\u5f31\u6027\u306f\u300cCVE-2026-41091\u300d\u300cCVE-2026-45498\u300d\u306e2\u4ef6...", "creation_timestamp": "2026-06-18T20:00:27.599062Z"} https://vulnerability.circl.lu/sighting/d5de4181-efff-49b6-a6d5-9b5f329d2b17/export Thu, 18 Jun 2026 20:00:27 +0000 https://vulnerability.circl.lu/sighting/84ed46ad-281e-453d-a236-bf070bbb78ca/export {"uuid": "84ed46ad-281e-453d-a236-bf070bbb78ca", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3479ba21-8f89-4c56-97ce-b6cdebc9b5c7", "content": "", "creation_timestamp": "2026-06-19T12:45:11.920951Z"} {"uuid": "84ed46ad-281e-453d-a236-bf070bbb78ca", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3479ba21-8f89-4c56-97ce-b6cdebc9b5c7", "content": "", "creation_timestamp": "2026-06-19T12:45:11.920951Z"} https://vulnerability.circl.lu/sighting/84ed46ad-281e-453d-a236-bf070bbb78ca/export Fri, 19 Jun 2026 12:45:11 +0000 https://vulnerability.circl.lu/sighting/768a2eba-3f44-4117-b3cf-dfce07d15c7c/export {"uuid": "768a2eba-3f44-4117-b3cf-dfce07d15c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45495", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmmgau2k2j", "content": "\ud83d\udea8 ALERT: CVE-2026-45495\n\nCVSS 8.8/10\n\n\ud83d\udccb WHAT IT IS:\nMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability\n\n\ud83c\udfaf WHO'S AFFECTED:\n \u2022 Edge Chromium\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown\nImpact: high impact on confidentiality, integrity, availability\n\n\u2705 WHAT TO DO:\n 1. Identify af", "creation_timestamp": "2026-06-22T00:22:55.279515Z"} {"uuid": "768a2eba-3f44-4117-b3cf-dfce07d15c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45495", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmmgau2k2j", "content": "\ud83d\udea8 ALERT: CVE-2026-45495\n\nCVSS 8.8/10\n\n\ud83d\udccb WHAT IT IS:\nMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability\n\n\ud83c\udfaf WHO'S AFFECTED:\n \u2022 Edge Chromium\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown\nImpact: high impact on confidentiality, integrity, availability\n\n\u2705 WHAT TO DO:\n 1. Identify af", "creation_timestamp": "2026-06-22T00:22:55.279515Z"} https://vulnerability.circl.lu/sighting/768a2eba-3f44-4117-b3cf-dfce07d15c7c/export Mon, 22 Jun 2026 00:22:55 +0000 https://vulnerability.circl.lu/sighting/48834e21-f3df-4325-8a42-e0da8b49706e/export {"uuid": "48834e21-f3df-4325-8a42-e0da8b49706e", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c46c47c1-3450-4ced-8bec-e2c77b5d96c9", "content": "", "creation_timestamp": "2026-06-23T14:03:37.862611Z"} {"uuid": "48834e21-f3df-4325-8a42-e0da8b49706e", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/c46c47c1-3450-4ced-8bec-e2c77b5d96c9", "content": "", "creation_timestamp": "2026-06-23T14:03:37.862611Z"} https://vulnerability.circl.lu/sighting/48834e21-f3df-4325-8a42-e0da8b49706e/export Tue, 23 Jun 2026 14:03:37 +0000 https://vulnerability.circl.lu/sighting/7dc8fd65-3b41-4fc3-bd3d-d794f9dff68d/export {"uuid": "7dc8fd65-3b41-4fc3-bd3d-d794f9dff68d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mp2vqbjkh226", "content": "\ud83d\udea8 Alerta: Explotaci\u00f3n activa de vulnerabilidades cr\u00edticas en Microsoft Defender | CVE-2026-4109 | CVE-2026-45498 | www.newstecnicas.com/2026/06/aler...", "creation_timestamp": "2026-06-24T21:54:51.060392Z"} {"uuid": "7dc8fd65-3b41-4fc3-bd3d-d794f9dff68d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45498", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mp2vqbjkh226", "content": "\ud83d\udea8 Alerta: Explotaci\u00f3n activa de vulnerabilidades cr\u00edticas en Microsoft Defender | CVE-2026-4109 | CVE-2026-45498 | www.newstecnicas.com/2026/06/aler...", "creation_timestamp": "2026-06-24T21:54:51.060392Z"} https://vulnerability.circl.lu/sighting/7dc8fd65-3b41-4fc3-bd3d-d794f9dff68d/export Wed, 24 Jun 2026 21:54:51 +0000