Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 26 Jun 2026 21:31:58 +0000 f126daea-5e18-4a4a-a19f-3e47db29246e https://vulnerability.circl.lu/sighting/f126daea-5e18-4a4a-a19f-3e47db29246e/export {"uuid": "f126daea-5e18-4a4a-a19f-3e47db29246e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48169", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gv23-xrm3-8c62", "content": "", "creation_timestamp": "2026-05-19T06:35:20.000000Z"} {"uuid": "f126daea-5e18-4a4a-a19f-3e47db29246e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48169", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gv23-xrm3-8c62", "content": "", "creation_timestamp": "2026-05-19T06:35:20.000000Z"} https://vulnerability.circl.lu/sighting/f126daea-5e18-4a4a-a19f-3e47db29246e/export Tue, 19 May 2026 06:35:20 +0000 d60f7e05-6672-46c5-b042-064cd0fe2b95 https://vulnerability.circl.lu/sighting/d60f7e05-6672-46c5-b042-064cd0fe2b95/export {"uuid": "d60f7e05-6672-46c5-b042-064cd0fe2b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48165", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mo4uhdc5ui2o", "content": "CVE-2026-48165 - OS Command Injection in MariaDB. High-privileged users can execute shell commands via wsrep_sst variables. CVSS 8.0. Patch released. Update now. #CVE #MariaDB #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-48165/", "creation_timestamp": "2026-06-12T23:12:00.509399Z"} {"uuid": "d60f7e05-6672-46c5-b042-064cd0fe2b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48165", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mo4uhdc5ui2o", "content": "CVE-2026-48165 - OS Command Injection in MariaDB. High-privileged users can execute shell commands via wsrep_sst variables. CVSS 8.0. Patch released. Update now. #CVE #MariaDB #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-48165/", "creation_timestamp": "2026-06-12T23:12:00.509399Z"} https://vulnerability.circl.lu/sighting/d60f7e05-6672-46c5-b042-064cd0fe2b95/export Fri, 12 Jun 2026 23:12:00 +0000 91a3af1a-0abe-456f-a2cb-e4fcff106a5a https://vulnerability.circl.lu/sighting/91a3af1a-0abe-456f-a2cb-e4fcff106a5a/export {"uuid": "91a3af1a-0abe-456f-a2cb-e4fcff106a5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48165", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mogqzcvdi22e", "content": "\ud83d\udccc CVE-2026-48165 - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.... https://www.cyberhub.blog/cves/CVE-2026-48165", "creation_timestamp": "2026-06-16T21:37:06.723298Z"} {"uuid": "91a3af1a-0abe-456f-a2cb-e4fcff106a5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48165", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mogqzcvdi22e", "content": "\ud83d\udccc CVE-2026-48165 - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.... https://www.cyberhub.blog/cves/CVE-2026-48165", "creation_timestamp": "2026-06-16T21:37:06.723298Z"} https://vulnerability.circl.lu/sighting/91a3af1a-0abe-456f-a2cb-e4fcff106a5a/export Tue, 16 Jun 2026 21:37:06 +0000 5d43102d-a998-4033-9157-d1a23b844565 https://vulnerability.circl.lu/sighting/5d43102d-a998-4033-9157-d1a23b844565/export {"uuid": "5d43102d-a998-4033-9157-d1a23b844565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48163", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mogsoyvex32z", "content": "\ud83d\udccc CVE-2026-48163 - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.... https://www.cyberhub.blog/cves/CVE-2026-48163", "creation_timestamp": "2026-06-16T22:07:08.541942Z"} {"uuid": "5d43102d-a998-4033-9157-d1a23b844565", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48163", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mogsoyvex32z", "content": "\ud83d\udccc CVE-2026-48163 - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.... https://www.cyberhub.blog/cves/CVE-2026-48163", "creation_timestamp": "2026-06-16T22:07:08.541942Z"} https://vulnerability.circl.lu/sighting/5d43102d-a998-4033-9157-d1a23b844565/export Tue, 16 Jun 2026 22:07:08 +0000 b7792bcc-51b9-4c31-b429-a228ce0cc745 https://vulnerability.circl.lu/sighting/b7792bcc-51b9-4c31-b429-a228ce0cc745/export {"uuid": "b7792bcc-51b9-4c31-b429-a228ce0cc745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48166", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow5eqds6w2q", "content": "CVE-2026-48166 - Filament: Timing-based user enumeration on login page\nCVE ID : CVE-2026-48166\n \n Published : June 22, 2026, 9:40 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 un...", "creation_timestamp": "2026-06-23T00:28:10.488985Z"} {"uuid": "b7792bcc-51b9-4c31-b429-a228ce0cc745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48166", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow5eqds6w2q", "content": "CVE-2026-48166 - Filament: Timing-based user enumeration on login page\nCVE ID : CVE-2026-48166\n \n Published : June 22, 2026, 9:40 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 un...", "creation_timestamp": "2026-06-23T00:28:10.488985Z"} https://vulnerability.circl.lu/sighting/b7792bcc-51b9-4c31-b429-a228ce0cc745/export Tue, 23 Jun 2026 00:28:10 +0000 79415609-b2c3-48f0-89c3-111e4f8aa647 https://vulnerability.circl.lu/sighting/79415609-b2c3-48f0-89c3-111e4f8aa647/export {"uuid": "79415609-b2c3-48f0-89c3-111e4f8aa647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48167", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow75wphmt2e", "content": "CVE-2026-48167 - Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS\nCVE ID : CVE-2026-48167\n \n Published : June 22, 2026, 9:43 p.m. | 2\u00a0hours ago\n \n Description : Filament is a collection of full-stack components for accelerated Laravel development. Fr...", "creation_timestamp": "2026-06-23T01:00:09.798421Z"} {"uuid": "79415609-b2c3-48f0-89c3-111e4f8aa647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48167", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow75wphmt2e", "content": "CVE-2026-48167 - Filament: Unvalidated ImageColumn and ImageEntry values can be used for XSS\nCVE ID : CVE-2026-48167\n \n Published : June 22, 2026, 9:43 p.m. | 2\u00a0hours ago\n \n Description : Filament is a collection of full-stack components for accelerated Laravel development. Fr...", "creation_timestamp": "2026-06-23T01:00:09.798421Z"} https://vulnerability.circl.lu/sighting/79415609-b2c3-48f0-89c3-111e4f8aa647/export Tue, 23 Jun 2026 01:00:09 +0000 2b6a0b2e-7d6f-4658-bc26-5e0581e54a20 https://vulnerability.circl.lu/sighting/2b6a0b2e-7d6f-4658-bc26-5e0581e54a20/export {"uuid": "2b6a0b2e-7d6f-4658-bc26-5e0581e54a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48167", "type": "seen", "source": "https://gist.github.com/alon710/ef60a8d2e003433e0632a30f0def6b96", "content": "# CVE-2026-48167: CVE-2026-48167: Stored Cross-Site Scripting (XSS) via Attribute Injection in Filament ImageColumn and ImageEntry\n\n> **CVSS Score:** 6.4\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48167\n\n## Summary\nFilament's ImageColumn (used in tables) and ImageEntry (used in infolists) components render database values inside HTML attributes without validation or sanitization. This allows an attacker to inject arbitrary HTML attributes, leading to Stored Cross-Site Scripting (XSS).\n\n## TL;DR\nAn HTML attribute injection vulnerability in Filament v4.x and v5.x allows authenticated users with database write privileges to inject arbitrary JavaScript payloads into image components, executing code in the security context of administrators viewing the record.\n\n## Technical Details\n\n- **CWE ID**: CWE-79 (Improper Neutralization of Input During Web Page Generation)\n- **Attack Vector**: Network / Low Privileges Required\n- **CVSS v3.1 Score**: 6.4\n- **EPSS Score**: 0.00148 (0.15% probability)\n- **Impact**: Stored Cross-Site Scripting (XSS)\n- **Exploit Status**: No active public exploits\n\n## Affected Systems\n\n- Laravel applications implementing Filament tables with ImageColumn components\n- Laravel applications implementing Filament infolists with ImageEntry components\n- **filament/tables**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/tables**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n- **filament/infolists**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/infolists**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n\n## Mitigation\n\n- Upgrade to patched upstream library versions\n- Verify and audit published local Blade template overrides\n- Enforce standard Content Security Policy (CSP) configurations restricting inline script executions\n- Validate user-provided image URLs prior to database persistence\n\n**Remediation Steps:**\n1. Run 'composer update filament/filament' in your terminal.\n2. Ensure package composer.json references >=4.11.5 or >=5.6.5.\n3. Inspect files in 'resources/views/vendor/filament' for raw unescaped output references.\n4. Query databases for potentially dangerous string entries inside columns rendered by ImageColumn components.\n\n## References\n\n- [GHSA-3fc8-8hp6-6jr4](https://github.com/filamentphp/filament/security/advisories/GHSA-3fc8-8hp6-6jr4)\n- [CVE-2026-48167 Authoritative CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-48167)\n- [Filament Vulnerability Fix Commit](https://github.com/filamentphp/filament/commit/e1f36a7316d75476f3301e044cc360d7cb746c56)\n- [National Vulnerability Database Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-48167)\n- [Official Package Repository](https://github.com/filamentphp/filament)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48167) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T07:11:47.000000Z"} {"uuid": "2b6a0b2e-7d6f-4658-bc26-5e0581e54a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48167", "type": "seen", "source": "https://gist.github.com/alon710/ef60a8d2e003433e0632a30f0def6b96", "content": "# CVE-2026-48167: CVE-2026-48167: Stored Cross-Site Scripting (XSS) via Attribute Injection in Filament ImageColumn and ImageEntry\n\n> **CVSS Score:** 6.4\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48167\n\n## Summary\nFilament's ImageColumn (used in tables) and ImageEntry (used in infolists) components render database values inside HTML attributes without validation or sanitization. This allows an attacker to inject arbitrary HTML attributes, leading to Stored Cross-Site Scripting (XSS).\n\n## TL;DR\nAn HTML attribute injection vulnerability in Filament v4.x and v5.x allows authenticated users with database write privileges to inject arbitrary JavaScript payloads into image components, executing code in the security context of administrators viewing the record.\n\n## Technical Details\n\n- **CWE ID**: CWE-79 (Improper Neutralization of Input During Web Page Generation)\n- **Attack Vector**: Network / Low Privileges Required\n- **CVSS v3.1 Score**: 6.4\n- **EPSS Score**: 0.00148 (0.15% probability)\n- **Impact**: Stored Cross-Site Scripting (XSS)\n- **Exploit Status**: No active public exploits\n\n## Affected Systems\n\n- Laravel applications implementing Filament tables with ImageColumn components\n- Laravel applications implementing Filament infolists with ImageEntry components\n- **filament/tables**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/tables**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n- **filament/infolists**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/infolists**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n\n## Mitigation\n\n- Upgrade to patched upstream library versions\n- Verify and audit published local Blade template overrides\n- Enforce standard Content Security Policy (CSP) configurations restricting inline script executions\n- Validate user-provided image URLs prior to database persistence\n\n**Remediation Steps:**\n1. Run 'composer update filament/filament' in your terminal.\n2. Ensure package composer.json references >=4.11.5 or >=5.6.5.\n3. Inspect files in 'resources/views/vendor/filament' for raw unescaped output references.\n4. Query databases for potentially dangerous string entries inside columns rendered by ImageColumn components.\n\n## References\n\n- [GHSA-3fc8-8hp6-6jr4](https://github.com/filamentphp/filament/security/advisories/GHSA-3fc8-8hp6-6jr4)\n- [CVE-2026-48167 Authoritative CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-48167)\n- [Filament Vulnerability Fix Commit](https://github.com/filamentphp/filament/commit/e1f36a7316d75476f3301e044cc360d7cb746c56)\n- [National Vulnerability Database Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-48167)\n- [Official Package Repository](https://github.com/filamentphp/filament)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48167) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T07:11:47.000000Z"} https://vulnerability.circl.lu/sighting/2b6a0b2e-7d6f-4658-bc26-5e0581e54a20/export Wed, 24 Jun 2026 07:11:47 +0000 7686756a-f0ae-44e1-80c2-4e1c9aefdece https://vulnerability.circl.lu/sighting/7686756a-f0ae-44e1-80c2-4e1c9aefdece/export {"uuid": "7686756a-f0ae-44e1-80c2-4e1c9aefdece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48166", "type": "seen", "source": "https://gist.github.com/alon710/0cc6180222e375f03b77f1081a3811f5", "content": "# CVE-2026-48166: CVE-2026-48166: Timing-Based User Enumeration on Login Page in Filament\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48166\n\n## Summary\nAn observable timing discrepancy vulnerability (CWE-208) in Filament's administrative login page allows unauthenticated remote attackers to determine the existence of registered email addresses. This timing side-channel arises from short-circuiting logic that skips expensive password hashing checks when a queried email address is not found in the database. Attackers can execute statistical timing attacks to map active administrator accounts, facilitating subsequent targeted brute-force or credential-stuffing campaigns.\n\n## TL;DR\nA timing-based user enumeration vulnerability in Filament login pages allows unauthenticated remote attackers to identify valid registered email addresses due to a short-circuiting logic flaw in the authentication mechanism.\n\n## Technical Details\n\n- **CWE ID**: CWE-208\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.3 (Medium)\n- **EPSS Score**: 0.0021\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- filament/filament\n- Filament Panels\n- Filament Auth Page\n- **filament/filament**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/filament**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n\n## Mitigation\n\n- Upgrade filament/filament package to 4.11.5 (for v4.x) or 5.6.5 (for v5.x).\n- Increase the timebox_duration configuration in auth.php to exceed peak CPU hashing latencies.\n- Deploy web application rate limiting on the login route to block automated sequential timing tests.\n\n**Remediation Steps:**\n1. Verify the current Filament version via 'composer show filament/filament'.\n2. Run 'composer update filament/filament' to apply the official security patch.\n3. Review 'config/auth.php' and adjust the 'timebox_duration' config variable based on production hardware constraints.\n4. Implement rate limit configurations at the web server (Nginx/Apache) or reverse proxy layer for the administrative login URI.\n\n## References\n\n- [GHSA-5w46-g9pq-wh6f: Timing-Based User Enumeration on Login Page in Filament](https://github.com/filamentphp/filament/security/advisories/GHSA-5w46-g9pq-wh6f)\n- [Fix Commit 33a9f576efb0d43372607487aebd17eae4315f1f](https://github.com/filamentphp/filament/commit/33a9f576efb0d43372607487aebd17eae4315f1f)\n- [CVE-2026-48166 on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-48166)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48166) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T07:42:24.000000Z"} {"uuid": "7686756a-f0ae-44e1-80c2-4e1c9aefdece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48166", "type": "seen", "source": "https://gist.github.com/alon710/0cc6180222e375f03b77f1081a3811f5", "content": "# CVE-2026-48166: CVE-2026-48166: Timing-Based User Enumeration on Login Page in Filament\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48166\n\n## Summary\nAn observable timing discrepancy vulnerability (CWE-208) in Filament's administrative login page allows unauthenticated remote attackers to determine the existence of registered email addresses. This timing side-channel arises from short-circuiting logic that skips expensive password hashing checks when a queried email address is not found in the database. Attackers can execute statistical timing attacks to map active administrator accounts, facilitating subsequent targeted brute-force or credential-stuffing campaigns.\n\n## TL;DR\nA timing-based user enumeration vulnerability in Filament login pages allows unauthenticated remote attackers to identify valid registered email addresses due to a short-circuiting logic flaw in the authentication mechanism.\n\n## Technical Details\n\n- **CWE ID**: CWE-208\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 5.3 (Medium)\n- **EPSS Score**: 0.0021\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- filament/filament\n- Filament Panels\n- Filament Auth Page\n- **filament/filament**: >= 4.0.0, < 4.11.5 (Fixed in: `4.11.5`)\n- **filament/filament**: >= 5.0.0, < 5.6.5 (Fixed in: `5.6.5`)\n\n## Mitigation\n\n- Upgrade filament/filament package to 4.11.5 (for v4.x) or 5.6.5 (for v5.x).\n- Increase the timebox_duration configuration in auth.php to exceed peak CPU hashing latencies.\n- Deploy web application rate limiting on the login route to block automated sequential timing tests.\n\n**Remediation Steps:**\n1. Verify the current Filament version via 'composer show filament/filament'.\n2. Run 'composer update filament/filament' to apply the official security patch.\n3. Review 'config/auth.php' and adjust the 'timebox_duration' config variable based on production hardware constraints.\n4. Implement rate limit configurations at the web server (Nginx/Apache) or reverse proxy layer for the administrative login URI.\n\n## References\n\n- [GHSA-5w46-g9pq-wh6f: Timing-Based User Enumeration on Login Page in Filament](https://github.com/filamentphp/filament/security/advisories/GHSA-5w46-g9pq-wh6f)\n- [Fix Commit 33a9f576efb0d43372607487aebd17eae4315f1f](https://github.com/filamentphp/filament/commit/33a9f576efb0d43372607487aebd17eae4315f1f)\n- [CVE-2026-48166 on CVE.org](https://www.cve.org/CVERecord?id=CVE-2026-48166)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48166) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T07:42:24.000000Z"} https://vulnerability.circl.lu/sighting/7686756a-f0ae-44e1-80c2-4e1c9aefdece/export Wed, 24 Jun 2026 07:42:24 +0000