https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 29 Jun 2026 17:37:03 +0000 https://vulnerability.circl.lu/sighting/4ebfe0b8-1809-4038-972e-450e6bd9fe61/export {"uuid": "4ebfe0b8-1809-4038-972e-450e6bd9fe61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48616", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpcjiqi7ax2x", "content": "\ud83d\udccc CVE-2026-48616 - Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file ... https://www.cyberhub.blog/cves/CVE-2026-48616", "creation_timestamp": "2026-06-27T22:37:06.721649Z"} {"uuid": "4ebfe0b8-1809-4038-972e-450e6bd9fe61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48616", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpcjiqi7ax2x", "content": "\ud83d\udccc CVE-2026-48616 - Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file ... https://www.cyberhub.blog/cves/CVE-2026-48616", "creation_timestamp": "2026-06-27T22:37:06.721649Z"} https://vulnerability.circl.lu/sighting/4ebfe0b8-1809-4038-972e-450e6bd9fe61/export Sat, 27 Jun 2026 22:37:06 +0000 https://vulnerability.circl.lu/sighting/235d9c86-8905-424d-9833-15946cc6be11/export {"uuid": "235d9c86-8905-424d-9833-15946cc6be11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48618", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mp664kt66l2k", "content": "Daily IT Security Digest \u2014 2026-06-26\ncompromise). PEAR ransomware claimed 9.3 TB theft from Optimum First Mortgage including SSNs and financial records. [Source: Multiple @infosec.exchange posts]\n\n## 8. Notable Vulnerabilities & Policy Updates\n\n- **CVE-2026-48618** (HIGH): Node.js TLS hostname", "creation_timestamp": "2026-06-26T05:02:47.825341Z"} {"uuid": "235d9c86-8905-424d-9833-15946cc6be11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48618", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mp664kt66l2k", "content": "Daily IT Security Digest \u2014 2026-06-26\ncompromise). PEAR ransomware claimed 9.3 TB theft from Optimum First Mortgage including SSNs and financial records. [Source: Multiple @infosec.exchange posts]\n\n## 8. Notable Vulnerabilities & Policy Updates\n\n- **CVE-2026-48618** (HIGH): Node.js TLS hostname", "creation_timestamp": "2026-06-26T05:02:47.825341Z"} https://vulnerability.circl.lu/sighting/235d9c86-8905-424d-9833-15946cc6be11/export Fri, 26 Jun 2026 05:02:47 +0000 https://vulnerability.circl.lu/sighting/b04668c5-495a-4827-94bf-809868d492ce/export {"uuid": "b04668c5-495a-4827-94bf-809868d492ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48618", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp5xbrtm6n2m", "content": "HIGH severity vuln in Node.js (CVE-2026-48618) impacts TLS hostname checks in 22.22.3, 24.16.0, 26.3.0. No patch \u2014 monitor advisories & limit use in sensitive cases. https://radar.offseq.com/threat/cve-2026-48618-cwe-176-improper-handling-of-unicod-6526a729870e7650 #OffSeq #NodeJS #Security", "creation_timestamp": "2026-06-26T03:00:27.345490Z"} {"uuid": "b04668c5-495a-4827-94bf-809868d492ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48618", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp5xbrtm6n2m", "content": "HIGH severity vuln in Node.js (CVE-2026-48618) impacts TLS hostname checks in 22.22.3, 24.16.0, 26.3.0. No patch \u2014 monitor advisories & limit use in sensitive cases. https://radar.offseq.com/threat/cve-2026-48618-cwe-176-improper-handling-of-unicod-6526a729870e7650 #OffSeq #NodeJS #Security", "creation_timestamp": "2026-06-26T03:00:27.345490Z"} https://vulnerability.circl.lu/sighting/b04668c5-495a-4827-94bf-809868d492ce/export Fri, 26 Jun 2026 03:00:27 +0000 https://vulnerability.circl.lu/sighting/b46f759e-c672-4463-83f6-5f23e6fd706b/export {"uuid": "b46f759e-c672-4463-83f6-5f23e6fd706b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48618", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116814172949655181", "content": "CVE-2026-48618: Node.js HIGH severity vuln in TLS hostname handling (Unicode dot normalization flaw). Affects 22.22.3, 24.16.0, 26.3.0. No patch yet \u2014 restrict use & monitor vendor advisory. https://radar.offseq.com/threat/cve-2026-48618-cwe-176-improper-handling-of-unicod-6526a729870e7650 #OffSeq #NodeJS #Vulnerability #TLS #Security", "creation_timestamp": "2026-06-26T03:00:25.919977Z"} {"uuid": "b46f759e-c672-4463-83f6-5f23e6fd706b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48618", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116814172949655181", "content": "CVE-2026-48618: Node.js HIGH severity vuln in TLS hostname handling (Unicode dot normalization flaw). Affects 22.22.3, 24.16.0, 26.3.0. No patch yet \u2014 restrict use & monitor vendor advisory. https://radar.offseq.com/threat/cve-2026-48618-cwe-176-improper-handling-of-unicod-6526a729870e7650 #OffSeq #NodeJS #Vulnerability #TLS #Security", "creation_timestamp": "2026-06-26T03:00:25.919977Z"} https://vulnerability.circl.lu/sighting/b46f759e-c672-4463-83f6-5f23e6fd706b/export Fri, 26 Jun 2026 03:00:25 +0000 https://vulnerability.circl.lu/sighting/33fe3328-5092-4a85-a9fd-d7a4d740927c/export {"uuid": "33fe3328-5092-4a85-a9fd-d7a4d740927c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48619", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5wajk2nj2b", "content": "CVE-2026-48619 - Node.js HTTP/2 Out of Memory Vulnerability\nCVE ID : CVE-2026-48619\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Ou...", "creation_timestamp": "2026-06-26T02:41:51.056388Z"} {"uuid": "33fe3328-5092-4a85-a9fd-d7a4d740927c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48619", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5wajk2nj2b", "content": "CVE-2026-48619 - Node.js HTTP/2 Out of Memory Vulnerability\nCVE ID : CVE-2026-48619\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Ou...", "creation_timestamp": "2026-06-26T02:41:51.056388Z"} https://vulnerability.circl.lu/sighting/33fe3328-5092-4a85-a9fd-d7a4d740927c/export Fri, 26 Jun 2026 02:41:51 +0000 https://vulnerability.circl.lu/sighting/bd631dc6-15e4-4d73-8f4f-b88dc7939c94/export {"uuid": "bd631dc6-15e4-4d73-8f4f-b88dc7939c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48618", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vf2wefo2n", "content": "CVE-2026-48618 - Node.js TLS Hostname Normalization Bypass\nCVE ID : CVE-2026-48618\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth ...", "creation_timestamp": "2026-06-26T02:26:29.708770Z"} {"uuid": "bd631dc6-15e4-4d73-8f4f-b88dc7939c94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48618", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5vf2wefo2n", "content": "CVE-2026-48618 - Node.js TLS Hostname Normalization Bypass\nCVE ID : CVE-2026-48618\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth ...", "creation_timestamp": "2026-06-26T02:26:29.708770Z"} https://vulnerability.circl.lu/sighting/bd631dc6-15e4-4d73-8f4f-b88dc7939c94/export Fri, 26 Jun 2026 02:26:29 +0000 https://vulnerability.circl.lu/sighting/a5c2684e-54e8-477d-84fc-e74b047b8be2/export {"uuid": "a5c2684e-54e8-477d-84fc-e74b047b8be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48615", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5uw4vm7c2z", "content": "CVE-2026-48615 - Node.js Proxy Credentials Exposure via Tunnel Error\nCVE ID : CVE-2026-48615\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messa...", "creation_timestamp": "2026-06-26T02:18:08.323782Z"} {"uuid": "a5c2684e-54e8-477d-84fc-e74b047b8be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48615", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp5uw4vm7c2z", "content": "CVE-2026-48615 - Node.js Proxy Credentials Exposure via Tunnel Error\nCVE ID : CVE-2026-48615\n \n Published : June 26, 2026, 1:14 a.m. | 30\u00a0minutes ago\n \n Description : A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messa...", "creation_timestamp": "2026-06-26T02:18:08.323782Z"} https://vulnerability.circl.lu/sighting/a5c2684e-54e8-477d-84fc-e74b047b8be2/export Fri, 26 Jun 2026 02:18:08 +0000 https://vulnerability.circl.lu/sighting/9d369dd8-6232-4a32-9870-9a9cde15d431/export {"uuid": "9d369dd8-6232-4a32-9870-9a9cde15d431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48618", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3motlougng225", "content": "Node.js\u30012026\u5e746\u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30ea\u30fc\u30b9\u306712\u4ef6\u306e\u8106\u5f31\u6027\u3092\u4fee\u6b63(CVE-2026-48933,CVE-2026-48618)\u4ed6\n\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-06-22T00:06:27.224302Z"} {"uuid": "9d369dd8-6232-4a32-9870-9a9cde15d431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48618", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3motlougng225", "content": "Node.js\u30012026\u5e746\u6708\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30ea\u30fc\u30b9\u306712\u4ef6\u306e\u8106\u5f31\u6027\u3092\u4fee\u6b63(CVE-2026-48933,CVE-2026-48618)\u4ed6\n\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-06-22T00:06:27.224302Z"} https://vulnerability.circl.lu/sighting/9d369dd8-6232-4a32-9870-9a9cde15d431/export Mon, 22 Jun 2026 00:06:27 +0000 https://vulnerability.circl.lu/sighting/fe53e6dd-f46f-4cf3-ae27-c6b4500ab73a/export {"uuid": "fe53e6dd-f46f-4cf3-ae27-c6b4500ab73a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48617", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities_20260622", "content": "", "creation_timestamp": "2026-06-21T19:00:00.000000Z"} {"uuid": "fe53e6dd-f46f-4cf3-ae27-c6b4500ab73a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48617", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities_20260622", "content": "", "creation_timestamp": "2026-06-21T19:00:00.000000Z"} https://vulnerability.circl.lu/sighting/fe53e6dd-f46f-4cf3-ae27-c6b4500ab73a/export Sun, 21 Jun 2026 19:00:00 +0000 https://vulnerability.circl.lu/sighting/db639bef-6ed0-47e6-abc8-e762f980340d/export {"uuid": "db639bef-6ed0-47e6-abc8-e762f980340d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48615", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities_20260622", "content": "", "creation_timestamp": "2026-06-21T19:00:00.000000Z"} {"uuid": "db639bef-6ed0-47e6-abc8-e762f980340d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48615", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities_20260622", "content": "", "creation_timestamp": "2026-06-21T19:00:00.000000Z"} https://vulnerability.circl.lu/sighting/db639bef-6ed0-47e6-abc8-e762f980340d/export Sun, 21 Jun 2026 19:00:00 +0000