https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 26 Jun 2026 07:20:04 +0000 https://vulnerability.circl.lu/sighting/a81a7a63-56f6-469c-b559-143d8b71dd92/export {"uuid": "a81a7a63-56f6-469c-b559-143d8b71dd92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49187", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh3hnyo5s2x", "content": "CVE-2026-49187 - Hard-coded APK Resource Credentials & Scepters\nCVE ID : CVE-2026-49187\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misu...", "creation_timestamp": "2026-06-04T07:18:53.954770Z"} {"uuid": "a81a7a63-56f6-469c-b559-143d8b71dd92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49187", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh3hnyo5s2x", "content": "CVE-2026-49187 - Hard-coded APK Resource Credentials & Scepters\nCVE ID : CVE-2026-49187\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misu...", "creation_timestamp": "2026-06-04T07:18:53.954770Z"} https://vulnerability.circl.lu/sighting/a81a7a63-56f6-469c-b559-143d8b71dd92/export Thu, 04 Jun 2026 07:18:53 +0000 https://vulnerability.circl.lu/sighting/7a0aee5a-1fac-4904-b63b-1be8f2d93368/export {"uuid": "7a0aee5a-1fac-4904-b63b-1be8f2d93368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49186", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh3yc4mof24", "content": "CVE-2026-49186 - Lack of MQTT Broker Topic Access Control Lists\nCVE ID : CVE-2026-49186\n \n Published : June 4, 2026, 4:17 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to s...", "creation_timestamp": "2026-06-04T07:28:11.928680Z"} {"uuid": "7a0aee5a-1fac-4904-b63b-1be8f2d93368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49186", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh3yc4mof24", "content": "CVE-2026-49186 - Lack of MQTT Broker Topic Access Control Lists\nCVE ID : CVE-2026-49186\n \n Published : June 4, 2026, 4:17 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to s...", "creation_timestamp": "2026-06-04T07:28:11.928680Z"} https://vulnerability.circl.lu/sighting/7a0aee5a-1fac-4904-b63b-1be8f2d93368/export Thu, 04 Jun 2026 07:28:11 +0000 https://vulnerability.circl.lu/sighting/1bc7acba-4f2b-42f4-9ab6-9bfd1298d37e/export {"uuid": "1bc7acba-4f2b-42f4-9ab6-9bfd1298d37e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49189", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnh44fcjsw2f", "content": "Acer Connect M6E 5G WiFi Router faces a HIGH severity flaw (CVE-2026-49189): local apps can gain admin control. No patch yet \u2014 restrict device access & monitor updates. https://radar.offseq.com/threat/cve-2026-49189-cwe-269-improper-privilege-manageme-7d497fd8 #OffSeq #Acer #Security", "creation_timestamp": "2026-06-04T07:30:29.694579Z"} {"uuid": "1bc7acba-4f2b-42f4-9ab6-9bfd1298d37e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49189", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnh44fcjsw2f", "content": "Acer Connect M6E 5G WiFi Router faces a HIGH severity flaw (CVE-2026-49189): local apps can gain admin control. No patch yet \u2014 restrict device access & monitor updates. https://radar.offseq.com/threat/cve-2026-49189-cwe-269-improper-privilege-manageme-7d497fd8 #OffSeq #Acer #Security", "creation_timestamp": "2026-06-04T07:30:29.694579Z"} https://vulnerability.circl.lu/sighting/1bc7acba-4f2b-42f4-9ab6-9bfd1298d37e/export Thu, 04 Jun 2026 07:30:29 +0000 https://vulnerability.circl.lu/sighting/24f57448-f025-40c8-99fa-53008d235119/export {"uuid": "24f57448-f025-40c8-99fa-53008d235119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49189", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116690663960529131", "content": "HIGH severity: CVE-2026-49189 in Acer Connect M6E 5G WiFi Router lets unauthorized local apps invoke admin ops via improper privilege management. No patch yet \u2014 restrict local access & monitor for updates. Details: https://radar.offseq.com/threat/cve-2026-49189-cwe-269-improper-privilege-manageme-7d497fd8 #OffSeq #Acer #Vuln #Cybersecurity", "creation_timestamp": "2026-06-04T07:30:37.582621Z"} {"uuid": "24f57448-f025-40c8-99fa-53008d235119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49189", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116690663960529131", "content": "HIGH severity: CVE-2026-49189 in Acer Connect M6E 5G WiFi Router lets unauthorized local apps invoke admin ops via improper privilege management. No patch yet \u2014 restrict local access & monitor for updates. Details: https://radar.offseq.com/threat/cve-2026-49189-cwe-269-improper-privilege-manageme-7d497fd8 #OffSeq #Acer #Vuln #Cybersecurity", "creation_timestamp": "2026-06-04T07:30:37.582621Z"} https://vulnerability.circl.lu/sighting/24f57448-f025-40c8-99fa-53008d235119/export Thu, 04 Jun 2026 07:30:37 +0000 https://vulnerability.circl.lu/sighting/af38c5e8-b352-4856-ad9e-4cd6199ac3b4/export {"uuid": "af38c5e8-b352-4856-ad9e-4cd6199ac3b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49188", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh4k7b65v2k", "content": "CVE-2026-49188 - Elevated Root Command Execution via ai_cmd Sockets\nCVE ID : CVE-2026-49188\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : The\u00a0ai_cmd\u00a0utility executes with full root permissions. It pipes socket inputs directly to\u00a0popen(), paving the w...", "creation_timestamp": "2026-06-04T07:38:12.592103Z"} {"uuid": "af38c5e8-b352-4856-ad9e-4cd6199ac3b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49188", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh4k7b65v2k", "content": "CVE-2026-49188 - Elevated Root Command Execution via ai_cmd Sockets\nCVE ID : CVE-2026-49188\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : The\u00a0ai_cmd\u00a0utility executes with full root permissions. It pipes socket inputs directly to\u00a0popen(), paving the w...", "creation_timestamp": "2026-06-04T07:38:12.592103Z"} https://vulnerability.circl.lu/sighting/af38c5e8-b352-4856-ad9e-4cd6199ac3b4/export Thu, 04 Jun 2026 07:38:12 +0000 https://vulnerability.circl.lu/sighting/566597f6-334e-4fb1-b709-139ced411ce1/export {"uuid": "566597f6-334e-4fb1-b709-139ced411ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49189", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh4t5pwyz2g", "content": "CVE-2026-49189 - Broadcast Receiver Privilege Escalation\nCVE ID : CVE-2026-49189\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke adm...", "creation_timestamp": "2026-06-04T07:43:12.921302Z"} {"uuid": "566597f6-334e-4fb1-b709-139ced411ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49189", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh4t5pwyz2g", "content": "CVE-2026-49189 - Broadcast Receiver Privilege Escalation\nCVE ID : CVE-2026-49189\n \n Published : June 4, 2026, 6:16 a.m. | 16\u00a0minutes ago\n \n Description : Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke adm...", "creation_timestamp": "2026-06-04T07:43:12.921302Z"} https://vulnerability.circl.lu/sighting/566597f6-334e-4fb1-b709-139ced411ce1/export Thu, 04 Jun 2026 07:43:12 +0000 https://vulnerability.circl.lu/sighting/512ac5d8-86d5-497a-ba0a-b98cbb6fe03d/export {"uuid": "512ac5d8-86d5-497a-ba0a-b98cbb6fe03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116693678894328091", "content": "It is possible to see elevated activities targeting Acer Connect M6E 5G Portable WiFi Router (CVE-2026-49185) https://vuldb.com/vuln/368247/cti", "creation_timestamp": "2026-06-04T20:17:22.686276Z"} {"uuid": "512ac5d8-86d5-497a-ba0a-b98cbb6fe03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116693678894328091", "content": "It is possible to see elevated activities targeting Acer Connect M6E 5G Portable WiFi Router (CVE-2026-49185) https://vuldb.com/vuln/368247/cti", "creation_timestamp": "2026-06-04T20:17:22.686276Z"} https://vulnerability.circl.lu/sighting/512ac5d8-86d5-497a-ba0a-b98cbb6fe03d/export Thu, 04 Jun 2026 20:17:22 +0000 https://vulnerability.circl.lu/sighting/e1ed6bb3-edfa-47ed-91a4-048d9811db24/export {"uuid": "e1ed6bb3-edfa-47ed-91a4-048d9811db24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxrnszke52t", "content": "\ud83d\udea8 CRITICAL ALERT: CVE-2026-49185\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe FieldX MDM adb messaging topic passes unverified payloads directly into\u00a0Runtime.exec(), allowing command/instruction injection.\n\n\ud83c\udfaf WHO'S AFFECTED:\n \u2022 See NVD for affected products\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown vector\n", "creation_timestamp": "2026-06-10T22:38:38.121914Z"} {"uuid": "e1ed6bb3-edfa-47ed-91a4-048d9811db24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxrnszke52t", "content": "\ud83d\udea8 CRITICAL ALERT: CVE-2026-49185\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe FieldX MDM adb messaging topic passes unverified payloads directly into\u00a0Runtime.exec(), allowing command/instruction injection.\n\n\ud83c\udfaf WHO'S AFFECTED:\n \u2022 See NVD for affected products\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown vector\n", "creation_timestamp": "2026-06-10T22:38:38.121914Z"} https://vulnerability.circl.lu/sighting/e1ed6bb3-edfa-47ed-91a4-048d9811db24/export Wed, 10 Jun 2026 22:38:38 +0000 https://vulnerability.circl.lu/sighting/84ceedd9-c43a-46c2-b04a-96daba4891cb/export {"uuid": "84ceedd9-c43a-46c2-b04a-96daba4891cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxsd7jbfj23", "content": "\ud83d\udea8 CRITICAL: Mobile Device Management Flaw Allows Full Device Takeover\n\nCVE-2026-49185 | CVSS 9.8 | Command Injection\n\n\ud83d\udccb WHAT IT IS:\nFieldX MDM \u2014 a mobile device management platform \u2014 passes unverified payloads directly into Runtime.exec(). This allows attackers to execute arbitrary commands on manag", "creation_timestamp": "2026-06-10T22:50:35.836819Z"} {"uuid": "84ceedd9-c43a-46c2-b04a-96daba4891cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxsd7jbfj23", "content": "\ud83d\udea8 CRITICAL: Mobile Device Management Flaw Allows Full Device Takeover\n\nCVE-2026-49185 | CVSS 9.8 | Command Injection\n\n\ud83d\udccb WHAT IT IS:\nFieldX MDM \u2014 a mobile device management platform \u2014 passes unverified payloads directly into Runtime.exec(). This allows attackers to execute arbitrary commands on manag", "creation_timestamp": "2026-06-10T22:50:35.836819Z"} https://vulnerability.circl.lu/sighting/84ceedd9-c43a-46c2-b04a-96daba4891cb/export Wed, 10 Jun 2026 22:50:35 +0000 https://vulnerability.circl.lu/sighting/64a8cf9d-2f44-46e4-93a2-608479aa8bb4/export {"uuid": "64a8cf9d-2f44-46e4-93a2-608479aa8bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49188", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxsdi5a5u2h", "content": "\ud83d\udea8 CRITICAL: AI Command Utility Runs as Root \u2014 Full System Compromise\n\nCVE-2026-49188 | CVSS 9.8 | Privilege Escalation\n\n\ud83d\udccb WHAT IT IS:\nThe ai_cmd utility in an AI development platform executes with full root permissions. It pipes socket inputs directly to popen(), allowing unauthenticated attackers t", "creation_timestamp": "2026-06-10T22:50:44.926639Z"} {"uuid": "64a8cf9d-2f44-46e4-93a2-608479aa8bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49188", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxsdi5a5u2h", "content": "\ud83d\udea8 CRITICAL: AI Command Utility Runs as Root \u2014 Full System Compromise\n\nCVE-2026-49188 | CVSS 9.8 | Privilege Escalation\n\n\ud83d\udccb WHAT IT IS:\nThe ai_cmd utility in an AI development platform executes with full root permissions. It pipes socket inputs directly to popen(), allowing unauthenticated attackers t", "creation_timestamp": "2026-06-10T22:50:44.926639Z"} https://vulnerability.circl.lu/sighting/64a8cf9d-2f44-46e4-93a2-608479aa8bb4/export Wed, 10 Jun 2026 22:50:44 +0000