{"vulnerability": "CVE-2026-1137", "sightings": [{"uuid": "1c2ac81d-ffbf-4cde-aac3-c656ba129fab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1137", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mcqxtsnhgs2w", "content": "", "creation_timestamp": "2026-01-19T06:03:36.140252Z"}, {"uuid": "34140d9a-218b-4436-a59a-a5752836bfa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1137", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mcr37zbymc2x", "content": "", "creation_timestamp": "2026-01-19T07:04:06.660720Z"}, {"uuid": "cc51e653-323e-4f78-bb3b-0fe0d521d4f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11373", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3movcgijivh2f", "content": "CVE-2026-11373: Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections", "creation_timestamp": "2026-06-22T16:25:58.526144Z"}, {"uuid": "aab6a86c-d652-454b-b6be-a35820d8b62c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11373", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3movras5v4l2d", "content": "Perl\u7528 Net::Statsite::Client \u30d0\u30fc\u30b8\u30e7\u30f31.1.0\u307e\u3067\u306b\u306f\u3001\u30e1\u30c8\u30ea\u30c3\u30af\u540d\u3084\u5024\u306e\u5165\u529b\u691c\u8a3c\u4e0d\u5099\u306b\u3088\u308b\u30e1\u30c8\u30ea\u30c3\u30af\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u3001\u653b\u6483\u8005\u306f\u4e0d\u6b63\u306a\u30e1\u30c8\u30ea\u30c3\u30af\u3092\u633f\u5165\u3067\u304d\u2026\nCVE-2026-11373 CVSS 9.1 | CRITICAL", "creation_timestamp": "2026-06-22T20:51:13.239043Z"}, {"uuid": "a8c5c901-c1f2-46c9-a289-66bf469070ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11374", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mox6zvolwn2f", "content": "Zoho ManageEngine ADSelfService Plus faces CRITICAL CVE-2026-11374: predictable SSO tickets let attackers hijack accounts. No patch \u2014 monitor vendor updates and restrict access. https://radar.offseq.com/threat/cve-2026-11374-cwe-340-generation-of-predictable-n-3400726b0246539c #OffSeq #Zoho #SSO", "creation_timestamp": "2026-06-23T10:30:35.844123Z"}, {"uuid": "a248eeb5-a98f-465c-b87f-80494043795d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11374", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116798955994793705", "content": "Zoho ManageEngine ADSelfService Plus hit by CRITICAL CVE-2026-11374: predictable SSO tickets enable unauthenticated account takeover. No patch yet \u2014 monitor advisories and review exposure. https://radar.offseq.com/threat/cve-2026-11374-cwe-340-generation-of-predictable-n-3400726b0246539c #OffSeq #Zoho #Vuln #SSO #Infosec", "creation_timestamp": "2026-06-23T10:30:36.922945Z"}, {"uuid": "a42cd323-f3de-4990-8b79-8008434b5d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moxbkdgb2s2j", "content": "CVE-2026-11374 - Account Takeover via Predictable SSO Ticket Generation\nCVE ID : CVE-2026-11374\n \n Published : 23 juin 2026 08:19 | 1\u00a0heure, 23\u00a0minutes ago\n \n Description : In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO t...", "creation_timestamp": "2026-06-23T11:15:33.375690Z"}, {"uuid": "86f97166-4135-463c-889f-eedd6dbad20e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11373", "type": "seen", "source": "https://bsky.app/profile/cybersecinsight.bsky.social/post/3moxcwkfb3t24", "content": "\ud83d\udd0d Vulnerability Spotlight | Part 2/3\n\n\u26a0\ufe0f CVE-2026-11373\n\nNet::Statsite::Client versions through 1.1.0 for Perl allow metric injections.\n\nNet::Statsite::Client is a client for the statsite protocol, which ...", "creation_timestamp": "2026-06-23T11:40:16.953492Z"}, {"uuid": "84033b7a-b17f-44a7-b822-0825637b0573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116804624818581404", "content": "A lot of offensive activities were identified targeting Zoho ManageEngine ADSelfService Plus and other products (CVE-2026-11374) https://vuldb.com/vuln/372876/cti", "creation_timestamp": "2026-06-24T10:32:12.577287Z"}, {"uuid": "c73973f8-d391-4a14-b29c-3119e3ec7890", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11370", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mp35mzgj5r2y", "content": "CVE-2026-11370 wp-meta-seo (CVSS Score 6.4) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-25T00:16:07.431890Z"}, {"uuid": "57344709-d02c-48fb-ab58-ef9edc42ae0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-11379", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20260625", "content": "", "creation_timestamp": "2026-06-25T05:45:29.811241Z"}, {"uuid": "729892f5-557f-4632-8342-c3392164a489", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11379", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp3qvr4vl42z", "content": "CVE-2026-11379 - Incorrect Authorization in GitLab\nCVE ID : CVE-2026-11379\n \n Published : June 25, 2026, 4:33 a.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, an...", "creation_timestamp": "2026-06-25T06:01:01.617550Z"}, {"uuid": "e6d7f9b5-6c55-47e1-ae17-a8f03d2cc559", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mp4dmpv6ch2c", "content": "CVE-2026-11374: Critical AD360 SSO Flaw Lets Attackers Predict Login Tickets and Take Over Enterprise Accounts +\u00a0Video\n\n\ud83e\udde8 Introduction: A Silent Identity Crisis Inside Enterprise Access Systems A newly disclosed high-severity vulnerability, CVE-2026-11374, has sent shockwaves through enterprise\u2026", "creation_timestamp": "2026-06-25T11:35:59.900879Z"}, {"uuid": "54ba1657-bddb-45c8-ab5c-3a65ac5d7ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11379", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mp4eyhphwq2c", "content": "\ud83d\udd17 CVE : CVE-2026-0934, CVE-2026-10086, CVE-2026-10712, CVE-2026-11379, CVE-2026-12053, CVE-2026-12635, CVE-2026-1606, CVE-2026-2238, CVE-2026-3176, CVE-2026-5309, CVE-2026-5796, CVE-2026-5952, CVE-2026-8330", "creation_timestamp": "2026-06-25T12:00:27.124524Z"}, {"uuid": "ef16a8d0-1fc1-4916-b40a-5316baecd9e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mp4jjvhv7ji2", "content": "ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers ManageEngine has disclosed a high-severity vulnerability, tracked as CVE-2026-11374, affecting several of...\n\n#Cyber #Security #News #Vulnerability #News #cyber [\u2026] \n\n[Original post on cybersecuritynews.com]", "creation_timestamp": "2026-06-25T13:23:26.492856Z"}, {"uuid": "4cbcc1b9-2b03-46b0-8ab8-4bb88d22f89f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mp5m7w6jmf2g", "content": "ManageEngine AD360 SSO Token Prediction Flaw \u2013 CVE-2026-11374: Critical Account Takeover Vulnerability Exposes Enterprise Identity Infrastructure +\u00a0Video\n\nIntroduction: A critical security vulnerability identified as CVE-2026-11374 has been disclosed in ManageEngine's AD360 identity and access\u2026", "creation_timestamp": "2026-06-25T23:42:33.744828Z"}, {"uuid": "4967b1a7-fb2f-4054-8d86-24d3b5e60727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/newsarea.bsky.social/post/3mp5n3ziczq27", "content": "ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to\u00a0Attackers\n\nManageEngine has disclosed a high-severity vulnerability, tracked as CVE-2026-11374, affecting several of its identity and access management solutions when integrated with AD360. The flaw could allow\u2026", "creation_timestamp": "2026-06-25T23:58:17.224266Z"}, {"uuid": "7d21c00f-a9d4-43a3-961c-28423a31c5c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mpfp3qxla52y", "content": "CVE-2026-11374: Account takeover vulnerability in ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus", "creation_timestamp": "2026-06-29T04:55:12.496902Z"}, {"uuid": "b5e76912-2a69-4542-b089-6963923f12c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11374", "type": "seen", "source": "https://infosec.exchange/users/threatcodex/statuses/116833787223899004", "content": "CVE-2026-11374: Account takeover vulnerability in ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus#CVE_2026_11374 #ManageEngine https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html", "creation_timestamp": "2026-06-29T14:08:35.118827Z"}]}