{"vulnerability": "CVE-2026-5063", "sightings": [{"uuid": "bd366f25-a7cc-432d-922e-b655e081b8b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5063", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116512750014975316", "content": "Some increased actor activities are shown targeting webaways NEX-Forms Plugin (CVE-2026-5063) https://vuldb.com/vuln/360874/cti", "creation_timestamp": "2026-05-03T21:24:35.979203Z"}, {"uuid": "7b456c1d-16a8-4c56-8f84-120c224e8834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5063", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3ml5xzr7ehn2g", "content": "CVE-2026-5063 nex-forms-express-wp-form-builder (CVSS Score 7.2) #WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge", "creation_timestamp": "2026-05-06T05:33:05.118738Z"}, {"uuid": "65699637-c67e-4915-840e-27ec59f81006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5063", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mlxp2mqv2s2b", "content": "\u3010\u8106\u5f31\u6027\u60c5\u5831\u3011 CVE-2026-5063 NEX-Forms \u2013 Ultimate Forms Plugin for WordPress\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\n\n\u3053\u306e\u8106\u5f31\u6027\u306f\u3001WordPress\u7528\u306eNEX-Forms \u2013 Ultimate Forms Plugin\u306b\u5b58\u5728\u3057\u3001POST\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u30ad\u30fc\u540d\u3092\u901a\u3058\u3066Stored Cross-Site Scripting\u304c\u53ef\u80fd\u3067\u3059\u3002", "creation_timestamp": "2026-05-16T11:02:06.005319Z"}, {"uuid": "36422a25-231e-4efa-901c-5053b080e98b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50638", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnxgqgtcdm22", "content": "CVE-2026-50638: Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections", "creation_timestamp": "2026-06-10T19:23:14.915520Z"}, {"uuid": "a81d359a-745b-47ef-a444-73986970af3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50639", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnxgzfkxhr2s", "content": "CVE-2026-50639: Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections", "creation_timestamp": "2026-06-10T19:28:15.651376Z"}, {"uuid": "f121d7b9-aef6-478f-9f12-02b7ab78c277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50637", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnxhce4ahv24", "content": "CVE-2026-50637: Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections", "creation_timestamp": "2026-06-10T19:33:16.142127Z"}, {"uuid": "07a8a3f2-79af-4d51-9c1d-97b228aae3a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50630", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrdeb7n62w", "content": "CVE-2026-50630: Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection", "creation_timestamp": "2026-06-11T17:38:07.213914Z"}, {"uuid": "6d5700c5-f5bb-4934-b5d8-ea65ce178202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50631", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrq2n2dz2f", "content": "CVE-2026-50631: Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing", "creation_timestamp": "2026-06-11T17:45:12.947695Z"}, {"uuid": "ab55ca0a-8626-46d3-8ba7-61a8fb4e662e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50632", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrxqdwri25", "content": "CVE-2026-50632: Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory", "creation_timestamp": "2026-06-11T17:49:30.577152Z"}, {"uuid": "d0de61d3-9905-48d8-9760-a29996297a01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50633", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzw4xdw6y2h", "content": "CVE-2026-50633: Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl", "creation_timestamp": "2026-06-11T19:04:00.477741Z"}, {"uuid": "f54a222e-9706-442f-88f0-200042a6fdc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50634", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzzc7npcn2t", "content": "CVE-2026-50634: Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry", "creation_timestamp": "2026-06-11T20:00:38.317754Z"}, {"uuid": "1dbf0bad-022d-41a3-8b68-ee7696e99e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50632", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moapueqzdn2p", "content": "\ud83d\udfe0 CVE-2026-50632 - High (8.1)\n\nA further incomplete fix for\u00a0a previous advisory CVE-2026-44417\u00a0(Untrusted JMS configuration ca...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50632/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T12:00:29.021430Z"}, {"uuid": "4dbbb989-7e72-45d3-8c72-212ef67f367c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50633", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moapulsnzq2a", "content": "\ud83d\udfe0 CVE-2026-50633 - High (8.1)\n\nA JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50633/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T12:00:36.722054Z"}, {"uuid": "acaf6d53-41b7-4a8e-b96c-655c5bda656f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50633", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mq2lqwxoxc2b", "content": "\u300cApache CXF\u300d\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 - \u4fee\u6b63\u7248\u304c\u516c\u958b\n\n\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30b5\u30fc\u30d3\u30b9\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u300cApache CXF\u300d\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3002\u8106\u5f31\u6027\u3092\u4fee\u6b63\u3057\u305f\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u308b\u3002\n\n\u958b\u767a\u30c1\u30fc\u30e0\u306f\u3001\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9\u3059\u308b\u3068\u3068\u3082\u306b11\u4ef6\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u660e\u3089\u304b\u306b\u3057\u305f\u3082\u306e\u3002\u91cd\u8981\u5ea6\u304c4\u6bb5\u968e\u4e2d\u3001\u4e0a\u304b\u30892\u756a\u76ee\u306b\u3042\u305f\u308b\u300c\u91cd\u8981\uff08Important\uff09\u300d\u3068\u3055\u308c\u308b\u8106\u5f31\u6027\u30825\u4ef6\u542b\u307e\u308c\u308b\u3002\n\n\u5177\u4f53\u7684\u306b\u306f\u3001JCA\u7d71\u5408\u30e2\u30b8\u30e5\u30fc\u30eb\u306b\u304a\u3044\u3066\u3001\u300cJNDI\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u300d\u304c\u53ef\u80fd\u3068\u306a\u308b\u8106\u5f31\u6027\u300cCVE-2026-50633\u300d\u3092\u660e\u3089\u304b\u306b\u3057\u305f\u3002JCA\u306e\u30c7\u30d7\u30ed\u30a4\u8a18\u8ff0\u5b50\u300cra.xml\u300d\u3084\u5b9f\u884c\u6642\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u64cd\u4f5c\u3067...", "creation_timestamp": "2026-07-07T12:21:32.990824Z"}]}