{"vulnerability": "CVE-2026-5387", "sightings": [{"uuid": "0c162bce-7254-4f98-87b1-82a5d1617810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5387", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjkebra2h62o", "content": "", "creation_timestamp": "2026-04-15T16:53:52.147096Z"}, {"uuid": "f5cc5c5c-8785-4d40-9248-5211e37df1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5387", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-04", "content": "", "creation_timestamp": "2026-04-16T10:00:00.000000Z"}, {"uuid": "2a1e661d-50ef-48c5-a744-3a48eeefb623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5387", "type": "published-proof-of-concept", "source": "Telegram/pEQZ-8eBs6x0m1Bix4bkgGlpKgKFYdZvEwxqbKXARXHeBmM", "content": "", "creation_timestamp": "2026-04-15T17:20:59.000000Z"}, {"uuid": "775bbaf9-e767-4285-988c-8eeebc2742e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-53876", "type": "seen", "source": "https://jvn.jp/en/jp/JVN20769211", "content": "", "creation_timestamp": "2026-06-16T20:00:00.000000Z"}, {"uuid": "3b471525-c891-4820-bf84-b8417a94f0cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53873", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivgiq3wx2h", "content": "CVE-2026-53873 - picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass\nCVE ID : CVE-2026-53873\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 1.0.4 contains an incomplete blocklist for the profile module t...", "creation_timestamp": "2026-06-17T18:01:23.193148Z"}, {"uuid": "3b4fe301-22d2-4a25-a468-676eac2ff04b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53872", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivlzrdyp2b", "content": "CVE-2026-53872 - picklescan - Arbitrary File Read via Unsafe Pickle Deserialization\nCVE ID : CVE-2026-53872\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowi...", "creation_timestamp": "2026-06-17T18:04:28.771437Z"}, {"uuid": "7fdd1853-7580-4bd5-a043-86697c163622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53874", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moivozupwr2f", "content": "CVE-2026-53874 - picklescan - Arbitrary Code Execution via Obfuscated eval Call\nCVE ID : CVE-2026-53874\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthent...", "creation_timestamp": "2026-06-17T18:06:09.615269Z"}, {"uuid": "e87b79a1-92d2-4578-83f4-27477dd1a399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53875", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moixw6tkdm2z", "content": "CVE-2026-53875 - picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch\nCVE ID : CVE-2026-53875\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 37\u00a0minutes ago\n \n Description : picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch functi...", "creation_timestamp": "2026-06-17T18:45:57.086171Z"}, {"uuid": "54a8040e-e90a-420a-8736-ca62d37f10f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53871", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojayqynw62f", "content": "CVE-2026-53871 - Hermes WebUI\nCVE ID : CVE-2026-53871\n \n Published : June 17, 2026, 5:58 p.m. | 1\u00a0hour, 31\u00a0minutes ago\n \n Description : Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the get_profile_cookie() function that accepts unauthenticated...", "creation_timestamp": "2026-06-17T21:28:26.907341Z"}, {"uuid": "d4e340f5-7d1e-441c-a56a-c6173011e56c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-53872", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-9726-w42j-3qjr", "content": "", "creation_timestamp": "2026-01-08T17:25:35.000000Z"}, {"uuid": "89019c81-177d-4488-a232-7d36de446e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-53875", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-97f8-7cmv-76j2", "content": "", "creation_timestamp": "2026-02-18T17:45:52.000000Z"}, {"uuid": "f947e1f4-f887-407a-a5ea-b8940cfc8409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-53873", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-7wx9-6375-f5wh", "content": "", "creation_timestamp": "2026-03-03T20:03:35.000000Z"}, {"uuid": "4478b3d3-27e6-403e-bf9d-d53a598adf0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-53874", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-9m3x-qqw2-h32h", "content": "", "creation_timestamp": "2026-02-02T20:45:20.000000Z"}, {"uuid": "12166cd3-f696-4adb-bbda-fda1f675cdc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53874", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnkutt5o2l", "content": "\ud83d\udea8  ALERT: CVE-2026-53874\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\npicklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files th", "creation_timestamp": "2026-06-22T00:39:57.216188Z"}]}