{"vulnerability": "CVE-2026-5574", "sightings": [{"uuid": "e3a39176-b36a-4358-b9e5-4f86a7f09305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5574", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mir4vbrh3322", "content": "", "creation_timestamp": "2026-04-05T16:05:06.555269Z"}, {"uuid": "7a7d79e7-eaa6-4134-a23d-f377588b75d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55743", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moitszfh732r", "content": "CVE-2026-55743 - OpenHuman desktop agent shell tool sandbox bypass leads to arbitrary command execution\nCVE ID : CVE-2026-55743\n \n Published : June 17, 2026, 2:08 p.m. | 3\u00a0hours ago\n \n Description : The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop ag...", "creation_timestamp": "2026-06-17T17:32:35.940467Z"}, {"uuid": "92ddf14f-03d0-4062-bd72-851d6e4e360d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-55740", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mok5mk3xxz2l", "content": "CRITICAL: Nur-Alam39 bus-ticket has an unauthenticated SQL injection in bus_info.php (busid param). MySQL root with no password. Restrict or patch ASAP! https://radar.offseq.com/threat/cve-2026-55740-cwe-89-improper-neutralization-of-s-40562f666d6be857 #OffSeq #SQLInjection #Security", "creation_timestamp": "2026-06-18T06:00:36.114235Z"}, {"uuid": "5f6d75ea-6695-46a3-b7e0-cd56a5a26877", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55746", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokfef3ozz2z", "content": "CVE-2026-55746 - Cotonti stored XSS via PFS folder title\nCVE ID : CVE-2026-55746\n \n Published : June 18, 2026, 6:46 a.m. | 55\u00a0minutes ago\n \n Description : Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (...", "creation_timestamp": "2026-06-18T08:19:11.697519Z"}, {"uuid": "58f58509-4ee6-47f8-9fdd-cdd4978feedb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55741", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokfm3ma622v", "content": "CVE-2026-55741 - Cotonti CSRF in admin.config.php allows unauthorized configuration changes\nCVE ID : CVE-2026-55741\n \n Published : June 18, 2026, 6:04 a.m. | 1\u00a0hour, 38\u00a0minutes ago\n \n Description : Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Requ...", "creation_timestamp": "2026-06-18T08:23:30.541057Z"}, {"uuid": "ea21e7af-2991-4f17-9f1d-c677d0b09c92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55740", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokfv23zx62i", "content": "CVE-2026-55740 - SQL Injection in Nur-Alam39 bus-ticket bus_info.php via busid parameter\nCVE ID : CVE-2026-55740\n \n Published : June 18, 2026, 5:48 a.m. | 1\u00a0hour, 54\u00a0minutes ago\n \n Description : Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e4...", "creation_timestamp": "2026-06-18T08:28:31.114269Z"}, {"uuid": "913d659e-0b36-4129-b278-0ecb0e400d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55744", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokggxn5qs27", "content": "CVE-2026-55744 - Cotonti CSRF in PFS allows forced arbitrary file upload\nCVE ID : CVE-2026-55744\n \n Published : June 18, 2026, 6:06 a.m. | 1\u00a0hour, 35\u00a0minutes ago\n \n Description : Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the ...", "creation_timestamp": "2026-06-18T08:38:32.277994Z"}, {"uuid": "e00abc7c-bebd-4bd0-b77b-37a6976f5a4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55742", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokgyupp3y2v", "content": "CVE-2026-55742 - Cotonti CSRF in admin.rights.php allows privilege escalation\nCVE ID : CVE-2026-55742\n \n Published : June 18, 2026, 6:05 a.m. | 1\u00a0hour, 37\u00a0minutes ago\n \n Description : Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in...", "creation_timestamp": "2026-06-18T08:48:33.285495Z"}]}