{"vulnerability": "CVE-2026-8054", "sightings": [{"uuid": "206ea7db-8485-45e5-a33c-9354d0b545c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8054", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mnrziqchg72h", "content": "New private PoC added for CVE-2026-8054.\n\nUnauthenticated SQL Injection in the dotCMS Publish Audit API.\n\nAffected endpoints:\n\nPOST /api/auditPublishing/getAll\nPOST /api/auditPublishing/get\n\nAffect\u2026\n\n\ud83d\udd01 RT @ethicalhack3r | reposted by @HackingLZ\nhttps://x.com/ethicalhack3r/status/2063995950503166061", "creation_timestamp": "2026-06-08T15:42:59.220612Z"}, {"uuid": "8be23085-2388-4152-98e1-1d0a7aae5d7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8054", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mmtx4dglos2m", "content": "\ud83d\udea8 Critical SQL injection flaw in dotCMS Core: CVE-2026-8054 (CVSS 10.0)\n\nUnauthenticated attackers can read, modify, or destroy database content through exposed Publish Audit API endpoints.\n\n\ud83d\udd17 basefortify.eu/cve_reports/...\n\n#CVE #dotCMS #CyberSecurity", "creation_timestamp": "2026-05-27T16:40:57.876650Z"}, {"uuid": "7558909b-0bf3-4316-8fde-0566224fb15a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8054", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mmtx4ikisk2m", "content": "\ud83d\udea8 Critical SQL injection flaw in dotCMS Core: CVE-2026-8054 (CVSS 10.0)\n\nUnauthenticated attackers can read, modify, or destroy database content through exposed Publish Audit API endpoints.\n\n\ud83d\udd17 basefortify.eu/cve_reports/...\n\n#CVE #dotCMS #CyberSecurity", "creation_timestamp": "2026-05-27T16:40:58.408730Z"}, {"uuid": "a0badd72-267b-467d-a72e-9c0b940050d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8054", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mmtx4n6tus2m", "content": "\ud83d\udea8 Critical SQL injection flaw in dotCMS Core: CVE-2026-8054 (CVSS 10.0)\n\nUnauthenticated attackers can read, modify, or destroy database content through exposed Publish Audit API endpoints.\n\n\ud83d\udd17 basefortify.eu/cve_reports/...\n\n#CVE #dotCMS #CyberSecurity", "creation_timestamp": "2026-05-27T16:40:58.920632Z"}, {"uuid": "7b9d63a6-f89f-4ea4-9985-fab0c1ec31e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-8054", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmthwqhajr2p", "content": "CVE-2026-8054 - Unauthenticated SQL Injection in dotCMS Publish Audit API\nCVE ID : CVE-2026-8054\n \n Published : 27 May 2026, 9:16 a.m. | 1\u00a0hour, 53\u00a0minutes ago\n \n Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in the Publish ...", "creation_timestamp": "2026-05-27T12:08:49.629086Z"}]}