{"vulnerability": "cve-2026-1253", "sightings": [{"uuid": "14195179-89ae-4c85-9592-458bf646147c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12530", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mojcrnyd3x2t", "content": "CRITICAL: AWS Bedrock AgentCore Python SDK (v1.1.3 \u2013 1.6.1) is vulnerable (CVE-2026-12530). Attackers can bypass package validation. Check your versions &amp; update! https://radar.offseq.com/threat/cve-2026-12530-improper-neutralization-of-argument-917f42dfcc3cfd56 #OffSeq #AWSSecurity #Python", "creation_timestamp": "2026-06-17T22:00:17.050244Z"}, {"uuid": "2d28967e-e65a-4bee-9d5c-8e21aa29b37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12530", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojicjxaln2z", "content": "CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()\nCVE ID : CVE-2026-12530\n \n Published : June 17, 2026, 9:05 p.m. | 2\u00a0hours, 25\u00a0minutes ago\n \n Description : Improper neutralization of argument delimiters in t...", "creation_timestamp": "2026-06-17T23:39:11.209189Z"}, {"uuid": "67dfe455-f005-46ba-9973-b07f0763cfc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2ie25yct2k", "content": "CVE-2026-12537 - Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows\nCVE ID : CVE-2026-12537\n \n Published : June 24, 2026, 1:37 p.m. | 3\u00a0hours, 33\u00a0minutes ago\n \n Description : Improper Neutralization used in an OS Command in the container launcher in Google Gem...", "creation_timestamp": "2026-06-24T17:55:17.558979Z"}, {"uuid": "21eca65d-fc0d-45a7-a735-2486bbb15e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12537", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpfd3vdhxd2f", "content": "Gemini CLI Vulnerability Hits Maximum CVSS 10\u00a0Score\n\nA critical Gemini CLI vulnerability (CVE-2026-12537) exposes developer workflows to maximum severity attacks. Google disclosed this CVSS 10 rating flaw recently. TL;DR A critical Gemini CLI vulnerability allows OS command injection in continuous\u2026", "creation_timestamp": "2026-06-29T01:20:33.393042Z"}, {"uuid": "24e60155-cd97-4e2e-b7e5-c75f9827a367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12535", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqk7lekcft2w", "content": "CVE-2026-12535 - drupal/formatter_field\nAn attacker with permission to edit certain content in Drupal can inject malicious data into the Formatter Field. This can happen when the core\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#drupal #Packagisthttpspackagesdrupalorg8 #CVE #infosec", "creation_timestamp": "2026-07-13T17:26:06.745012Z"}, {"uuid": "6b27f752-c750-4a47-945c-5f9d2ac3001c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12536", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqknu2mb5q2x", "content": "CVE-2026-12536 - Avada Builder\nCVE ID : CVE-2026-12536\n \n Published : July 13, 2026, 8:16 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Module Title\u2019 parameter in all version...", "creation_timestamp": "2026-07-13T21:41:30.907989Z"}]}