{"vulnerability": "cve-2026-4124", "sightings": [{"uuid": "15076dea-d50b-4b30-8559-acfe2c342b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41248", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116462402932902110", "content": "", "creation_timestamp": "2026-04-25T00:00:46.878045Z"}, {"uuid": "01d24a17-ac07-49b0-aada-48fc44b20039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41248", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkbqdc3r752v", "content": "", "creation_timestamp": "2026-04-25T00:00:42.760571Z"}, {"uuid": "d3c9aabe-750f-4e9e-8755-e92e8650e263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3090", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Protocol Buffers (Protobuf) protobufjs \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-05548\nCVE-2026-41242\n\n\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5\nhttps://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1", "creation_timestamp": "2026-04-20T14:09:43.000000Z"}, {"uuid": "67d012b0-03c7-4f40-89aa-244aacfc8c4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4124", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mizx3j6hhm22", "content": "", "creation_timestamp": "2026-04-09T04:15:07.884631Z"}, {"uuid": "39b65b7a-1d5b-41c9-af1a-8a967e2ac790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjs5r3xnbt2i", "content": "", "creation_timestamp": "2026-04-18T19:18:28.454734Z"}, {"uuid": "3d3b2d68-6be2-462e-9fc8-19e3e379f1eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41242", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116429843971410399", "content": "", "creation_timestamp": "2026-04-19T06:00:30.622170Z"}, {"uuid": "d6de5554-5290-4610-9e5c-a71a6d2368da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41242", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mjtbn6tvbe2l", "content": "", "creation_timestamp": "2026-04-19T06:00:32.530303Z"}, {"uuid": "e5cc0e51-56d7-487d-b77c-8eabbfa53d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116430479808800500", "content": "", "creation_timestamp": "2026-04-19T08:42:12.281436Z"}, {"uuid": "c8daa126-e2e8-4818-85c9-a17bcfda0cdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4124", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mjvu5iszkn24", "content": "", "creation_timestamp": "2026-04-20T06:37:06.140154Z"}, {"uuid": "80e3f53b-5314-46e0-978c-a64d61c5d2ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41242", "type": "published-proof-of-concept", "source": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg", "content": "", "creation_timestamp": "2026-04-17T04:00:00.000000Z"}, {"uuid": "0a71a4ef-6285-4976-9ceb-28189162eff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mjxsw7mm4k2h", "content": "", "creation_timestamp": "2026-04-21T01:20:30.416177Z"}, {"uuid": "88fedd45-4cf7-4f89-9ae6-f5340187d2ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "seen", "source": "https://www.acn.gov.it/portale/w/libreria-protobufjs-disponibile-poc-per-lo-sfruttamento-della-cve-2026-41242", "content": "", "creation_timestamp": "2026-04-21T12:57:14.000000Z"}, {"uuid": "d4cb6d0c-45c0-4e11-851d-af2a77981a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41241", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mk6qvmqrys2q", "content": "", "creation_timestamp": "2026-04-23T19:32:58.831996Z"}, {"uuid": "4bb5ffc8-16e0-47c8-b215-335c06390d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41246", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mk6qvtzqbz2z", "content": "", "creation_timestamp": "2026-04-23T19:33:06.226869Z"}, {"uuid": "eb9d2cd5-4f70-44f4-afe8-3da2c87b70d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41248", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkbjlxyitp2w", "content": "", "creation_timestamp": "2026-04-24T22:00:17.854673Z"}, {"uuid": "fee2802e-be27-4ba1-b255-2aa59b1490a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41248", "type": "seen", "source": "https://bsky.app/profile/hexmortem.bsky.social/post/3mkfpzex4n723", "content": "", "creation_timestamp": "2026-04-26T14:05:49.285505Z"}, {"uuid": "37f50c74-014b-4f8f-b2d3-e7ab397c6e37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "published-proof-of-concept", "source": "Telegram/x12vbbUj9eUCE8CmwEAAyNGNC_B8MsPtTe6lQq2voLeHmZk", "content": "", "creation_timestamp": "2026-04-18T19:15:08.000000Z"}, {"uuid": "6b18bf11-bb0e-4567-9cbe-af491febccbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41242", "type": "published-proof-of-concept", "source": "Telegram/R85q5mAF-_-h3phwgiJ0Y2SWWwG84cWRlWRRB1ACIs5b5lM", "content": "", "creation_timestamp": "2026-04-26T21:00:04.000000Z"}, {"uuid": "fd468801-5c74-4407-a40a-093cd6d1fff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41246", "type": "published-proof-of-concept", "source": "Telegram/wY3PGk1V7kusFG8GbDK0g0CtGhXXIm9U_sDC-frBku-7BiY", "content": "", "creation_timestamp": "2026-04-23T21:26:07.000000Z"}, {"uuid": "5f07a5f1-2589-4cb6-9628-a4977201033d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41247", "type": "published-proof-of-concept", "source": "Telegram/wY3PGk1V7kusFG8GbDK0g0CtGhXXIm9U_sDC-frBku-7BiY", "content": "", "creation_timestamp": "2026-04-23T21:26:07.000000Z"}, {"uuid": "b30c3caf-8fa3-4982-ae65-d2d33a4ad5ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41241", "type": "published-proof-of-concept", "source": "Telegram/wY3PGk1V7kusFG8GbDK0g0CtGhXXIm9U_sDC-frBku-7BiY", "content": "", "creation_timestamp": "2026-04-23T21:26:07.000000Z"}, {"uuid": "bab627a3-371c-490d-88b9-230d0ebc8696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41248", "type": "seen", "source": "https://bsky.app/profile/hexmortem.com/post/3mkrt3po63422", "content": "CVE-2026-41248 \u2014 Clerk middleware bypass.\n\nMiddleware tests the raw URL; framework router decodes before dispatch. /api/%61dmin/users \u2192 middleware reads \"%61dmin\", PASS. Handler reads \"admin\", runs unauthenticated.\n\nAffected: @clerk/shared \u2264 3.47.3 (nextjs/nuxt/astro). Fixed b0b6675bad.", "creation_timestamp": "2026-05-01T09:32:45.015685Z"}, {"uuid": "080cea61-c9ca-4875-9c42-635f90f0a04d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41241", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmthqixxht2m", "content": "\u30b9\u30d4\u30fc\u30ab\u30fc\u767b\u58c7\u3092\u78ba\u5b9f\u306b\u3059\u308b\u65b9\u6cd5\uff1a\u6587\u5b57\u901a\u308a\u30b7\u30b9\u30c6\u30e0\u3092\u30cf\u30c3\u30af\u3059\u308b\n\n\u3042\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u304c\u3001\u30c6\u30c3\u30af\u30ab\u30f3\u30d5\u30a1\u30ec\u30f3\u30b9\u306b\u30b9\u30d4\u30fc\u30ab\u30fc\u7533\u8acb\u3092\u78ba\u5b9f\u306b\u53d7\u7406\u3055\u305b\u308b\u4e07\u5168\u306e\u65b9\u6cd5\u3092\u898b\u3064\u3051\u305f\u3002\u305d\u306e\u30b7\u30b9\u30c6\u30e0\u81ea\u4f53\u3092\u30cf\u30c3\u30af\u3059\u308b\u3068\u3044\u3046\u3082\u306e\u3060\u3002CVE-2026-41241 \u306f\u3001\u30ab\u30f3\u30d5\u30a1\u30ec\u30f3\u30b9\u4e3b\u50ac\u8005\u304c\u30b9\u30d4\u30fc\u30ab\u30fc\u7533\u8acb\u3068\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u7ba1\u7406\u306b\u4f7f\u7528\u3059\u308b\u4eba\u6c17\u306e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30c4\u30fc\u30eb\u300cpretalx\u300d\u306b\u5b58\u5728\u3059\u308b\u3001\u4fdd\u5b58\u578b\u30af\u30ed\u30b9", "creation_timestamp": "2026-05-27T12:05:20.575499Z"}, {"uuid": "794dc1c6-b36c-4e38-95dd-7e2a0dfd3c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41240", "type": "published-proof-of-concept", "source": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m", "content": "", "creation_timestamp": "2026-04-20T12:41:58.000000Z"}, {"uuid": "b0324ea1-e203-4583-b2c5-9328af2a5232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41241", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmutv6zlc32d", "content": "CVE-2026-41241 in Pretalx exposed a stored XSS flaw that let registered speakers run JavaScript in organizers' browsers during submission searches. Patched in 2026.1.0. #Pretalx #CVE202641241 #XSS", "creation_timestamp": "2026-05-28T01:15:23.388934Z"}, {"uuid": "e9718abf-fa00-451c-a6cc-0c042223498d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41244", "type": "published-proof-of-concept", "source": "https://github.com/notamitgamer/mojic/security/advisories/GHSA-wqq3-wfmp-v85g", "content": "", "creation_timestamp": "2026-04-15T08:23:19.000000Z"}]}