{"vulnerability": "cve-2026-4228", "sightings": [{"uuid": "85c9d70a-c07c-4448-b4e1-c22b57318958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42281", "type": "seen", "source": "Telegram/Bh4iyBQIMN2Hl9Jl9GcG_tuPw1Psk_odE0qn4w68HKrpiOc", "content": "", "creation_timestamp": "2026-05-01T03:00:05.000000Z"}, {"uuid": "945732ec-4b8d-4429-a7fe-6bb5c0c6db8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42285", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlbh7mgfrb2k", "content": "CVE-2026-42285 - GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)\nCVE ID : CVE-2026-42285\n \n Published : May 7, 2026, 11:53 a.m. | 31\u00a0minutes ago\n \n Description : GoBGP is an open source Border Gateway Protocol (BGP) implementation in th...", "creation_timestamp": "2026-05-07T14:42:46.870368Z"}, {"uuid": "11695533-d600-484f-a52f-3ecb025f019c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42285", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbvmgeszn2n", "content": "\ud83d\udfe0 CVE-2026-42285 - High (7.5)\n\nGoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Langua...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42285/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T19:00:29.638692Z"}, {"uuid": "d3ccd7f0-40da-4108-acec-4b7e30d2f67c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42286", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlet2n2rk22i", "content": "CVE-2026-42286 - Emlog: Cross-Site Request Forgery in Admin Functions\nCVE ID : CVE-2026-42286\n \n Published : May 8, 2026, 9:51 p.m. | 34\u00a0minutes ago\n \n Description : Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical a...", "creation_timestamp": "2026-05-08T22:52:43.763380Z"}, {"uuid": "0106b2df-c74e-4bca-92e4-f27b0a2fea69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42284", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbylh62rw2e", "content": "\ud83d\udfe0 CVE-2026-42284 - High (8.1)\n\nGitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42284/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T19:53:37.965353Z"}, {"uuid": "e0dd2b0a-e1be-4453-8a0a-f0aff7df5b73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42284", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlc4tzzicm2t", "content": "CVE-2026-42284 - GitPython: Unsafe option check validates multi_options before shlex.split transforms it\nCVE ID : CVE-2026-42284\n \n Published : May 7, 2026, 7:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : GitPython is a python library used to interact with Git repositories....", "creation_timestamp": "2026-05-07T21:10:00.986526Z"}, {"uuid": "a38f009a-73f3-476e-9586-cab9290740bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42284", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlcnhcptfx2u", "content": "\ud83d\udccc CVE-2026-42284 - GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, ... https://www.cyberhub.blog/cves/CVE-2026-42284", "creation_timestamp": "2026-05-08T02:07:07.656420Z"}, {"uuid": "1d68153d-bb94-4dc3-a907-de28ffd61ea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42287", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlet7jh4en2e", "content": "CVE-2026-42287 - Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions\nCVE ID : CVE-2026-42287\n \n Published : May 8, 2026, 9:51 p.m. | 34\u00a0minutes ago\n \n Description : Emlog is an open source website building system. Prior to version 2.6....", "creation_timestamp": "2026-05-08T22:55:27.994088Z"}, {"uuid": "204464d6-f1cc-470b-8e63-021457d8738f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42282", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mletzddp7z2k", "content": "CVE-2026-42282 - n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode\nCVE ID : CVE-2026-42282\n \n Published : May 8, 2026, 8:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : n8n-MCP is an MCP server that provides AI assistants access to n8n ...", "creation_timestamp": "2026-05-08T23:09:53.752928Z"}, {"uuid": "d84cc6c1-6a99-493e-ad2f-ebdcea2b641a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42288", "type": "seen", "source": "https://bsky.app/profile/cyberlensai.bsky.social/post/3mlph3pnr4j2c", "content": "Fresh CVE alert: CVE-2026-42288 Security Alert: CRITICAL Vulnerability\n\nCVE-2026-42288 CRITICAL alert. Immediate action\u2026\n\nhttps://cyberlensai.com/news/security-alert-cve-2026-42288\n\n#CyberSecurity #AppSec #VulnerabilityManagement", "creation_timestamp": "2026-05-13T04:17:52.329662Z"}, {"uuid": "1ef6d8a1-dd05-4a23-bf7d-5a9e6defb4f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42281", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116573877881665674", "content": "\ud83d\udea8 CVE-2026-42281: CRITICAL SSRF in MagicMirror\u00b2 (<2.36.0)! /cors endpoint lets unauthenticated attackers scan internal networks & exfiltrate environment secrets. Upgrade to 2.36.0+ now! https://radar.offseq.com/threat/cve-2026-42281-cwe-918-server-side-request-forgery-3c9e7191 #OffSeq #SSRF #MagicMirror #Vuln", "creation_timestamp": "2026-05-14T16:31:25.612976Z"}, {"uuid": "8dd01103-753e-461a-aa13-fc2290f3bde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42289", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp4whzqty2h", "content": "CVE-2026-42289 - ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation\nCVE ID : CVE-2026-42289\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church management system. Prior to 7.3.2, Us...", "creation_timestamp": "2026-05-13T01:15:59.179632Z"}, {"uuid": "6c2a34c6-7920-4d0d-8c38-bbbf56dec771", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42288", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlp5qjkhja2g", "content": "ChurchCRM < 7.3.2 has a critical RCE (CVE-2026-42288) via setup wizard code injection. Unauthenticated attackers can fully compromise systems. Upgrade to 7.3.2+ now. https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #SecurityAlert", "creation_timestamp": "2026-05-13T01:30:33.485942Z"}, {"uuid": "6ea3313a-7bad-4823-b953-2492bd14f7b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42288", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116564677807182613", "content": "\u26a0\ufe0f CVE-2026-42288: ChurchCRM < 7.3.2 impacted by critical pre-auth RCE (CWE-94) via code injection in setup wizard. Unauthenticated attackers can take full control. Upgrade to 7.3.2+ ASAP! https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #Vuln #RCE #PatchNow", "creation_timestamp": "2026-05-13T01:30:36.192793Z"}, {"uuid": "cfd9fc8f-54c9-4979-b37b-01fba00e446a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42288", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp5rxbida2n", "content": "CVE-2026-42288 - ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD\nCVE ID : CVE-2026-42288\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church management...", "creation_timestamp": "2026-05-13T01:31:22.233467Z"}, {"uuid": "3840bc64-a2c3-416a-bc0b-2769860b134b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42288", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlpdimrrqk2r", "content": "\ud83d\udd34 CVE-2026-42288 - Critical (10)\n\nChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42288/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-13T03:13:32.970227Z"}, {"uuid": "dadeed1b-2fee-4eca-a970-300704a5c02c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42289", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlpdivu7g22z", "content": "\ud83d\udfe0 CVE-2026-42289 - High (8.8)\n\nChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes us...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42289/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-13T03:13:40.470690Z"}, {"uuid": "180f9fc5-ee2e-4498-82cc-e1c79fbfe4cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42281", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mltfjefcgr2h", "content": "CVE-2026-42281 - MagicMirror\u00b2: Unauthenticated SSRF via /cors endpoint\nCVE ID : CVE-2026-42281\n \n Published : May 14, 2026, 4:16 p.m. | 14\u00a0minutes ago\n \n Description : MagicMirror\u00b2 is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side...", "creation_timestamp": "2026-05-14T18:00:21.711965Z"}, {"uuid": "87e8c708-3a57-410a-8b2c-f7382fc1c629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42281", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-42281.yaml", "content": "", "creation_timestamp": "2026-05-11T16:50:45.000000Z"}, {"uuid": "b0f11730-cde0-442a-bab6-0fcdff0cae80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42281", "type": "seen", "source": "https://t.me/realcodeb0ss/425", "content": "https://nvd.nist.gov/vuln/detail/CVE-2026-42281\n\n\nFofa : \"MagicMirror\"\n\nShodan : 'http.title:\"MagicMirror\"'\n\n\nEnjoy;", "creation_timestamp": "2026-05-15T11:29:12.000000Z"}, {"uuid": "e4bea5c0-b9c4-4383-89fb-06841d804997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42281", "type": "published-proof-of-concept", "source": "https://github.com/MagicMirrorOrg/MagicMirror/security/advisories/GHSA-ph6f-2cvq-79hq", "content": "", "creation_timestamp": "2026-04-30T21:00:54.000000Z"}, {"uuid": "e10081fd-17b4-4585-bd54-ea8b8d78a354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42284", "type": "published-proof-of-concept", "source": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-x2qx-6953-8485", "content": "", "creation_timestamp": "2026-04-22T02:45:11.000000Z"}, {"uuid": "f9954a55-4930-463e-b7d7-1530b2ef67d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42281", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mmyf5hjzdo23", "content": "\u3010\u8106\u5f31\u6027\u60c5\u5831\u3011 CVE-2026-42281 MagicMirror\u00b2\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\n\nMagicMirror\u00b2\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30e2\u30b8\u30e5\u30e9\u30fc\u578b\u30b9\u30de\u30fc\u30c8\u30df\u30e9\u30fc\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3067\u3059\u3002\u30d0\u30fc\u30b8\u30e7\u30f32.36.0\u4ee5\u524d\u3067\u306f\u3001/cors\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u304a\u3044\u3066\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\uff08SSRF\uff09\u306e\u8106\u5f31\u6027\u304c\u5b58\u5728\u3057\u3001", "creation_timestamp": "2026-05-29T11:02:26.824054Z"}]}