{"vulnerability": "cve-2026-4506", "sightings": [{"uuid": "400bbea9-0954-4ebe-932b-1d96087fd739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45062", "type": "seen", "source": "https://bsky.app/profile/dunglas.dev/post/3mlxl2h6gpc2k", "content": "\ud83d\ude80 FrankenPHP 1.12.3 is out!\n\n\u26a1\ufe0f 7-8% throughput bump from a refreshed PGO profile\n\ud83d\udd12 Fixes CVE-2026-45062 (CVSS 8.1) unsafe Unicode handling flaw. Upgrade if on v1.11.2 - v1.12.2!\n\u2699\ufe0f Adds per-thread max_requests &amp; cross-platform thread force-kill.\n\nRelease notes: github.com/php/frankenp...", "creation_timestamp": "2026-05-16T09:50:05.901229Z"}, {"uuid": "735df1ad-a510-428a-8802-04ef4b94ea61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45062", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlzcx6mem62h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-42511: 56 interactions\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 51 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45062: 11 interactions\nCVE-2020-17103: 8 interactions\nCVE-2026-46333: 5 interactions\n", "creation_timestamp": "2026-05-17T02:40:31.791120Z"}, {"uuid": "6f232eff-e111-4c81-859d-b59d7de7cb78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45068", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqoqvzdp2y", "content": "\ud83d\udd10 CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45068-argument-injection-in-sendmailtransport-via-dash-prefixed-recipient-address", "creation_timestamp": "2026-05-20T10:57:29.949199Z"}, {"uuid": "709c953d-6297-457d-926c-e13bf0c69dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45063", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqocmwr72o", "content": "\ud83d\udd10 CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45063-identity-spoofing-via-unanchored-dn-regex-in-x509authenticator", "creation_timestamp": "2026-05-20T10:57:14.986920Z"}, {"uuid": "d46ee4aa-c73b-4307-9e33-741fb2cfefe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45064", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqofftwz2n", "content": "\ud83d\udd10 CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters \u2192 Visual href Spoofing\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45064-htmlsanitizer-url-attributes-pass-through-bidi-override-characters-visual-href-spoofing", "creation_timestamp": "2026-05-20T10:57:17.837056Z"}, {"uuid": "de670878-c7f2-4c65-a723-0cb73713ff1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45065", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqokyb2i2u", "content": "\ud83d\udd10 CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation \u2192 Off-Site //host URL Injection\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45065-urlgenerator-route-requirement-bypass-via-unanchored-regex-alternation-off-site-host-url-injection", "creation_timestamp": "2026-05-20T10:57:23.635239Z"}, {"uuid": "5e1843b2-fe7c-451f-9e43-cc2c395a02a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45067", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqovqbog2y", "content": "\ud83d\udd10 CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\\Component\\Mime\\Address\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45067-email-header-smtp-command-injection-via-crlf-in-symfony-component-mime-address", "creation_timestamp": "2026-05-20T10:57:34.938448Z"}, {"uuid": "1a7cf19e-2e8a-4a4d-9f50-e671921e06f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45066", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqp4m3gj25", "content": "\ud83d\udd10 CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and  Misclassification\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45066-htmlsanitizer-allowlinkhosts-allowmediahosts-bypass-via-url-parser-differentials-and-area-misclassification", "creation_timestamp": "2026-05-20T10:57:42.142136Z"}, {"uuid": "b2d9eb06-578a-4700-b2b4-b825357aab2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45069", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqpbof7o2y", "content": "\ud83d\udd10 CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45069-oidctokenhandler-accepts-jwts-missing-aud-iss-exp-claims", "creation_timestamp": "2026-05-20T10:58:12.020717Z"}, {"uuid": "ecb667cb-5446-4607-b13f-92a17cd1fa8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45064", "type": "seen", "source": "https://bsky.app/profile/mradcliffe.nokoto.org.ap.brid.gy/post/3mmbu4igtlyo2", "content": "Symfony 7.4.12, Symfony 8.0.12 and Twig 3.26.0 releases today with a bunch of CVEs.\n\nCVE-2026-46640 in twig and CVE-2026-45075 in Symfony router and CVE-2026-45064 in Symfony sanitizer seem particularly scary.\n\n`composer update` and test, test, test.", "creation_timestamp": "2026-05-20T11:59:01.857372Z"}, {"uuid": "d44a2cab-01bd-4f9d-9eaa-ce30a4247d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45062", "type": "published-proof-of-concept", "source": "https://github.com/php/frankenphp/security/advisories/GHSA-3g8v-8r37-cgjm", "content": "", "creation_timestamp": "2026-05-15T10:55:59.000000Z"}, {"uuid": "f352d299-032d-4952-af84-a56fb7143886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45061", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-xh5j-727m-w6gg", "content": "", "creation_timestamp": "2026-05-07T08:35:49.000000Z"}, {"uuid": "400cab66-249a-42a6-9a59-fceda54f35e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45060", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo2gpmacuu2p", "content": "\ud83d\udd34 CVE-2026-45060 - Critical (9.8)\n\nClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the action...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45060/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-12T00:00:47.343815Z"}, {"uuid": "54d6e7cd-6fdc-4eb2-8ed0-21c2c84c23fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45060", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mo2lpwxev72r", "content": "\ud83d\udea8 CRITICAL vuln: ClipBucket v5 (&lt;5.5.3) blind SQL injection in progress_video.php \u2014 unauthenticated attackers can steal data. Patch to v5.5.3 now! https://radar.offseq.com/threat/cve-2026-45060-cwe-89-improper-neutralization-of-s-b8ad08b0 #OffSeq #SQLInjection #Vulnerability", "creation_timestamp": "2026-06-12T01:30:26.901165Z"}, {"uuid": "c29e94cf-9d9f-44d0-8d6a-36ded3caba08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45060", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mo2nr25qwa2r", "content": "CVE-2026-45060 - Critical unauthenticated blind SQLi in ClipBucket v5. CVSS 9.8. Attackers can exfiltrate sensitive data via the ids parameter. Update to 5.5.3 - #129 immediately. #CVE #infosec #ClipBucket\n\nhttps://www.valtersit.com/cve/CVE-2026-45060/", "creation_timestamp": "2026-06-12T02:06:50.792025Z"}, {"uuid": "b04d4063-c757-4a47-a6ec-12d91c188ac4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45060", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mo2qe7oetf2r", "content": "ClipBucket v5.5.3\u672a\u6e80\u3067\u306f\u3001\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u304cprogress_video.php\u306eids\u30d1\u30e9\u30e1\u30fc\u30bf\u3067SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u60aa\u7528\u3057\u3001\u6a5f\u5bc6\u30c7\u30fc\u30bf\u3092\u7a83\u53d6\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\nCVE-2026-45060 CVSS 9.8 | CRITICAL", "creation_timestamp": "2026-06-12T02:53:21.660294Z"}, {"uuid": "95aab1ea-ac24-43c9-9993-95ccc1ff18fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45067", "type": "published-proof-of-concept", "source": "Telegram/cFkqaiLeMF7rcnyy-4alEvGOnwxzqn60V0GjpreyOt3-Yxw", "content": "", "creation_timestamp": "2026-06-09T11:00:07.000000Z"}]}