{"vulnerability": "cve-2026-4658", "sightings": [{"uuid": "e6f48e13-b073-4b5e-a1fe-198482001e90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4658", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3ml6is7xukc2q", "content": "CVE-2026-4658 essential-blocks (CVSS Score 6.4) #WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge", "creation_timestamp": "2026-05-06T10:33:05.904151Z"}, {"uuid": "75e3f95c-dad6-4420-88e1-0bfd22ed7729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46586", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mm7xuuwxm42g", "content": "CVE-2026-46586: Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution", "creation_timestamp": "2026-05-19T18:00:52.228119Z"}, {"uuid": "809c6429-6252-4f46-bfbb-9361e323aace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46586", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mn7wlupdbh2c", "content": "CVE-2026-46586 Apache OFBiz\u306e\u8106\u5f31\u6027\u3092\u308f\u304b\u308a\u3084\u3059\u304f\u89e3\u8aac\uff5c\u5f71\u97ff\u7bc4\u56f2\u3068\u5bfe\u7b56\u307e\u3068\u3081\n\nApache OFBiz\u306b\u304a\u3051\u308b\u30b3\u30fc\u30c9\u751f\u6210\u306e\u4e0d\u9069\u5207\u306a\u5236\u5fa1\uff08'Code Injection'\uff09\u304a\u3088\u3073\u52d5\u7684\u306b\u8a55\u4fa1\u3055\u308c\u305f\u30b3\u30fc\u30c9\u306b\u304a\u3051\u308b\u6307\u4ee4\u306e\u4e0d\u9069\u5207\u306a\u4e2d\u548c\uff08'Eval Injection'\uff09\u306e\u8106\u5f31\u6027\u3067\u3059\u3002", "creation_timestamp": "2026-06-01T11:03:07.971202Z"}, {"uuid": "796f722b-736d-41a4-bb2b-42df76dbaee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46580", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moldrmjype2w", "content": "CVE-2026-46580 - In Eclipse Theia versions prior to 1.71.0, files m\nCVE ID : CVE-2026-46580\n \n Published : June 18, 2026, 2:26 p.m. | 2\u00a0hours, 42\u00a0minutes ago\n \n Description : In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a w...", "creation_timestamp": "2026-06-18T17:23:28.222847Z"}, {"uuid": "ea3ce1f8-f145-474d-bd58-33e6bf535d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46584", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwclugmc722", "content": "CVE-2026-46584: Apache Camel: Camel-Mail: The mail producer applied attacker-supplied mail.smtp.* / mail.smtps.* message headers as JavaMail session properties, allowing an attacker to weaken the SMTP transport security and, on releases before 4.19.0, redirect the connection and steal", "creation_timestamp": "2026-07-05T19:26:50.256622Z"}, {"uuid": "62feed1c-f541-4836-b021-198663a186c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46585", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwczeokzv2g", "content": "CVE-2026-46585: Apache Camel: Camel-Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query", "creation_timestamp": "2026-07-05T19:34:24.056662Z"}, {"uuid": "13deaef5-d777-4348-9099-247e7b284fac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46587", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2dt7ycy2z", "content": "CVE-2026-46587 - Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input\nCVE ID : CVE-2026-46587\n \n Published : July 6, 2026, 11:16 a.m. | 31\u00a0minutes ago\n \n Description : Improper Input Validatio...", "creation_timestamp": "2026-07-06T12:04:29.865896Z"}, {"uuid": "6632e0ba-abab-418e-b76d-b1faeccd9441", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46588", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy34rfgoy2c", "content": "CVE-2026-46588 - Apache Camel: CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input\nCVE ID : CVE-2026-46588\n \n Published : July 6, 2026, 11:16 a.m. | 31\u00a0minutes ago\n \n Description : Improper Input Validation ...", "creation_timestamp": "2026-07-06T12:18:26.975707Z"}, {"uuid": "16298d17-7288-4589-b783-40a89e04dd36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46587", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpyuu4p74d2j", "content": "CVE-2026-46587: Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input", "creation_timestamp": "2026-07-06T19:58:58.240260Z"}, {"uuid": "51e81ae9-060d-4214-8371-ebde377d5c69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46588", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpyv53uxcy2b", "content": "CVE-2026-46588: Apache Camel: CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input", "creation_timestamp": "2026-07-06T20:03:55.208227Z"}, {"uuid": "56c7d188-ec9a-44a9-9b67-8dbfc3a98183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46584", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6os2pkk52w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-46584: \u0440\u0438\u0441\u043a\u0438 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438 \u0432\u0432\u043e\u0434\u0430 \u0438 \u0443\u0442\u0435\u0447\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445\n\n\n\nhttps://kripta.biz/posts/A1D1CACE-2EAF-4C16-82A0-23BB7F34D5A1", "creation_timestamp": "2026-07-09T03:26:20.949794Z"}, {"uuid": "b31d7a5a-d7f1-4a88-8fb9-6a9276c7e73d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46585", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6oswb5qc2s", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-46585: \u041e\u0431\u0445\u043e\u0434 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0435 \u043a\u043b\u044e\u0447\u0438 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\n\nhttps://kripta.biz/posts/5A37175F-56A9-454C-8E34-CCD6498C9FAB", "creation_timestamp": "2026-07-09T03:26:49.775816Z"}, {"uuid": "397d9823-7218-484a-a468-5d51969a9790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46587", "type": "seen", "source": "https://t.me/GithubRedTeam/93510", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46587\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a oscerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 09:58:01\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nReproducer for CVE-2026-46587: Apache Camel camel-couchbase CCB_* header injection enabling document disclosure, tampering, and TTL-forced data destruction (fixed in 4.14.8/4.18.3/4.21.0)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:05.697623Z"}, {"uuid": "d221315b-4a2b-4628-921f-44a07e0121e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46588", "type": "seen", "source": "https://t.me/GithubRedTeam/93535", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46588\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a oscerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 12:14:41\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nReproducer for CVE-2026-46588: Apache Camel camel-couchdb CouchDb* header injection (operation confusion) subverting a write-only endpoint into read + delete of arbitrary documents (fixed in 4.14.8/4.18.3/4.21.0)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:05.869675Z"}, {"uuid": "9f62b5e4-eb05-4edb-9888-ba62dfd59729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46585", "type": "seen", "source": "https://t.me/GithubRedTeam/93490", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46585\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a oscerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 07:25:35\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nReproducer for CVE-2026-46585: Apache Camel camel-lucene QUERY header injection enabling authorization bypass / index data exfiltration (fixed in 4.14.8/4.18.3/4.21.0)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:06.016670Z"}, {"uuid": "506399a9-a627-4483-ac1c-95500a0515ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46587", "type": "seen", "source": "Telegram/6kr7hIoL88BrLchA92ncvvrRqf7Y35-wLyAsUuKqT9ornHo", "content": "", "creation_timestamp": "2026-07-16T19:00:05.881620Z"}, {"uuid": "e586df7d-93b4-4abb-b51a-4b558748e7e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46588", "type": "seen", "source": "Telegram/6kr7hIoL88BrLchA92ncvvrRqf7Y35-wLyAsUuKqT9ornHo", "content": "", "creation_timestamp": "2026-07-16T19:00:06.296107Z"}, {"uuid": "46e35a0f-64b7-470c-85ff-f0782a560080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46584", "type": "seen", "source": "Telegram/iYHsotoqlE8Z-AEKaQiVsXXSjTyl0MfV01akvHQ1zfYFYEI", "content": "", "creation_timestamp": "2026-07-16T19:00:07.526386Z"}, {"uuid": "29a83c82-6f3d-49ef-a8e1-196a76e59263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46584", "type": "published-proof-of-concept", "source": "Telegram/iYHsotoqlE8Z-AEKaQiVsXXSjTyl0MfV01akvHQ1zfYFYEI", "content": "", "creation_timestamp": "2026-07-17T00:00:10.397063Z"}, {"uuid": "da4c8c67-0352-4003-b882-84073038a36e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46588", "type": "published-proof-of-concept", "source": "Telegram/6kr7hIoL88BrLchA92ncvvrRqf7Y35-wLyAsUuKqT9ornHo", "content": "", "creation_timestamp": "2026-07-17T00:00:25.068758Z"}, {"uuid": "b697aaa6-36a2-4389-8a03-6e25e49f382b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46587", "type": "published-proof-of-concept", "source": "Telegram/6kr7hIoL88BrLchA92ncvvrRqf7Y35-wLyAsUuKqT9ornHo", "content": "", "creation_timestamp": "2026-07-17T00:00:25.362729Z"}, {"uuid": "ef627b79-2d7e-4889-9b2e-ff85956a8683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46585", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93490", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46585\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a oscerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 07:25:35\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nReproducer for CVE-2026-46585: Apache Camel camel-lucene QUERY header injection enabling authorization bypass / index data exfiltration (fixed in 4.14.8/4.18.3/4.21.0)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T00:00:53.577081Z"}, {"uuid": "fb584a74-ee7a-4818-89fb-084e8803634d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46588", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93535", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46588\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a oscerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 12:14:41\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nReproducer for CVE-2026-46588: Apache Camel camel-couchdb CouchDb* header injection (operation confusion) subverting a write-only endpoint into read + delete of arbitrary documents (fixed in 4.14.8/4.18.3/4.21.0)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T00:00:53.696919Z"}, {"uuid": "50e59199-c380-47ff-822c-22530c86847a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46587", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93510", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-46587\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a oscerd\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Java\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-15 09:58:01\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nReproducer for CVE-2026-46587: Apache Camel camel-couchbase CCB_* header injection enabling document disclosure, tampering, and TTL-forced data destruction (fixed in 4.14.8/4.18.3/4.21.0)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T01:00:33.850459Z"}]}