{"vulnerability": "cve-2026-54133", "sightings": [{"uuid": "889ab485-7b9c-4b74-ac43-bf4bb3dff88b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo44g5a3ue2n", "content": "\ud83d\udd34 CVE-2026-54133 - Critical (9.8)\n\njmespath.php allows users to use JMESPath, software for declaratively specifying how to extract e...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-54133/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-12T16:01:52.100691Z"}, {"uuid": "0cc6602a-3ca3-48e7-bda4-2836a92b6ea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo4eeqak4c2t", "content": "CVE-2026-54133 - jmespath.php has CompilerRuntime code injection via unescaped function names\nCVE ID : CVE-2026-54133\n \n Published : June 12, 2026, 3:16 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : jmespath.php allows users to use JMESPath, software for declaratively specify...", "creation_timestamp": "2026-06-12T18:24:13.470598Z"}, {"uuid": "bc9b0a3d-abe1-46dc-a5ae-13e4dee82e1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mody67igjy2z", "content": "\ud83d\udccc CVE-2026-54133 - jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications wit... https://www.cyberhub.blog/cves/CVE-2026-54133", "creation_timestamp": "2026-06-15T19:07:08.411517Z"}, {"uuid": "d5ce89a9-6b3d-4bcc-b402-9efe02b6c97a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/jbourdin/cde63406dfa189dc54a60baa22e3b96d", "content": "- **Trello**\n - [TVO - VOLET OUBLIE VARIANT - MOBILE](https://trello.com/c/AhXzP14f/3791-tvo-volet-oublie-variant-mobile) **\ud83e\udd13 Testing**\n - *fix(tvo): adapt quick add panel height and hide view-product link on PDP* [\\#11678](https://github.com/Wishibam/Ecommerce-sylius/pull/11678)\n - [Tvo - Desktop - Tag](https://trello.com/c/tMBF307w/3793-tvo-desktop-tag) **\ud83e\udd13 Testing**\n - *fix(tvo): hide secondary product tag when it would collide with the w\u2026* [\\#11682](https://github.com/Wishibam/Ecommerce-sylius/pull/11682)\n - [\u26a0\ufe0f Action en prod \u26a0\ufe0f Souci d'indexation cheapest variante TVO](https://trello.com/c/hOhjAn2Z/3799-%E2%9A%A0%EF%B8%8F-action-en-prod-%E2%9A%A0%EF%B8%8F-souci-dindexation-cheapest-variante-tvo) **\ud83e\udd13 Testing**\n - *fix(tvo): resolve PLP card images via fallback and prefer sellable va\u2026* [\\#11684](https://github.com/Wishibam/Ecommerce-sylius/pull/11684)\n - [TVO Refonte - Mobile - Recherche - Header sticky devient transparent au scroll down](https://trello.com/c/tsd6QFe7/3790-tvo-refonte-mobile-recherche-header-sticky-devient-transparent-au-scroll-down) **\ud83e\udd13 Testing**\n - *fix(tvo): keep mega-menu bar clipped on scroll on search results page* [\\#11688](https://github.com/Wishibam/Ecommerce-sylius/pull/11688)\n \n- **Misc**\n - *:wrench: chore: bump mtdowling/jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#11686](https://github.com/Wishibam/Ecommerce-sylius/pull/11686)\n \n- **D\u00e9j\u00e0 en production**\n - *:bug: fix: guard missing jsonProduct attribute (500 PLP/reco)* [\\#11680](https://github.com/Wishibam/Ecommerce-sylius/pull/11680)\n - *fix(tag): add secondary theme* [\\#11689](https://github.com/Wishibam/Ecommerce-sylius/pull/11689)", "creation_timestamp": "2026-06-18T09:22:36.000000Z"}, {"uuid": "088b865c-d99f-49f7-8756-0a9c4b6f38ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/jbourdin/1c841962dc31a6cb765da0bf057d0be2", "content": "- **Trello**\n - [TVO - VOLET OUBLIE VARIANT - MOBILE](https://trello.com/c/AhXzP14f/3791-tvo-volet-oublie-variant-mobile) **\ud83e\udd13 Testing**\n - *fix(tvo): adapt quick add panel height and hide view-product link on PDP* [\\#11678](https://github.com/Wishibam/Ecommerce-sylius/pull/11678)\n - [Tvo - Desktop - Tag](https://trello.com/c/tMBF307w/3793-tvo-desktop-tag) **\ud83e\udd13 Testing**\n - *fix(tvo): hide secondary product tag when it would collide with the w\u2026* [\\#11682](https://github.com/Wishibam/Ecommerce-sylius/pull/11682)\n - [\u26a0\ufe0f Action en prod \u26a0\ufe0f Souci d'indexation cheapest variante TVO](https://trello.com/c/hOhjAn2Z/3799-%E2%9A%A0%EF%B8%8F-action-en-prod-%E2%9A%A0%EF%B8%8F-souci-dindexation-cheapest-variante-tvo) **\ud83e\udd13 Testing**\n - *fix(tvo): resolve PLP card images via fallback and prefer sellable va\u2026* [\\#11684](https://github.com/Wishibam/Ecommerce-sylius/pull/11684)\n \n- **Misc**\n - *:wrench: chore: bump mtdowling/jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#11686](https://github.com/Wishibam/Ecommerce-sylius/pull/11686)\n \n- **D\u00e9j\u00e0 en production**\n - *:bug: fix: guard missing jsonProduct attribute (500 PLP/reco)* [\\#11680](https://github.com/Wishibam/Ecommerce-sylius/pull/11680)", "creation_timestamp": "2026-06-18T08:37:24.000000Z"}, {"uuid": "f9870cbc-a7ba-4b56-a0df-ea6d482eed4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/jbourdin/837c3ba37bebbbca796c3a0b7e2a59ee", "content": "- **Trello**\n - [TVO - VOLET OUBLIE VARIANT - MOBILE](https://trello.com/c/AhXzP14f/3791-tvo-volet-oublie-variant-mobile) **\ud83e\udd13 Testing**\n - *fix(tvo): adapt quick add panel height and hide view-product link on PDP* [\\#11678](https://github.com/Wishibam/Ecommerce-sylius/pull/11678)\n - [Tvo - Desktop - Tag](https://trello.com/c/tMBF307w/3793-tvo-desktop-tag) **\ud83e\udd13 Testing**\n - *fix(tvo): hide secondary product tag when it would collide with the w\u2026* [\\#11682](https://github.com/Wishibam/Ecommerce-sylius/pull/11682)\n - [\u26a0\ufe0f Action en prod \u26a0\ufe0f Souci d'indexation cheapest variante TVO](https://trello.com/c/hOhjAn2Z/3799-%E2%9A%A0%EF%B8%8F-action-en-prod-%E2%9A%A0%EF%B8%8F-souci-dindexation-cheapest-variante-tvo) **\ud83e\udd13 Testing**\n - *fix(tvo): resolve PLP card images via fallback and prefer sellable va\u2026* [\\#11684](https://github.com/Wishibam/Ecommerce-sylius/pull/11684)\n \n- **Misc**\n - *:wrench: chore: bump mtdowling/jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#11686](https://github.com/Wishibam/Ecommerce-sylius/pull/11686)\n \n- **D\u00e9j\u00e0 en production**\n - *:bug: fix: guard missing jsonProduct attribute (500 PLP/reco)* [\\#11680](https://github.com/Wishibam/Ecommerce-sylius/pull/11680)", "creation_timestamp": "2026-06-18T08:45:37.000000Z"}, {"uuid": "c509f9fc-a3b5-4440-bf3e-6096f65e5fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54133", "type": "seen", "source": "https://gist.github.com/FR-Flo/cd6529e40b97e630e9094633912c0a3d", "content": "## \ud83d\udd17 Companion release\n\nNo open **Marketplace-client (frontend)** release PR found yet \u2014 it will be linked automatically once it exists.\n\n- https://github.com/Wishibam/Marketplace-client/pulls?q=is%3Apr+is%3Aopen+base%3Amaster+head%3Adevelop\n\n- **Misc**\n - *:arrow\\_up: deps: bump jmespath.php to 2.9.1 (CVE-2026-54133)* [\\#7579](https://github.com/Wishibam/Marketplace-api/pull/7579)", "creation_timestamp": "2026-06-18T13:14:02.000000Z"}]}