{"vulnerability": "CVE-2026-3548", "sightings": [{"uuid": "e1d5cd60-b765-4682-b375-10a7ab538091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35485", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3miw3ogmbct2c", "content": "", "creation_timestamp": "2026-04-07T15:27:02.225857Z"}, {"uuid": "5b21471b-a56c-460a-ad9f-a5c7230432cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35489", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjjgtukel62v", "content": "", "creation_timestamp": "2026-04-15T08:07:07.640652Z"}, {"uuid": "113eb103-fb12-4428-bb5c-9c76e764d845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35486", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mj43emha3t2c", "content": "", "creation_timestamp": "2026-04-10T00:37:07.962429Z"}, {"uuid": "bae1016c-321d-4a98-99e0-6ef0d398e6bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35488", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjwglnh4pm2s", "content": "", "creation_timestamp": "2026-04-20T12:07:08.414183Z"}, {"uuid": "0afc35e3-8874-476e-806c-0a34e9f6460f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35485", "type": "seen", "source": "Telegram/S0o7tCbZtDmnRvZjM5kXvvB9yXwoblxnXV5GlrmaLffoEZI", "content": "", "creation_timestamp": "2026-04-07T17:29:08.000000Z"}, {"uuid": "95ddda43-804c-4914-8f9a-0b8e243db1f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35485", "type": "published-proof-of-concept", "source": "Telegram/8eXn4QLj3W1_8AYc2pIsiDgfSWsuolTpz1YwE008yOgTXtw", "content": "", "creation_timestamp": "2026-04-07T17:29:14.000000Z"}, {"uuid": "3b2d1120-9303-47a7-a16b-2cd8b631c8eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35488", "type": "published-proof-of-concept", "source": "Telegram/8eXn4QLj3W1_8AYc2pIsiDgfSWsuolTpz1YwE008yOgTXtw", "content": "", "creation_timestamp": "2026-04-07T17:29:14.000000Z"}, {"uuid": "724e36c8-4438-4ae1-a51b-4d13ff984946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35486", "type": "published-proof-of-concept", "source": "Telegram/8eXn4QLj3W1_8AYc2pIsiDgfSWsuolTpz1YwE008yOgTXtw", "content": "", "creation_timestamp": "2026-04-07T17:29:14.000000Z"}, {"uuid": "4081ff5e-9244-48ef-9d74-ac31f4c7093b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35482", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne3lqz6f62q", "content": "CVE-2026-35482 - alf.io has an Authenticated RCE via Extension Script Sandbox Escape\nCVE ID : CVE-2026-35482\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : alf.io is an open source ticket reservation system for conferences, trade shows, work...", "creation_timestamp": "2026-06-03T02:43:11.907566Z"}, {"uuid": "4346e8aa-1b03-4d10-94b0-3259ed0a0d26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35488", "type": "seen", "source": "Telegram/yDDpU4nC0b44IAL16-yoyqmXwVbKF5D32H81GUj_gS-e3jc", "content": "", "creation_timestamp": "2026-04-07T17:29:27.000000Z"}, {"uuid": "cecacb61-cb13-4dab-aee7-5dfd2bb3bd6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35489", "type": "seen", "source": "Telegram/yDDpU4nC0b44IAL16-yoyqmXwVbKF5D32H81GUj_gS-e3jc", "content": "", "creation_timestamp": "2026-04-07T17:29:27.000000Z"}, {"uuid": "df5ae072-0317-47e5-b162-b760c9967e26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35482", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndsk2lvzu22", "content": "\ud83d\udfe0 CVE-2026-35482 - High (8)\n\nalf.io is an open source ticket reservation system for conferences, trade shows, workshops, and m...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-35482/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-03T00:01:11.832690Z"}, {"uuid": "c3276347-55b4-436d-b422-e6125b736edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-35482", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mneblm5uge2d", "content": "alf.io HIGH severity vuln (CVE-2026-35482): Authenticated admins can escape JS sandbox & run OS commands. Upgrade to 2.0-M5-2606 to stay secure! https://radar.offseq.com/threat/cve-2026-35482-cwe-863-incorrect-authorization-in--7701fe0c #OffSeq #Vulnerability #Security", "creation_timestamp": "2026-06-03T04:30:30.424653Z"}, {"uuid": "c7c5820a-e070-4e1c-9e83-db67e04f2ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-35482", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116684293866333535", "content": "\ud83d\udee1\ufe0f HIGH severity: CVE-2026-35482 in alf.io (<2.0-M5-2606) lets authenticated admins escape the Rhino JS sandbox and execute OS commands via Java reflection. Upgrade to 2.0-M5-2606 now! https://radar.offseq.com/threat/cve-2026-35482-cwe-863-incorrect-authorization-in--7701fe0c #OffSeq #Vulnerability #alfio #Security", "creation_timestamp": "2026-06-03T04:30:37.678921Z"}]}