{"vulnerability": "CVE-2026-4927", "sightings": [{"uuid": "3e94271b-e7a9-4d3a-ae70-64737d4eeecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49270", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn652dgcga27", "content": "CVE-2026-49270: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)", "creation_timestamp": "2026-05-31T17:53:16.410663Z"}, {"uuid": "ad121f4e-710e-49e2-87ea-4073368bfba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49279", "type": "published-proof-of-concept", "source": "https://github.com/WWBN/AVideo/security/advisories/GHSA-2fhx-q92v-5fhv", "content": "", "creation_timestamp": "2026-05-25T12:28:08.000000Z"}, {"uuid": "61644b6a-9311-4160-9a52-61e28bbd6837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49278", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2xvn64o72k", "content": "CVE-2026-49278 - Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation\nCVE ID : CVE-2026-49278\n \n Published : June 24, 2026, 9:05 p.m. | 39\u00a0minutes ago\n \n Description : Rocket.Chat is an open-source, secure, fully customizable co...", "creation_timestamp": "2026-06-24T22:33:33.918767Z"}, {"uuid": "518e9760-c061-453d-9189-49661304cb85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49277", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp2ztnvgtv22", "content": "CVE-2026-49277 - Rocket.Chat: OAuth access and refresh tokens remain valid after account deactivation\nCVE ID : CVE-2026-49277\n \n Published : June 24, 2026, 9:04 p.m. | 40\u00a0minutes ago\n \n Description : Rocket.Chat is an open-source, secure, fully customizable communications plat...", "creation_timestamp": "2026-06-24T23:08:15.567316Z"}, {"uuid": "5e9a7182-2714-4ef1-a0e2-c23965917b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49270", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mphhukusr22j", "content": "CVE-2026-50750: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270", "creation_timestamp": "2026-06-29T21:51:14.668184Z"}, {"uuid": "aabc1808-4ce2-480e-9eb4-5b1f17cc0e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49274", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqag5munyo2x", "content": "CVE-2026-49274 - Kirby: `pages.access` permission is not checked in the pages picker for parent pages\nCVE ID : CVE-2026-49274\n \n Published : July 9, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, K...", "creation_timestamp": "2026-07-09T19:57:06.707012Z"}, {"uuid": "3518f243-35a6-47a5-b169-f6c2cb16f74a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49276", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqaitinknm27", "content": "CVE-2026-49276 - Kirby: Self cross-site scripting (self-XSS) in the writer field\nCVE ID : CVE-2026-49276\n \n Published : July 9, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the ...", "creation_timestamp": "2026-07-09T20:45:07.003904Z"}, {"uuid": "34a76754-1d62-440b-b1c7-04af0e6a205e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49273", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqpbmvayhb2l", "content": "CVE-2026-49273 - mantisbt\nMantisBT versions 2.28.3 and earlier contain a security risk if an attacker has administrator access to the web interface. This allows the attacker to execute malicious code on\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#mantisbt #composer #CVE #infosec", "creation_timestamp": "2026-07-15T17:46:04.146741Z"}]}