{"vulnerability": "CVE-2026-5840", "sightings": [{"uuid": "7cb9f485-9c93-4f62-92d0-32b4f4299bc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-5840", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-5840", "content": "", "creation_timestamp": "2026-04-08T20:16:05.000000Z"}, {"uuid": "23ca258a-1175-4d3d-8d8e-c59135f8d0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpyuu3futf27", "content": "CVE-2026-58403 - Hugo symlink confinement bypass in os.ReadFile\nCVE ID : CVE-2026-58403\n \n Published : July 6, 2026, 7:25 p.m. | 22\u00a0minutes ago\n \n Description : Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files...", "creation_timestamp": "2026-07-06T19:58:52.584702Z"}, {"uuid": "782a8f4a-b2cd-426b-9992-b32dcd83a73a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58402", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpyuxh22k32f", "content": "CVE-2026-58402 - Hugo default code block renderer XSS via unescaped code-fence language\nCVE ID : CVE-2026-58402\n \n Published : July 6, 2026, 7:19 p.m. | 28\u00a0minutes ago\n \n Description : Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block render...", "creation_timestamp": "2026-07-06T20:00:45.538031Z"}, {"uuid": "e8b60d54-03fb-47d6-b7ef-8b30d86fa812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58409", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqkl3nckeb2q", "content": "CVE-2026-58409 - crm\nAn attacker can upload a malicious plugin to a ChurchCRM server, allowing them to execute code remotely. This could lead to data theft or server compromise if an attacker gains access.\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#crm #churchcrm #CVE #infosec", "creation_timestamp": "2026-07-13T20:52:04.215268Z"}, {"uuid": "c3ef275f-13be-46dc-9c37-0a6c5fc77ecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58407", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqkngx5zfc2e", "content": "CVE-2026-58407 - Rejected reason: Please submit CVE requests for ea\nCVE ID : CVE-2026-58407\n \n Published : July 13, 2026, 8:16 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : Rejected reason: Please submit CVE requests for each vulnerability.\n \n Severity: 0.0 | NA\n \n Visit the ...", "creation_timestamp": "2026-07-13T21:34:11.111839Z"}, {"uuid": "dece1a7c-b5e6-433e-9c98-be74ee011dfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58409", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqknxvjjbd2z", "content": "CVE-2026-58409 - ChurchCRM: Authenticated Remote Code Execution (RCE) via Malicious Plugin Upload\nCVE ID : CVE-2026-58409\n \n Published : July 13, 2026, 9:16 p.m. | 13\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church management system. Prior to version 7.4.0, an ...", "creation_timestamp": "2026-07-13T21:43:39.916032Z"}, {"uuid": "0e6378eb-6ceb-4434-9dfe-4db61a088979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58408", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqkoajc22s2k", "content": "CVE-2026-58408 - ChurchCRM : Broken Access Control in `CSVCreateFile.php` Allows Low-Privileged Users to Export All Members' PII\nCVE ID : CVE-2026-58408\n \n Published : July 13, 2026, 8:16 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church managem...", "creation_timestamp": "2026-07-13T21:48:28.992249Z"}, {"uuid": "49f0a12c-da9a-42e7-b699-dd9571774be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-58409", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqkox7vzgi2b", "content": "\ud83d\udd34 CVE-2026-58409 - Critical (9.1)\n\nChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated ad...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-58409/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-13T22:01:11.231743Z"}]}