{"vulnerability": "CVE-2026-6145", "sightings": [{"uuid": "87326c0c-76a9-403a-839f-c0641149f600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6145", "type": "published-proof-of-concept", "source": "Telegram/XDvWvSLpOLgWYjCnx5nXaVDhxhCY5P5ucZ2jMelcgSmye8Y", "content": "", "creation_timestamp": "2026-05-14T19:00:10.000000Z"}, {"uuid": "a9d2e870-08c4-4576-83c9-80dc660811d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6145", "type": "seen", "source": "Telegram/pxejltfM6t0bOCIPs7C1JhjfACvEO7Gy-x7DlZhJbRtGeV0", "content": "", "creation_timestamp": "2026-05-14T21:00:04.000000Z"}, {"uuid": "c50015ec-1832-4ecd-8937-d73213236092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61455", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjml5p5g2q", "content": "CVE-2026-61455 - Grav before 2.0.1 Decompression Bomb via ZipArchiver\nCVE ID : CVE-2026-61455\n \n Published : July 10, 2026, 3:16 p.m. | 32\u00a0minutes ago\n \n Description : Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on ...", "creation_timestamp": "2026-07-10T16:04:26.904404Z"}, {"uuid": "39064332-5c01-47d7-b867-99893003b65e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61456", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqclhnwrcu2e", "content": "CVE-2026-61456 - Grav before 1.0.3 Stored XSS via SVG Upload API\nCVE ID : CVE-2026-61456\n \n Published : July 10, 2026, 3:16 p.m. | 32\u00a0minutes ago\n \n Description : The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded through the POST /...", "creation_timestamp": "2026-07-10T16:37:29.561986Z"}, {"uuid": "aa55e246-8391-4b51-8f8b-f6075c1efe26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61450", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqclzktvii26", "content": "CVE-2026-61450 - Grav before 2.0.2 Config Exfiltration via offsetGet Filter\nCVE ID : CVE-2026-61450\n \n Published : July 10, 2026, 3:16 p.m. | 32\u00a0minutes ago\n \n Description : Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user, or an...", "creation_timestamp": "2026-07-10T16:47:30.255394Z"}, {"uuid": "1f3ad339-63ee-47ee-87e6-750fa5fc6c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61459", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqcwt4rkti2r", "content": "\ud83d\udd34 CVE-2026-61459 - Critical (9.8)\n\nMCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured too...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-61459/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-10T20:00:45.972100Z"}, {"uuid": "2146b74f-5a77-4045-9922-66d5a25c806c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61459", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqcxkwmxco2h", "content": "CVE-2026-61459\nMCP Server Kubernetes versions before 3.9.0 have a security risk in certain tools (kubectl_get, kubectl_describe, kubectl_delete). This means an attacker could trick the system into sending sensitive\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-10T20:14:04.572013Z"}, {"uuid": "c942ce45-0185-4555-9069-c96ce6004973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6145", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxq6uums2x", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-6145: \u043e\u0431\u0445\u043e\u0434 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Twig \u0432 Grav \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.2\n\n\n\nhttps://kripta.biz/posts/D1ED2DDE-3D00-443A-8657-29EB250EF132", "creation_timestamp": "2026-07-10T20:17:00.539189Z"}, {"uuid": "95662301-33ec-42b5-af74-86f506ae8c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61450", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mqcxq5tkwy25", "content": "Grav CMS 2.0.2 \u4e4b\u524d\u7248\u672c\u5b58\u5728\u7684\u4e25\u91cd\u5b89\u5168\u6f0f\u6d1e\u5206\u6790:CVE-2026-61450 \u6f0f\u6d1e\u8be6\u89e3\u4e0e\u9632\u62a4\u6307\u5357\n\n\n\nhttps://qian.cx/posts/B0E6B70B-53D9-4BA7-AFCF-B4731C3B4B59", "creation_timestamp": "2026-07-10T20:16:59.448783Z"}, {"uuid": "541a6a01-ea3e-4697-9409-3787cb769e4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61455", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxvm3lsn26", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61455 \u0432 Grav: \u0447\u0442\u043e \u044d\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0438 \u043a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\n\n\nhttps://kripta.biz/posts/E32723F6-5233-4728-BB35-5876C58A0DBD", "creation_timestamp": "2026-07-10T20:20:02.962632Z"}, {"uuid": "6737c267-26c9-4242-bc81-92fdd746ffdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61455", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mqcxvpthlp27", "content": "Grav 2.0.1 \u4e4b\u524d\u7248\u672c\u5b58\u5728\u89e3\u538b\u7f29\u70b8\u5f39\u6f0f\u6d1e(CVE-2026-61455)\u6df1\u5ea6\u5206\u6790\u4e0e\u9632\u62a4\u6307\u5357\n\n\n\nhttps://qian.cx/posts/1FB7EF82-E1B3-44A3-8F56-215A078FAC6E", "creation_timestamp": "2026-07-10T20:20:06.102259Z"}, {"uuid": "ed766593-4b62-41ca-beff-d8a3b22b3266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61456", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxwefthh2a", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61456 \u0432 Grav API: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/1E60F0D7-714B-476E-A10A-1B1BD33D32D9", "creation_timestamp": "2026-07-10T20:20:27.712178Z"}, {"uuid": "661fe7a1-d970-4ff1-8f81-1a0b6e297386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61459", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqczneydfs2x", "content": "CVE-2026-61459 - MCP Server Kubernetes\nCVE ID : CVE-2026-61459\n \n Published : July 10, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_...", "creation_timestamp": "2026-07-10T20:51:13.985499Z"}, {"uuid": "cb54e6aa-f7f3-4e2d-8607-1bf4df04cb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61456", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6kw7q3p27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61456 \u0432 Grav API: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/736281C8-35E2-43C4-81D7-AAD3DCC7AF53", "creation_timestamp": "2026-07-10T22:19:19.867774Z"}, {"uuid": "17e7b47f-9f36-4103-9d7a-294ed30a9b08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61455", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mqd6zkplt52o", "content": "\u6df1\u5ea6\u89e3\u6790Grav CMS 2.0.1\u524d\u7248\u672c\u7684\u89e3\u538b\u70b8\u5f39\u6f0f\u6d1e(CVE-2026-61455)\u53ca\u5b89\u5168\u9632\u62a4\u6307\u5357\n\n\n\nhttps://qian.cx/posts/DF083F1D-67FD-423B-B934-BB5631EF8E24", "creation_timestamp": "2026-07-10T22:27:31.424302Z"}, {"uuid": "34135704-f6e7-4f24-83a9-70f989a79b88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61455", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6zktbjv2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61455 \u0432 Grav: \u0447\u0442\u043e \u044d\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0438 \u043a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\n\n\nhttps://kripta.biz/posts/381268FF-6F7A-4946-88B8-1A2A8C3D74C0", "creation_timestamp": "2026-07-10T22:27:31.876687Z"}, {"uuid": "0d08a38d-37ea-44e9-aa97-ecfc0711f32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61450", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdcdzwuw52i", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61450 \u0432 Grav: \u043e\u0431\u0445\u043e\u0434 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Twig \u0438 \u0435\u0433\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\n\n\n\nhttps://kripta.biz/posts/9E842CC8-D707-4CD7-A935-8BC93E96B79A", "creation_timestamp": "2026-07-10T23:27:04.017073Z"}, {"uuid": "f5166320-d977-434f-8990-2b5e514e4233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61456", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdcfb7efo2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61456 \u0432 Grav API Plugin: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/BD508C28-6BBE-4127-B001-C54029161301", "creation_timestamp": "2026-07-10T23:27:45.172114Z"}, {"uuid": "4675cb02-8f96-4b70-bdcf-351eca3fcaaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61455", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdcmfmqcr2y", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61455 \u0432 Grav: \u0447\u0442\u043e \u044d\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0438 \u043a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c\u0441\u044f\n\n\n\nhttps://kripta.biz/posts/927A94DB-4C3D-4646-B8D6-246ABA4AB568", "creation_timestamp": "2026-07-10T23:31:44.754189Z"}, {"uuid": "53ddc920-89b3-461e-8d0d-e1476b070a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61459", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdhyumjyg2c", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61459 \u0432 MCP Server Kubernetes: \u0443\u0433\u0440\u043e\u0437\u0430 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043d\u043e\u0439 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/4E7BF85B-25FE-4A57-84D5-B7DB9DD2E13A", "creation_timestamp": "2026-07-11T01:08:12.716665Z"}, {"uuid": "1212fcc8-2039-455f-a44d-3d5dd6de672d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61454", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqeuzo3gme2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61454 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Grav Admin2: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/1A231E2E-E2F8-444F-BD76-19695F5408DE", "creation_timestamp": "2026-07-11T14:33:56.937871Z"}, {"uuid": "900c5000-e98d-497b-aba6-f6ad18896b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61454", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqf2azlsnp27", "content": "CVE-2026-61454 - Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__\nCVE ID : CVE-2026-61454\n \n Published : July 11, 2026, 2:16 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript va...", "creation_timestamp": "2026-07-11T16:07:32.523759Z"}, {"uuid": "4407b088-cac2-41a8-830e-d8cb851d3ec0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61454", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqk7woclfu2l", "content": "CVE-2026-61692 - Rejected reason: ** REJECT ** DO NOT USE THIS CAND\nCVE ID : CVE-2026-61692\n \n Published : July 13, 2026, 4:16 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61454. Reason: Thi...", "creation_timestamp": "2026-07-13T17:32:26.273373Z"}, {"uuid": "2f3ad00b-203b-4159-8f31-09bea148c7db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61454", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqklrnwpiy27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61454 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Grav Admin2: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/7FD025B3-B2F6-4712-9BF6-4509393879B1", "creation_timestamp": "2026-07-13T21:04:23.048210Z"}, {"uuid": "887451bd-a222-4c13-8079-6f14c263f3f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61458", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqkrqbq6nf2g", "content": "CVE-2026-61458 - PasswordPusher\nCVE ID : CVE-2026-61458\n \n Published : July 13, 2026, 9:30 p.m. | 22\u00a0minutes ago\n \n Description : PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and ...", "creation_timestamp": "2026-07-13T22:50:59.138212Z"}, {"uuid": "dac7beb1-ca1a-42f8-ab46-363d441de16f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61451", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqoqcmrt352o", "content": "CVE-2026-61451 - grav\nGrav users are at risk of account takeover if an attacker sends a fake password reset email with a link to a server they control. This can happen if an attacker sends a malicious request\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#grav #getgrav #CVE #infosec", "creation_timestamp": "2026-07-15T12:36:06.006386Z"}, {"uuid": "2e327291-d461-4f37-a212-a58ac96911a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61451", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqp4sg2vjg2n", "content": "CVE-2026-61451 - Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url\nCVE ID : CVE-2026-61451\n \n Published : July 15, 2026, 12:18 p.m. | 2\u00a0hours, 16\u00a0minutes ago\n \n Description : The Grav API plugin (grav-plugin-api) before 1.0.4 does not validate the origin of t...", "creation_timestamp": "2026-07-15T16:19:40.981607Z"}, {"uuid": "d5009650-9ae3-4f12-93e1-ceac58abb7bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61457", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqp5niv7ff2i", "content": "CVE-2026-61457 - Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass\nCVE ID : CVE-2026-61457\n \n Published : July 15, 2026, 12:18 p.m. | 2\u00a0hours, 16\u00a0minutes ago\n \n Description : The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 contains a file uplo...", "creation_timestamp": "2026-07-15T16:34:49.951002Z"}]}