{"vulnerability": "cve-2026-1149", "sightings": [{"uuid": "3d1fb291-4b18-4b0d-aba6-3a561deeab04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11490", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnr3tnujgn2f", "content": "CVE-2026-11490 - code-projects Online Music Site Search.php sql injection\nCVE ID : CVE-2026-11490\n \n Published : June 8, 2026, 5 a.m. | 1\u00a0hour, 44\u00a0minutes ago\n \n Description : A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknow...", "creation_timestamp": "2026-06-08T06:52:13.694662Z"}, {"uuid": "ecdddb33-7f39-4cac-b0f3-9fc7fd2631f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11494", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnr4bn2rxr2o", "content": "CVE-2026-11494 - TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation\nCVE ID : CVE-2026-11494\n \n Published : June 8, 2026, 6 a.m. | 44\u00a0minutes ago\n \n Description : A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown...", "creation_timestamp": "2026-06-08T07:00:05.735837Z"}, {"uuid": "b2fe3e54-995e-4ca8-8498-d92b2fc6eab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-1149", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mcrmzocqej2y", "content": "", "creation_timestamp": "2026-01-19T12:22:41.031345Z"}, {"uuid": "bd3d2fc5-ce20-42f0-99e1-6ec8095623db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11498", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116709092961508721", "content": "A severe vulnerability was disclosed for Tenda HG7HG9 and HG10 (CVE-2026-11498) https://vuldb.com/vuln/369118", "creation_timestamp": "2026-06-07T13:37:11.563224Z"}, {"uuid": "b368cd4d-8ab2-4c89-9695-5995a5da4148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11499", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116709147982329600", "content": "The severity is increased for this new vulnerability affecting Tenda HG7HG9 and HG10 (CVE-2026-11499) https://vuldb.com/vuln/369119", "creation_timestamp": "2026-06-07T13:51:11.630174Z"}, {"uuid": "dab9197c-da0c-4894-a8c1-88642ea759bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11491", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnr3qo5yhe2f", "content": "CVE-2026-11491 - CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting\nCVE ID : CVE-2026-11491\n \n Published : June 8, 2026, 5:15 a.m. | 1\u00a0hour, 29\u00a0minutes ago\n \n Description : A vulnerability was identified in CodeAstro Human Resour...", "creation_timestamp": "2026-06-08T06:50:33.177427Z"}, {"uuid": "00dc35a1-dd12-4463-a6bf-dcdbd870f253", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11492", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnr426sgxq26", "content": "CVE-2026-11492 - D-Link DIR-823G vsftpd vsftpd.conf least privilege violation\nCVE ID : CVE-2026-11492\n \n Published : June 8, 2026, 5:30 a.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an un...", "creation_timestamp": "2026-06-08T06:55:52.824234Z"}, {"uuid": "8512702e-1a78-4060-a327-39c554069e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11495", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnr3wt6bpi2s", "content": "CVE-2026-11495 - CodeAstro Ingredients Stock Management System add_stock.php sql injection\nCVE ID : CVE-2026-11495\n \n Published : June 8, 2026, 6:15 a.m. | 29\u00a0minutes ago\n \n Description : A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This i...", "creation_timestamp": "2026-06-08T06:53:59.924244Z"}, {"uuid": "b1a82772-2725-41cf-8f20-132f9a1ad12b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11493", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnr52lag5g2j", "content": "CVE-2026-11493 - Tenda AC15 Samba smb.conf weak password\nCVE ID : CVE-2026-11493\n \n Published : June 8, 2026, 5:45 a.m. | 59\u00a0minutes ago\n \n Description : A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/s...", "creation_timestamp": "2026-06-08T07:13:59.502099Z"}, {"uuid": "aa21ef5e-013c-46a7-8496-5711fea59ff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11498", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnrjoutcy42s", "content": "CVE-2026-11498 - Tenda HG7HG9/HG10 Web Management voip_other_set asp_voip_OtherSet stack-based overflow\nCVE ID : CVE-2026-11498\n \n Published : June 8, 2026, 6:45 a.m. | 1\u00a0hour, 59\u00a0minutes ago\n \n Description : A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon...", "creation_timestamp": "2026-06-08T11:00:06.188412Z"}, {"uuid": "d71d57b2-5b2b-45c0-a397-60f2aab55b2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11499", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnrcywmxxc2m", "content": "Tenda HG7HG9/HG10 (firmware 300001138_en_xpon) hit by CRITICAL stack buffer overflow. No patch yet \u2014 restrict access & monitor for suspicious activity. Stay vigilant! https://radar.offseq.com/threat/cve-2026-11499-stack-based-buffer-overflow-in-tend-ca49c238 #OffSeq #IoTSecurity #Vulnerability", "creation_timestamp": "2026-06-08T09:00:27.901120Z"}, {"uuid": "d524821c-fd7e-4446-86e1-f7f7b7353aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11499", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116713666918472007", "content": "\ud83d\udea8 CRITICAL: CVE-2026-11499 in Tenda HG7HG9/HG10 (firmware 300001138_en_xpon) allows remote stack-based buffer overflow via blkDomain in formDOMAINBLK. No patch yet \u2014 restrict access and monitor traffic. https://radar.offseq.com/threat/cve-2026-11499-stack-based-buffer-overflow-in-tend-ca49c238 #OffSeq #Vuln #IoT #CyberSecurity", "creation_timestamp": "2026-06-08T09:00:41.090962Z"}, {"uuid": "8a10aac2-aff5-4a63-9ad7-2ffc23c64eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11497", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnrkaro5st2w", "content": "CVE-2026-11497 - D-Link DCS-5615 Boa Webserver boa.conf least privilege violation\nCVE ID : CVE-2026-11497\n \n Published : June 8, 2026, 6:30 a.m. | 2\u00a0hours, 14\u00a0minutes ago\n \n Description : A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability...", "creation_timestamp": "2026-06-08T11:10:07.885632Z"}, {"uuid": "470110f7-c127-4133-a618-ef8b3de466cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11498", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mnrqrsk7vr23", "content": "Tenda HG7HG9/HG10 300001138_en_xpon\u306eWeb\u7ba1\u7406\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u306b\u30b9\u30bf\u30c3\u30af\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u3002\u30ea\u30e2\u30fc\u30c8\u304b\u3089\u653b\u6483\u53ef\u80fd\u3002\nCVE-2026-11498 CVSS 8.8 | HIGH", "creation_timestamp": "2026-06-08T13:07:00.035457Z"}, {"uuid": "50c078a5-a2c6-4968-ae2a-310490652ac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11499", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mnrqt5qhp52v", "content": "Tenda HG7HG9/HG10 300001138_en_xpon\u306eformDOMAINBLK\u6a5f\u80fd\u306b\u30b9\u30bf\u30c3\u30af\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u3002\u30ea\u30e2\u30fc\u30c8\u304b\u3089BLKDomain\u5f15\u6570\u3092\u64cd\u4f5c\u3057\u3001\u5b9f\u884c\u3055\u308c\u308b\u2026\nCVE-2026-11499 CVSS 9.8 | CRITICAL", "creation_timestamp": "2026-06-08T13:07:45.367677Z"}, {"uuid": "e2fc533d-0bca-4956-85d4-9b1d82bc78a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11499", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnrkjq4j572s", "content": "CVE-2026-11499 - Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow\nCVE ID : CVE-2026-11499\n \n Published : June 8, 2026, 7 a.m. | 1\u00a0hour, 44\u00a0minutes ago\n \n Description : A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function form...", "creation_timestamp": "2026-06-08T11:15:06.414346Z"}, {"uuid": "79c981c1-d0dc-4350-b8b1-d73b627418d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11490", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnss263yh623", "content": "CVE-2026-11490 - SQLi in code-projects Online Music Site 1.0. /Frontend/Search.php Category param. Remote attack, public exploit. CVSS 7.3. No patch available. Mitigate immediately. #CVE #infosec #SQLi\n\nhttps://www.valtersit.com/cve/CVE-2026-11490/", "creation_timestamp": "2026-06-08T23:02:13.870900Z"}]}