{"vulnerability": "cve-2026-2874", "sightings": [{"uuid": "b4c027fc-c975-4532-a45f-9b2f7967af25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28741", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mjmcwqgahd2b", "content": "", "creation_timestamp": "2026-04-16T11:35:11.060509Z"}, {"uuid": "069fc93b-87a2-4a30-bcbd-18f1d840f9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2874", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mghkycg5u72m", "content": "", "creation_timestamp": "2026-03-07T10:00:16.726463Z"}, {"uuid": "e74f2354-b349-434a-be49-fa92ee224768", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2874", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mghkyczb572j", "content": "", "creation_timestamp": "2026-03-07T10:00:17.378947Z"}, {"uuid": "5d737c22-02f5-4839-a17b-3307ac83e694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28741", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mjjudayl732o", "content": "", "creation_timestamp": "2026-04-15T12:08:22.393999Z"}, {"uuid": "90de2aaa-7603-444a-9515-7b998cb80ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-28742", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116741624707706755", "content": "\ud83d\udea8 CRITICAL: CVE-2026-28742 in Naxclow Smart Doorbell X3 \u2014 hard-coded platform-wide key + no replay protection = broad request forgery & device impersonation. No patch yet. Avoid untrusted networks & monitor devices. https://radar.offseq.com/threat/cve-2026-28742-cwe-321-use-of-hard-coded-cryptogra-637b7b61 #OffSeq #IoTSecurity #Vuln", "creation_timestamp": "2026-06-13T07:32:37.275611Z"}, {"uuid": "b67c8000-7edd-42bc-8fa1-80e07ed6b414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-28742", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02", "content": "", "creation_timestamp": "2026-06-11T05:00:00.000000Z"}, {"uuid": "4d145ef2-c6e1-4347-8b89-b118d1687efb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28742", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo4ow6q4pn22", "content": "CVE-2026-28742 - Naxclow IoT Platform Use of hard-coded cryptographic key\nCVE ID : CVE-2026-28742\n \n Published : June 12, 2026, 7:16 p.m. | 1\u00a0hour, 51\u00a0minutes ago\n \n Description : Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt em...", "creation_timestamp": "2026-06-12T21:32:56.513721Z"}, {"uuid": "cc77438b-c9d8-45aa-b76b-97733a0a307b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-28747", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03", "content": "", "creation_timestamp": "2026-04-23T05:00:00.000000Z"}, {"uuid": "b8d92521-7490-4327-9bca-34bee0f27c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28742", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mnzmpx4uza2v", "content": "~Cisa~\nMultiple critical flaws in Naxclow IoT Platform allow device takeover, credential harvesting, and communication interception.\n-\nIOCs: CVE-2026-42947, CVE-2026-50108, CVE-2026-28742\n-\n#CVE202642947 #IoT #ThreatIntel", "creation_timestamp": "2026-06-11T16:15:41.128393Z"}, {"uuid": "ce02b45f-369f-45e8-8067-e8c86e4f8ced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28742", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo6g3toq3g2a", "content": "\ud83d\udd34 CVE-2026-28742 - Critical (9.8)\n\nNaxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt em...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-28742/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-13T14:01:30.178171Z"}, {"uuid": "fdee5eb5-6b72-405a-8424-b813bb5b0a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-28742", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mo5qcpwmyp27", "content": "Naxclow Smart Doorbell X3 hit by CRITICAL vuln: static platform-wide key allows device & user impersonation. No fix yet \u2014 keep devices off untrusted networks and monitor closely. https://radar.offseq.com/threat/cve-2026-28742-cwe-321-use-of-hard-coded-cryptogra-637b7b61 #OffSeq #IoTSecurity", "creation_timestamp": "2026-06-13T07:32:05.270130Z"}, {"uuid": "7956a2ba-7a0c-40c6-a521-09cff3c79c7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28742", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116742760123723228", "content": "A lot of offensive activities were identified targeting Naxclow Smart Doorbell X3 and other products (CVE-2026-28742) https://vuldb.com/vuln/370711/cti", "creation_timestamp": "2026-06-13T12:19:11.844314Z"}]}