{"vulnerability": "cve-2026-3951", "sightings": [{"uuid": "f0536a58-b751-470c-b456-b755fb578d62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3951", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3951", "content": "", "creation_timestamp": "2026-03-11T19:16:23.000000Z"}, {"uuid": "4eb9236c-a9a2-452e-bbdd-45c5e8ec239b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39513", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mkl7v6pnib2a", "content": "", "creation_timestamp": "2026-04-28T18:33:06.409457Z"}, {"uuid": "cc4f3bef-65c0-4c6a-a5c8-84b9d8720e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39511", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mlbu4gi6bs26", "content": "CVE-2026-39511: How Kills \u2013 Unauthenticated SQL Injection in 10K WordPress Sites +\u00a0Video\n\nIntroduction: A seemingly harmless call to `stripslashes()` after `prepare()` can completely neutralize SQL injection defenses. In CVE-2026-39511, a WordPress plugin with 10,000 active installations fell\u2026", "creation_timestamp": "2026-05-07T18:33:38.551039Z"}]}