{"vulnerability": "cve-2026-4168", "sightings": [{"uuid": "1ce675f8-58f7-473a-a23b-c9bd373e4746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41680", "type": "published-proof-of-concept", "source": "Telegram/KzwiN8QhKmj3TuqYtGeX9siiyoqjfAY8f7zipbE_z0Wiqhk", "content": "", "creation_timestamp": "2026-04-24T19:23:03.000000Z"}, {"uuid": "c0f9b239-a921-4c22-8604-b4187f3457a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41681", "type": "seen", "source": "Telegram/FGivxNz61ghqDj4ER4orUo942MC3d41x9N89ngSi7socZnE", "content": "", "creation_timestamp": "2026-04-24T19:23:26.000000Z"}, {"uuid": "72aa4170-ccf4-4686-bc69-a6cefd4104fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41683", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mleam5ppcx2c", "content": "\ud83d\udfe0 CVE-2026-41683 - High (8.6)\n\ni18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fa...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41683/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T17:22:32.068836Z"}, {"uuid": "cb70db3a-0031-435a-a73d-45d69fdddb74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41688", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbpafknnf2t", "content": "\ud83d\udfe0 CVE-2026-41688 - High (7.7)\n\nWallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prio...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41688/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T17:06:23.379998Z"}, {"uuid": "c441284e-f0c0-43b8-857b-1d167e3537c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41689", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlbrfh5tqi2p", "content": "CVE-2026-41689 - Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services\nCVE ID : CVE-2026-41689\n \n Published : May 7, 2026, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : Wallos is an open-source, self-hosta...", "creation_timestamp": "2026-05-07T17:45:00.019498Z"}, {"uuid": "ad254d2c-4a64-4297-95be-e16e6cece89d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41680", "type": "seen", "source": "https://gist.github.com/alon710/e87f10931158991f62fe5f3be1e4d663", "content": "", "creation_timestamp": "2026-04-30T02:10:29.000000Z"}, {"uuid": "1dda2397-6750-4f2f-ad3a-90c756774d2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41687", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlbsf3j6jh2p", "content": "CVE-2026-41687 - Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL \u2014 is_cgnat_ip() Not Used in Inline Checks\nCVE ID : CVE-2026-41687\n \n Published : May 7, 2026, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : Wallos is an open-source, self-hostable personal subscr...", "creation_timestamp": "2026-05-07T18:02:41.251934Z"}, {"uuid": "a7a75fc1-bf1c-457c-aaeb-a4fc8989c458", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41688", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlbsmrbmxi2c", "content": "CVE-2026-41688 - Incomplete fix for CVE-2026-33399: SSRF in Wallos\nCVE ID : CVE-2026-41688\n \n Published : May 7, 2026, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the inc...", "creation_timestamp": "2026-05-07T18:06:59.244640Z"}, {"uuid": "a744b378-df6e-4a26-821b-3584836ba109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41680", "type": "published-proof-of-concept", "source": "https://github.com/markedjs/marked/security/advisories/GHSA-6v9c-7cg6-27q7", "content": "", "creation_timestamp": "2026-04-23T01:54:48.000000Z"}, {"uuid": "9e5a1d61-1516-475c-9323-6dd0553de6f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41683", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlegs6ixd72c", "content": "CVE-2026-41683 - HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header\nCVE ID : CVE-2026-41683\n \n Published : May 8, 2026, 4:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : i18next-http-middleware is a middleware to be used with N...", "creation_timestamp": "2026-05-08T19:13:15.237597Z"}]}