{"vulnerability": "cve-2026-4189", "sightings": [{"uuid": "62a90421-5e2c-4665-a45f-a8e4f75ad553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41898", "type": "seen", "source": "Telegram/FGivxNz61ghqDj4ER4orUo942MC3d41x9N89ngSi7socZnE", "content": "", "creation_timestamp": "2026-04-24T19:23:26.000000Z"}, {"uuid": "3d5ab42b-74b2-4fb2-b680-c323592bb275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116549813973032624", "content": "\ud83d\udee1\ufe0f HIGH severity in SignalK signalk-server <2.25.0 (CVE-2026-41893): WebSocket login bypasses rate limits, enabling fast brute force attacks. Patch to 2.25.0+ ASAP. Details: https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #infosec #vuln #bruteforce", "creation_timestamp": "2026-05-10T10:30:27.621952Z"}, {"uuid": "533ce068-8809-4a00-9a9d-d69914a8f1ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41891", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlahjfoxve2e", "content": "CVE-2026-41891 - CI4MS: Deactivated User Session Bypass (active=0)\nCVE ID : CVE-2026-41891\n \n Published : May 7, 2026, 3:24 a.m. | 1\u00a0hour ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authoriza...", "creation_timestamp": "2026-05-07T05:15:35.996527Z"}, {"uuid": "6053e562-0447-44b7-beed-6a627067dbac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41890", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlaltohzys2i", "content": "CVE-2026-41890 - CI4MS: Arbitrary Database Table Drop via Theme deleteProcess\nCVE ID : CVE-2026-41890\n \n Published : May 7, 2026, 3:23 a.m. | 1\u00a0hour, 1\u00a0minute ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architectur...", "creation_timestamp": "2026-05-07T06:32:55.274902Z"}, {"uuid": "b257e4ff-a794-42da-b55b-4fae1a54ad39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41893", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlh66esqzt2e", "content": "CVE-2026-41893 - Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)\nCVE ID : CVE-2026-41893\n \n Published : May 9, 2026, 8:16 p.m. | 33\u00a0minutes ago\n \n Description : Signal K Server is a server application that runs on a central hub in a boat...", "creation_timestamp": "2026-05-09T21:17:00.057280Z"}, {"uuid": "677a5b80-0a61-403d-aadc-1917581ad32b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlikjaceor2p", "content": "SignalK signalk-server <2.25.0 has a HIGH severity flaw: attackers can brute force passwords via WebSocket with no rate limit. Upgrade to 2.25.0+ to stay protected. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #cybersecurity #vuln", "creation_timestamp": "2026-05-10T10:30:29.331059Z"}, {"uuid": "753c6046-07fe-4389-bf7e-97ac99a48ce4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41894", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872", "content": "", "creation_timestamp": "2026-04-19T09:48:52.000000Z"}, {"uuid": "a126b841-66f9-469e-af9d-19002533b5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41893", "type": "published-proof-of-concept", "source": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-vmfm-ch9h-5c7g", "content": "", "creation_timestamp": "2026-04-23T17:45:50.000000Z"}]}