{"vulnerability": "cve-2026-4219", "sightings": [{"uuid": "ee218e6b-03d2-4709-b6bc-f6774727d745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlerpeba2u2n", "content": "\ud83d\udd34 CVE-2026-42193 - Critical (9.1)\n\nPlunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webh...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42193/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T22:28:32.583927Z"}, {"uuid": "68d5fac0-a00d-4879-b2bd-8243679d525d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42198", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mknr2ukb6c2e", "content": "CVE-2026-42198 - pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS\nCVE ID : CVE-2026-42198\n \n Published : April 29, 2026, 3:58 p.m. | 19\u00a0minutes ago\n \n Description : pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to bef...", "creation_timestamp": "2026-04-29T18:45:50.115734Z"}, {"uuid": "769609e5-e208-4c26-a1b4-7767ba14e491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42198", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqfpeooje26", "content": "\ud83d\udfe0 CVE-2026-42198 - High (7.5)\n\npgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, p...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42198/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-04-30T20:00:33.384834Z"}, {"uuid": "952f78b8-a956-414b-8ed1-a19e67dfc4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42198", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqj2lib6h2k", "content": "\ud83d\udfe0 CVE-2026-42198 - High (7.5)\n\npgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, p...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42198/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-04-30T21:00:30.537577Z"}, {"uuid": "2fbb6edd-3791-491c-8c40-c47ff558dd4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42194", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlawyv57id2c", "content": "CVE-2026-42194 - Incomplete fix for CVE-2026-32812: SSRF in admidio\nCVE ID : CVE-2026-42194\n \n Published : May 7, 2026, 4:16 a.m. | 4\u00a0hours, 8\u00a0minutes ago\n \n Description : Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Ad...", "creation_timestamp": "2026-05-07T09:52:40.966000Z"}, {"uuid": "2f0e8dca-695e-454a-9fb2-e05a06035850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42195", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlev5a4qp62k", "content": "CVE-2026-42195 - Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host\nCVE ID : CVE-2026-42195\n \n Published : May 8, 2026, 9:22 p.m. | 1\u00a0hour, 3\u00a0minutes ago\n \n Description : draw.io is a configurable diagramming and whiteboarding applicati...", "creation_timestamp": "2026-05-08T23:29:58.306314Z"}, {"uuid": "a1d9a474-83ad-4c33-844f-0f856fa5ff1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116543444093952130", "content": "\ud83d\udea8 CVE-2026-42193 (CVSS 9.1, CRITICAL): useplunk plunk < 0.9.0 fails to verify SNS signatures at /webhooks/sns, allowing spoofed webhook attacks. Patched in 0.9.0 \u2014 verify your version & check vendor advisory. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #Vuln #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:30.998419Z"}, {"uuid": "99831c94-f9e8-4d37-9d0c-6fc1a172c63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42193", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlfpykd4vo2v", "content": "CRITICAL vuln in Plunk (useplunk) < 0.9.0: SNS signatures not verified, allowing spoofed webhook abuse. Patched in 0.9.0 \u2014 confirm your version with vendor. https://radar.offseq.com/threat/cve-2026-42193-cwe-347-improper-verification-of-cr-fc4beea9 #OffSeq #EmailSecurity #CVE202642193", "creation_timestamp": "2026-05-09T07:30:33.624314Z"}, {"uuid": "e3523dcc-2f32-43cc-aef2-0afd1e502891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42193", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mles67hmih2p", "content": "CVE-2026-42193 - Plunk: SNS webhook forgery\nCVE ID : CVE-2026-42193\n \n Published : May 8, 2026, 9:12 p.m. | 1\u00a0hour, 13\u00a0minutes ago\n \n Description : Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon...", "creation_timestamp": "2026-05-08T22:36:49.958032Z"}, {"uuid": "224aadc9-7962-4c4a-a467-043af0ae0509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42192", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesb2ac3g2r", "content": "CVE-2026-42192 - Plunk: Stored XSS in campaign view\nCVE ID : CVE-2026-42192\n \n Published : May 8, 2026, 9:13 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XS...", "creation_timestamp": "2026-05-08T22:38:25.119018Z"}, {"uuid": "abb42f32-4a8f-4b5a-b149-0051ac33d2a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42199", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesrz5rvk2i", "content": "CVE-2026-42199 - Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior\nCVE ID : CVE-2026-42199\n \n Published : May 8, 2026, 9:15 p.m. | 1\u00a0hour, 10\u00a0minutes ago\n \n Description : Grid is a data structure grid for rust. From version 0.17.0 to before versi...", "creation_timestamp": "2026-05-08T22:47:54.519615Z"}, {"uuid": "dbd4d183-d82b-4714-bc0b-f647736f3f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42190", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlesw5ku2r2n", "content": "CVE-2026-42190 - RedwoodSDK: Same-site CSRF in in server actions\nCVE ID : CVE-2026-42190\n \n Published : May 8, 2026, 8:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server act...", "creation_timestamp": "2026-05-08T22:50:13.326607Z"}, {"uuid": "3544e2da-435d-447d-a129-281edd9ec146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42197", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmukl5eklo2x", "content": "RELATE\u306e\u7279\u5b9a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3001\u5b66\u751f\u304c\u7ba1\u7406\u8005\u30d6\u30e9\u30a6\u30b6\u3067\u4efb\u610f\u306eJS\u3092\u5b9f\u884c\u53ef\u80fd\u3002\u30d7\u30ed\u30d5\u30a3\u30fc\u30eb\u6b04\u306e\u672a\u30b5\u30cb\u30bf\u30a4\u30ba\u306a\u6c0f\u540d\u304c\u7ba1\u7406\u8005\u8868\u793a\u6642\u306bXSS\u3092\u5f15\u304d\u8d77\u3053\u3059\u3002\nCVE-2026-42197 CVSS 8.7 | HIGH", "creation_timestamp": "2026-05-27T22:28:41.495793Z"}, {"uuid": "7eac5b20-e510-45ef-bdf9-8a03827c3a36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42198", "type": "seen", "source": "https://bsky.app/profile/releaseport.com/post/3mlgjf6zk4w27", "content": "starrocks 4.0.10 patches CVE-2026-42198\nACID Hive query restriction prevents silent data errors; three dependency CVEs patched.\nUpgrade carefully.\n\n\u2192 releaseport.com/r/starrocks-starrocks/4-0-10", "creation_timestamp": "2026-05-09T15:05:00.477966Z"}, {"uuid": "c9b1b903-c8a7-4f19-9372-8b828b5fa1ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42199", "type": "published-proof-of-concept", "source": "https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp", "content": "", "creation_timestamp": "2026-04-20T18:42:12.000000Z"}]}