{"vulnerability": "cve-2026-4284", "sightings": [{"uuid": "c8a7dae4-dfb0-4f6e-be32-c68ecceebaef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42843", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsb23yqb2e", "content": "\ud83d\udfe0 CVE-2026-42843 - High (8.8)\n\nGrav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42843/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T17:27:03.722183Z"}, {"uuid": "5ecc6190-ac76-4d00-82c4-0a021c2f638b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42843", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsb23yqb2e", "content": "\ud83d\udfe0 CVE-2026-42843 - High (8.8)\n\nGrav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42843/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T17:27:03.727847Z"}, {"uuid": "57ae32b1-91eb-4c7a-a0db-55c0b1e519a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42844", "type": "published-proof-of-concept", "source": "https://github.com/getgrav/grav/security/advisories/GHSA-6xx2-m8wv-756h", "content": "", "creation_timestamp": "2026-04-28T18:04:30.000000Z"}, {"uuid": "fbc3acf6-c643-4f9f-b59b-b371a399bd1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42841", "type": "published-proof-of-concept", "source": "https://github.com/getgrav/grav/security/advisories/GHSA-r7fx-8g49-7hhr", "content": "", "creation_timestamp": "2026-04-27T12:14:51.000000Z"}, {"uuid": "fd2df0be-81d2-4c20-b9db-0dc5c2b8550c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42843", "type": "published-proof-of-concept", "source": "https://github.com/getgrav/grav/security/advisories/GHSA-r945-h4vm-h736", "content": "", "creation_timestamp": "2026-04-27T12:14:07.000000Z"}, {"uuid": "8a5e3846-abf8-44b4-93f1-4f828092377a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42843", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmuofi4lq22z", "content": "\ud83d\udccc CVE-2026-42843 - Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system manag... https://www.cyberhub.blog/cves/CVE-2026-42843", "creation_timestamp": "2026-05-27T23:37:06.773783Z"}, {"uuid": "c1c50e52-183a-4225-855d-59d5518a69d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42845", "type": "published-proof-of-concept", "source": "https://github.com/getgrav/grav/security/advisories/GHSA-w4rc-p66m-x6qq", "content": "", "creation_timestamp": "2026-04-29T17:56:54.000000Z"}, {"uuid": "0cec263b-da2c-4e7c-bd94-4e2b5d0a73d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42842", "type": "published-proof-of-concept", "source": "https://github.com/getgrav/grav/security/advisories/GHSA-c2q3-p4jr-c55f", "content": "", "creation_timestamp": "2026-04-27T12:15:07.000000Z"}, {"uuid": "414383b9-31a3-4b33-aabd-55a8067c535c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42849", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnin3x4wwp25", "content": "\ud83d\udccc CVE-2026-42849 - authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow E... https://www.cyberhub.blog/cves/CVE-2026-42849", "creation_timestamp": "2026-06-04T22:07:07.888743Z"}, {"uuid": "fbe5dfab-547f-4158-9500-c9a2952e22e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42849", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndp5kqcsp2u", "content": "\ud83d\udd34 CVE-2026-42849 - Critical (9.3)\n\nauthentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42849/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-02T23:00:31.395313Z"}, {"uuid": "c6ea1112-09cd-43fe-a432-0d98ec96256f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42849", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndqhq2vdf2r", "content": "CVE-2026-42849 - authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover\nCVE ID : CVE-2026-42849\n \n Published : June 2, 2026, 9:16 p.m. | 1\u00a0hour, 57\u00a0minutes ago\n \n Description : authentik is an open-source identity provider. Prior to versions 2025.12.5 and ...", "creation_timestamp": "2026-06-02T23:24:07.162825Z"}]}