{"vulnerability": "cve-2026-4466", "sightings": [{"uuid": "ace78b84-7b8b-43f5-9019-f67931621246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44660", "type": "published-proof-of-concept", "source": "https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg", "content": "", "creation_timestamp": "2026-05-07T21:50:56.000000Z"}, {"uuid": "533cd363-4163-4144-8cf1-aeec1d2c1ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44666", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mltznm4m4d2f", "content": "CRITICAL: OS command injection in zelon88 HRConvert2 < 3.3.8 lets attackers run arbitrary OS commands. Upgrade to 3.3.8 ASAP to secure your systems! https://radar.offseq.com/threat/cve-2026-44666-cwe-78-improper-neutralization-of-s-fac9c425 #OffSeq #Vulnerability #SecurityAlert", "creation_timestamp": "2026-05-15T00:00:39.172344Z"}, {"uuid": "567d1fbc-9301-45d8-a3d5-db481e34ca5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44666", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116575648891629346", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-44666 in zelon88 HRConvert2 (< 3.3.8) enables OS command injection via unsafe sanitizeString() handling of backtick & tab chars. Patch to 3.3.8 ASAP. Impact: full server compromise possible. Details: https://radar.offseq.com/threat/cve-2026-44666-cwe-78-improper-neutralization-of-s-fac9c425 #OffSeq #Vuln #Infosec", "creation_timestamp": "2026-05-15T00:00:58.285191Z"}, {"uuid": "e0627f60-a067-4db5-8e5d-6cf7cd634a83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44667", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmrp2ulaug2p", "content": "CVE-2026-44667 - Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering\nCVE ID : CVE-2026-44667\n \n Published : 26 mai 2026 17:42 | 19\u00a0minutes ago\n \n Description : FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8...", "creation_timestamp": "2026-05-26T19:11:06.766193Z"}, {"uuid": "13ff7480-b98e-4596-8290-3f1551b818db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44668", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmrq2hvnlt2p", "content": "CVE-2026-44668 - Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates\nCVE ID : CVE-2026-44668\n \n Published : 26 mai 2026 17:43 | 18\u00a0minutes ago\n \n Description : FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessC...", "creation_timestamp": "2026-05-26T19:28:45.193580Z"}, {"uuid": "a9529ee1-7c21-4505-967a-4816b532d4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44669", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmrrg2uh7r2c", "content": "CVE-2026-44669 - Faction: Stored XSS in Assessment Attachment Filename Preview Rendering\nCVE ID : CVE-2026-44669\n \n Published : 26 mai 2026 17:43 | 19\u00a0minutes ago\n \n Description : FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is...", "creation_timestamp": "2026-05-26T19:53:08.092664Z"}, {"uuid": "31d05637-7463-413d-adf8-a2603ba759f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44662", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlu63ckcem2t", "content": "CVE-2026-44662 - rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding\nCVE ID : CVE-2026-44662\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : rust-openssl provides OpenSSL bindings for the Rust programming language...", "creation_timestamp": "2026-05-15T01:19:53.672517Z"}, {"uuid": "742f7532-5d25-47f8-8801-87e102c1b3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44661", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlu66cf3a32r", "content": "CVE-2026-44661 - python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol\nCVE ID : CVE-2026-44661\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : python-utcp is the python implementation of UTCP. Prior to...", "creation_timestamp": "2026-05-15T01:21:34.042516Z"}, {"uuid": "128c4fa2-bf21-4dac-a6e7-9896c0babbc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44666", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlu7lyx2bd2h", "content": "CVE-2026-44666 - HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution\nCVE ID : CVE-2026-44666\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion s...", "creation_timestamp": "2026-05-15T01:47:07.602522Z"}]}