{"vulnerability": "cve-2026-4506", "sightings": [{"uuid": "735df1ad-a510-428a-8802-04ef4b94ea61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45062", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlzcx6mem62h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-42511: 56 interactions\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 51 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45062: 11 interactions\nCVE-2020-17103: 8 interactions\nCVE-2026-46333: 5 interactions\n", "creation_timestamp": "2026-05-17T02:40:31.791120Z"}, {"uuid": "400bbea9-0954-4ebe-932b-1d96087fd739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45062", "type": "seen", "source": "https://bsky.app/profile/dunglas.dev/post/3mlxl2h6gpc2k", "content": "\ud83d\ude80 FrankenPHP 1.12.3 is out!\n\n\u26a1\ufe0f 7-8% throughput bump from a refreshed PGO profile\n\ud83d\udd12 Fixes CVE-2026-45062 (CVSS 8.1) unsafe Unicode handling flaw. Upgrade if on v1.11.2 - v1.12.2!\n\u2699\ufe0f Adds per-thread max_requests & cross-platform thread force-kill.\n\nRelease notes: github.com/php/frankenp...", "creation_timestamp": "2026-05-16T09:50:05.901229Z"}, {"uuid": "6f232eff-e111-4c81-859d-b59d7de7cb78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45068", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqoqvzdp2y", "content": "\ud83d\udd10 CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45068-argument-injection-in-sendmailtransport-via-dash-prefixed-recipient-address", "creation_timestamp": "2026-05-20T10:57:29.949199Z"}, {"uuid": "709c953d-6297-457d-926c-e13bf0c69dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45063", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqocmwr72o", "content": "\ud83d\udd10 CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45063-identity-spoofing-via-unanchored-dn-regex-in-x509authenticator", "creation_timestamp": "2026-05-20T10:57:14.986920Z"}, {"uuid": "d46ee4aa-c73b-4307-9e33-741fb2cfefe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45064", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqofftwz2n", "content": "\ud83d\udd10 CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters \u2192 Visual href Spoofing\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45064-htmlsanitizer-url-attributes-pass-through-bidi-override-characters-visual-href-spoofing", "creation_timestamp": "2026-05-20T10:57:17.837056Z"}, {"uuid": "de670878-c7f2-4c65-a723-0cb73713ff1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45065", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqokyb2i2u", "content": "\ud83d\udd10 CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation \u2192 Off-Site //host URL Injection\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45065-urlgenerator-route-requirement-bypass-via-unanchored-regex-alternation-off-site-host-url-injection", "creation_timestamp": "2026-05-20T10:57:23.635239Z"}, {"uuid": "5e1843b2-fe7c-451f-9e43-cc2c395a02a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45067", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqovqbog2y", "content": "\ud83d\udd10 CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\\Component\\Mime\\Address\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45067-email-header-smtp-command-injection-via-crlf-in-symfony-component-mime-address", "creation_timestamp": "2026-05-20T10:57:34.938448Z"}, {"uuid": "1a7cf19e-2e8a-4a4d-9f50-e671921e06f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45066", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqp4m3gj25", "content": "\ud83d\udd10 CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and  Misclassification\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45066-htmlsanitizer-allowlinkhosts-allowmediahosts-bypass-via-url-parser-differentials-and-area-misclassification", "creation_timestamp": "2026-05-20T10:57:42.142136Z"}, {"uuid": "b2d9eb06-578a-4700-b2b4-b825357aab2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45069", "type": "seen", "source": "https://bsky.app/profile/symfony.com/post/3mmbqpbof7o2y", "content": "\ud83d\udd10 CVE-2026-45069: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims\n\u27a1\ufe0f https://symfony.com/blog/cve-2026-45069-oidctokenhandler-accepts-jwts-missing-aud-iss-exp-claims", "creation_timestamp": "2026-05-20T10:58:12.020717Z"}, {"uuid": "ecb667cb-5446-4607-b13f-92a17cd1fa8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45064", "type": "seen", "source": "https://bsky.app/profile/mradcliffe.nokoto.org.ap.brid.gy/post/3mmbu4igtlyo2", "content": "Symfony 7.4.12, Symfony 8.0.12 and Twig 3.26.0 releases today with a bunch of CVEs.\n\nCVE-2026-46640 in twig and CVE-2026-45075 in Symfony router and CVE-2026-45064 in Symfony sanitizer seem particularly scary.\n\n`composer update` and test, test, test.", "creation_timestamp": "2026-05-20T11:59:01.857372Z"}, {"uuid": "d44a2cab-01bd-4f9d-9eaa-ce30a4247d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45062", "type": "published-proof-of-concept", "source": "https://github.com/php/frankenphp/security/advisories/GHSA-3g8v-8r37-cgjm", "content": "", "creation_timestamp": "2026-05-15T10:55:59.000000Z"}, {"uuid": "f352d299-032d-4952-af84-a56fb7143886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45061", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-xh5j-727m-w6gg", "content": "", "creation_timestamp": "2026-05-07T08:35:49.000000Z"}]}