{"vulnerability": "cve-2026-4571", "sightings": [{"uuid": "6baca5b1-4c75-42b3-bb10-88972df00f6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4571", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4571", "content": "", "creation_timestamp": "2026-03-23T04:16:07.000000Z"}, {"uuid": "58918e78-26e3-4a18-8e59-bb759bce7255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45714", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlrj5qnbnd2e", "content": "CVE-2026-45714 - CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE\nCVE ID : CVE-2026-45714\n \n Published : May 13, 2026, 9:16 p.m. | 14\u00a0minutes ago\n \n Description : CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Ser...", "creation_timestamp": "2026-05-14T00:00:08.032168Z"}, {"uuid": "8b907c73-871b-46ce-90a0-87a8e14a1496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45714", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlro7dqd722v", "content": "CubeCart < 6.7.0 hit by CRITICAL SSTI flaw \u2014 admins can run OS commands via Smarty templates (RCE risk). Upgrade to 6.7.0+ now! https://radar.offseq.com/threat/cve-2026-45714-cwe-94-improper-control-of-generati-b4219bcf #OffSeq #CubeCart #RCE", "creation_timestamp": "2026-05-14T01:30:30.609096Z"}, {"uuid": "428d03fe-6975-41f7-b771-0f0c64127cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45714", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116570339883701677", "content": "\ud83d\udea8 CRITICAL: CVE-2026-45714 in CubeCart < 6.7.0 enables authenticated admins to execute OS commands via SSTI (Smarty engine) \u2014 full RCE risk. Patch to 6.7.0+ ASAP! https://radar.offseq.com/threat/cve-2026-45714-cwe-94-improper-control-of-generati-b4219bcf #OffSeq #CubeCart #SSTI #RCE #Vuln", "creation_timestamp": "2026-05-14T01:32:49.656352Z"}, {"uuid": "4c31bb5a-aeed-48cb-83da-6900d84b63b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45716", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-c54j-xp92-wh28", "content": "", "creation_timestamp": "2026-05-12T10:27:24.000000Z"}, {"uuid": "2011a00b-9e65-48d6-b9e7-e1498451e688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45713", "type": "published-proof-of-concept", "source": "https://github.com/axllent/mailpit/security/advisories/GHSA-fpxj-m5q8-fphw", "content": "", "creation_timestamp": "2026-05-14T04:53:02.000000Z"}, {"uuid": "bdd4f2a8-c3ac-4924-80d0-f8f87f0227da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45712", "type": "published-proof-of-concept", "source": "https://github.com/axllent/mailpit/security/advisories/GHSA-w4vj-r5pg-3722", "content": "", "creation_timestamp": "2026-05-14T04:53:15.000000Z"}, {"uuid": "5f295699-1d7f-438f-bb07-dbc0e4592056", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45711", "type": "published-proof-of-concept", "source": "https://github.com/axllent/mailpit/security/advisories/GHSA-qx5x-85p8-vg4j", "content": "", "creation_timestamp": "2026-05-14T04:53:32.000000Z"}, {"uuid": "ab3238f2-a2c2-4af9-aca5-589bdcc90f90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45718", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-3263-v5v9-xq8q", "content": "", "creation_timestamp": "2026-05-12T10:28:53.000000Z"}, {"uuid": "98b39680-1d2f-4f34-9716-06eea3010743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45717", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-44m2-crh7-f4q2", "content": "", "creation_timestamp": "2026-05-12T10:28:19.000000Z"}, {"uuid": "08eaf8f8-dbec-4f7e-9145-2b27d84cdacd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45715", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-fgqv-jh4g-pvg2", "content": "", "creation_timestamp": "2026-05-12T10:25:47.000000Z"}, {"uuid": "a07fa4a0-c0d5-4cdb-b6a4-b801ede35ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45719", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7fpio442c", "content": "CVE-2026-45719 - Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API\nCVE ID : CVE-2026-45719\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 View...", "creation_timestamp": "2026-05-27T19:08:48.002568Z"}, {"uuid": "b1ab72d0-4143-438b-937e-3dd8d0c621cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45717", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7jtzdbq2c", "content": "CVE-2026-45717 - Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.\nCVE ID : CVE-2026-45717\n \n P...", "creation_timestamp": "2026-05-27T19:11:06.954359Z"}, {"uuid": "bd73e4f3-8a64-419b-b964-c9de77fed655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45718", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7oefvvl2e", "content": "CVE-2026-45718 - Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows\nCVE ID : CVE-2026-45718\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to...", "creation_timestamp": "2026-05-27T19:13:38.140467Z"}]}