{"vulnerability": "cve-2026-4580", "sightings": [{"uuid": "ec07fcdf-1551-41d3-ad86-884a56455d89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4580", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhq4cdl5zg2d", "content": "", "creation_timestamp": "2026-03-23T12:56:36.642956Z"}, {"uuid": "79fa453e-0ad6-44d5-ad82-dfcf44a4979d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4580", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3miozkvwmgl2c", "content": "", "creation_timestamp": "2026-04-04T20:00:15.455335Z"}, {"uuid": "cd5826c4-35c2-4172-90cc-b84943da8ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45804", "type": "published-proof-of-concept", "source": "https://github.com/huggingface/diffusers/security/advisories/GHSA-7wx4-6vff-v64p", "content": "", "creation_timestamp": "2026-05-20T10:40:56.000000Z"}, {"uuid": "779be5a2-d384-4b1d-9773-59ebc58c2b9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45803", "type": "published-proof-of-concept", "source": "https://github.com/cli/cli/security/advisories/GHSA-crc3-h8v6-qh57", "content": "", "creation_timestamp": "2026-05-13T15:20:46.000000Z"}, {"uuid": "fba6756e-544b-495b-959d-b6509483e439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45805", "type": "published-proof-of-concept", "source": "https://github.com/penpot/penpot/security/advisories/GHSA-22qr-rp27-j9wm", "content": "", "creation_timestamp": "2026-05-19T10:41:54.000000Z"}, {"uuid": "5bd62d3e-82d0-49bc-b70e-834c961d7272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45800", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mmyf5heqfc2n", "content": "\u3010\u8106\u5f31\u6027\u60c5\u5831\u3011 CVE-2026-45800 Vvveb\u00a0CMS\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\n\nVvveb CMS\u306e\u30d0\u30fc\u30b8\u30e7\u30f31.0.8.3\u4ee5\u524d\u306b\u304a\u3044\u3066\u3001\u30d5\u30ed\u30f3\u30c8\u30a8\u30f3\u30c9\u306e\u30e6\u30fc\u30b6\u30fc\u6ce8\u6587\u5c65\u6b74\u30da\u30fc\u30b8\u306b\u8a8d\u8a3c\u3055\u308c\u305fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u554f\u984c\u304c\u3042\u308a\u307e\u3059\u3002", "creation_timestamp": "2026-05-29T11:02:12.906183Z"}, {"uuid": "56b0f632-c55b-4ac1-8161-eeac2d81d214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45802", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo27jwcmmd2m", "content": "CVE-2026-45802 - FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service\nCVE ID : CVE-2026-45802\n \n Published : June 11, 2026, 8:16 p.m. | 1\u00a0hour, 3\u00a0minutes ago\n \n Description : FPDI is a collection of PHP classes that facilitate reading pages from existing...", "creation_timestamp": "2026-06-11T21:52:19.491494Z"}, {"uuid": "3613f3a8-619a-4bf2-aaff-120eb6e3c813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45807", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7ziubtsx2c", "content": "CVE-2026-45807 - Kestra: Path traversal via URL-encoded \"%2E%2E\" in execution and namespace file endpoints allows arbitrary file read\nCVE ID : CVE-2026-45807\n \n Published : June 26, 2026, 8:57 p.m. | 47\u00a0minutes ago\n \n Description : Kestra is an open-source, event-driven orches...", "creation_timestamp": "2026-06-26T22:45:31.335530Z"}, {"uuid": "a8445282-7614-4b07-b0cb-2e6d0ad28d7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45807", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpcarecjsf2g", "content": "\ud83d\udfe0 CVE-2026-45807 - High (7.7)\n\nKestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, severa...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45807/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-27T20:00:53.259704Z"}, {"uuid": "5dd11733-09ee-4e65-8fc0-991eb78d82e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgqappmug2n", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-45807 \u0432 Kestra: \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u043e\u0440\u043a\u0435\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/278EC98C-5C1A-4800-8E5A-EE2B71DBB48F", "creation_timestamp": "2026-06-29T14:48:32.731359Z"}, {"uuid": "44daa104-ca6e-4949-b7d9-c637c8a3dc12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mph7afwvm62o", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-45807 \u0432 Kestra: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/E17F8C19-07E0-4B07-A4CA-835AC965C05B", "creation_timestamp": "2026-06-29T19:16:48.351474Z"}, {"uuid": "2d24fd33-3634-4fcb-a73e-2afc58c765f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45807", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mplmdhiovq24", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-45807 \u0432 Kestra: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/45D4C754-C673-47B5-AE10-7DC2EE5A187A", "creation_timestamp": "2026-07-01T13:21:48.312650Z"}, {"uuid": "b53915c5-f7a7-47ab-aa4f-ba7cfe59f0fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "seen", "source": "https://t.me/GithubRedTeam/90702", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-45806\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xmrma\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-26 12:56:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPenpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:18.326041Z"}, {"uuid": "3ba86a07-c3d8-45b0-98b1-cf3a70b297ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "seen", "source": "https://t.me/GithubRedTeam/90702", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-45806\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xmrma\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-26 12:56:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPenpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:34.647515Z"}, {"uuid": "7c8ef989-d943-45a0-bcd1-431337f97f47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/90702", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-45806\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xmrma\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-26 12:56:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPenpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:21.440636Z"}, {"uuid": "9994e7d8-4e59-4070-b2ee-95c6731bd82c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "seen", "source": "Telegram/JMPLlqAJKVKStPUctSi0425VFAAqn_JlP0EBk3HwzAKEQKc", "content": "", "creation_timestamp": "2026-07-16T19:00:31.222900Z"}, {"uuid": "cf82bce2-d10c-47b4-9179-a1dd79082bde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "seen", "source": "Telegram/cp2rVOV36WL3kV8x4_ScnxuKP0fsnO5ojw1d2EB8ZtBxrfQ", "content": "", "creation_timestamp": "2026-07-16T19:00:30.895709Z"}, {"uuid": "8804fd09-3fb8-4c18-ba8a-6d75dd8c00dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "seen", "source": "Telegram/JMPLlqAJKVKStPUctSi0425VFAAqn_JlP0EBk3HwzAKEQKc", "content": "", "creation_timestamp": "2026-07-17T00:00:47.941294Z"}, {"uuid": "5d8e0b5d-4b6b-4190-acfd-7b0f38e6a43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "seen", "source": "Telegram/cp2rVOV36WL3kV8x4_ScnxuKP0fsnO5ojw1d2EB8ZtBxrfQ", "content": "", "creation_timestamp": "2026-07-17T00:00:47.626924Z"}, {"uuid": "8a7eb219-da96-4e9d-8cd5-5d8b87c30095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45806", "type": "published-proof-of-concept", "source": "Telegram/cp2rVOV36WL3kV8x4_ScnxuKP0fsnO5ojw1d2EB8ZtBxrfQ", "content": "", "creation_timestamp": "2026-07-18T03:00:03.278514Z"}]}