{"vulnerability": "cve-2026-46489", "sightings": [{"uuid": "be472d40-c688-4b57-ab0a-daeeb9a591f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46489", "type": "seen", "source": "https://bsky.app/profile/releaseport.com/post/3mm4cln3l4l2s", "content": "SolidInvoice 2.3.17 patches CVE-2026-46489\nBlocks stored XSS via SVG uploads; hashing API tokens limits database breach impact.\nUpgrade carefully.\n\n\u2192 releaseport.com/r/solidinvoice-solidinvoice/2-3-17", "creation_timestamp": "2026-05-18T07:02:50.150630Z"}, {"uuid": "983861e3-7f66-489b-8eea-f0ec2f35d8c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46489", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo2ak5zje723", "content": "CVE-2026-46489 - SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo\nCVE ID : CVE-2026-46489\n \n Published : June 11, 2026, 8:16 p.m. | 1\u00a0hour, 3\u00a0minutes ago\n \n Description : SolidInvoice is an open-source invoicing platform. ...", "creation_timestamp": "2026-06-11T22:10:28.963940Z"}]}