{"vulnerability": "cve-2026-5364", "sightings": [{"uuid": "9c18d900-df33-4ea2-b85d-4afc67515768", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5364", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mk7wcrsxiu2f", "content": "", "creation_timestamp": "2026-04-24T06:42:28.898731Z"}, {"uuid": "8334562e-8b7e-494a-9fdc-c633e5a9da55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5364", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mka2ifz2rk2f", "content": "", "creation_timestamp": "2026-04-24T07:57:11.993788Z"}, {"uuid": "1ecc739e-cf25-4e01-851e-166b86c9a9e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5364", "type": "seen", "source": "Telegram/wW_QtDkhRnA9qn3zMxBPWcdzUosuSeXfPe_xeyw8Vo0UIcA", "content": "", "creation_timestamp": "2026-04-24T07:15:43.000000Z"}, {"uuid": "a29f57a0-8e10-4fd6-bd9f-cc7ed43f4444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5364", "type": "seen", "source": "https://t.me/GithubRedTeam/85975", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-5364\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a xxconi\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-26 12:59:41\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-5364 is a CVSS 8.1 (High) Unauthenticated Arbitrary File Upload vulnerability in the Drag and Drop File Upload for Contact Form 7\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-26T13:00:05.000000Z"}, {"uuid": "85844572-8128-4677-9da5-a85d0d4476f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5364", "type": "seen", "source": "Telegram/IqAYll4ZzjxpeZQ_8CUvuT_fob3B5lJjEUBfv2EUXY56hck", "content": "", "creation_timestamp": "2026-05-27T21:12:27.000000Z"}, {"uuid": "05341728-d1d6-4fcc-942c-27163f351d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5364", "type": "seen", "source": "Telegram/x-gpTIreB2tb5Q-Jw8cVX3Xwo2MhNZ2uzY1qavh-XKqhSxE", "content": "", "creation_timestamp": "2026-05-27T21:06:35.000000Z"}, {"uuid": "27cec3ae-bc1b-4f57-afc3-d65f91f8aa44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53646", "type": "published-proof-of-concept", "source": "Telegram/YXCyRYfB5puG4zVuSsqFt0CqpucG34vnwOdsG1DKfw8sOUE", "content": "", "creation_timestamp": "2026-06-12T11:00:12.000000Z"}, {"uuid": "d5045867-b77a-4c84-a2e5-b9cdad1b5912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53646", "type": "published-proof-of-concept", "source": "Telegram/ycLXaxSGB-_ldONYQWC7S6J3lanIcH0nsjxJAaBzeM5ug0Y", "content": "", "creation_timestamp": "2026-06-12T15:00:07.000000Z"}, {"uuid": "469448ea-3c26-4216-89ca-788aed49f97c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53647", "type": "published-proof-of-concept", "source": "Telegram/ycLXaxSGB-_ldONYQWC7S6J3lanIcH0nsjxJAaBzeM5ug0Y", "content": "", "creation_timestamp": "2026-06-12T15:00:07.000000Z"}, {"uuid": "d8858218-1219-4df7-b397-ad41e32fd8b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53647", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzc5d4mqg22", "content": "CVE-2026-53647 - FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint\nCVE ID : CVE-2026-53647\n \n Published : July 6, 2026, 11:10 p.m. | 37\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing an...", "creation_timestamp": "2026-07-06T23:56:41.508266Z"}, {"uuid": "8dc2b10a-dd7a-4d5a-b06a-058f31089152", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53648", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzcgbl4ul2j", "content": "CVE-2026-53648 - FOSSBilling: Downloadable product files can be overwritten through filename collisions\nCVE ID : CVE-2026-53648\n \n Published : July 6, 2026, 11:12 p.m. | 36\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing and client management system. Pr...", "creation_timestamp": "2026-07-07T00:01:41.992549Z"}, {"uuid": "14cff41a-50cc-470c-881c-dc5dff14dc82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53643", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzcv6vysq26", "content": "CVE-2026-53643 - FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints\nCVE ID : CVE-2026-53643\n \n Published : July 6, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing and client man...", "creation_timestamp": "2026-07-07T00:10:02.098382Z"}, {"uuid": "93c9aa04-a3fe-45d0-a17d-d181446d0455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53644", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzcoa7h4v23", "content": "CVE-2026-53644 - FOSSBilling's missing order-state validation allows clients to read and reset API key secrets for non-active orders\nCVE ID : CVE-2026-53644\n \n Published : July 6, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing and...", "creation_timestamp": "2026-07-07T00:06:09.169151Z"}, {"uuid": "65d6a065-3c4c-40a2-aa21-d6defd94a884", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53642", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzcyzwgmt2a", "content": "CVE-2026-53642 - FOSSBilling: Unverified clients can access client-area pages when email confirmation is required\nCVE ID : CVE-2026-53642\n \n Published : July 6, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing and client management ...", "creation_timestamp": "2026-07-07T00:12:11.164822Z"}, {"uuid": "a40ca9aa-9a55-47b1-97fc-1417e4c73d5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53641", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzeagtf7d2w", "content": "CVE-2026-53641 - FOSSBilling has stored XSS in client email views via unescaped content in JavaScript template literal\nCVE ID : CVE-2026-53641\n \n Published : July 6, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing and client manage...", "creation_timestamp": "2026-07-07T00:34:13.514329Z"}, {"uuid": "c45413f5-7a0b-4fb9-a6fd-f84dcc26c9bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53640", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzesdsdgl2c", "content": "CVE-2026-53640 - FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect data\nCVE ID : CVE-2026-53640\n \n Published : July 6, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source bil...", "creation_timestamp": "2026-07-07T00:44:14.231190Z"}, {"uuid": "4ce6fdc5-d4e6-4c61-97e2-62c4bb0827f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53645", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzfeaqomd27", "content": "CVE-2026-53645 - FOSSBilling's missing self-edit prevention in staff permission management allows persistent privilege escalation\nCVE ID : CVE-2026-53645\n \n Published : July 6, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing and cl...", "creation_timestamp": "2026-07-07T00:54:15.156456Z"}, {"uuid": "0a76f11b-7027-4eb0-92f5-40e5cbf383d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53646", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpzfn77aq52j", "content": "CVE-2026-53646 - FOSSBilling: Client password reset token reuse allows persistent account takeover\nCVE ID : CVE-2026-53646\n \n Published : July 6, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : FOSSBilling is a free, open-source billing and client management system. In vers...", "creation_timestamp": "2026-07-07T00:59:15.500137Z"}, {"uuid": "3ed5b677-0483-4a63-ae24-0d94350e3403", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53645", "type": "seen", "source": "https://bsky.app/profile/malwareobserver.bsky.social/post/3mpzjbl2rdb22", "content": "\ud83d\udc1b VULNERABILITIES CVE Notify: \ud83d\udea8 [CVE-2026-53645](https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-4hf7-xxxw-64...\nhttps://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-4hf7-xxxw-64rm #PatchManagement #Vulnerability #CVE", "creation_timestamp": "2026-07-07T02:04:20.296874Z"}, {"uuid": "f5fb7668-1ef1-4964-abf2-baaf54f56bba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53649", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5zcy53mf2d", "content": "CVE-2026-53649 - bishopfox\nJoro's default proxy mode allows attackers to upload malicious plugins and execute code on the system without a password. This can happen when a user visits a website with\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#bishopfox #Golang #CVE #infosec", "creation_timestamp": "2026-07-08T21:02:06.535500Z"}, {"uuid": "74618e8f-0aa4-4981-824c-d0dff31c05e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53647", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88469", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a FOSKiller\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 7megaumka7\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-12 10:32:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nFOSSBilling CVE-2026-53647 &amp; CVE-2026-53646 PoC \u2014 Unauthenticated API key disclosure &amp; password reset token reuse\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-12T07:00:04.852886Z"}, {"uuid": "645068a7-1011-44fa-b09a-9578cd0cf61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53646", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88469", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a FOSKiller\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 7megaumka7\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-12 10:32:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nFOSSBilling CVE-2026-53647 &amp; CVE-2026-53646 PoC \u2014 Unauthenticated API key disclosure &amp; password reset token reuse\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-12T07:00:04.890568Z"}, {"uuid": "eba833e9-bb4e-4f43-a8b6-23d3c099588c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53647", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88469", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a FOSKiller\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 7megaumka7\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-12 10:32:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nFOSSBilling CVE-2026-53647 &amp; CVE-2026-53646 PoC \u2014 Unauthenticated API key disclosure &amp; password reset token reuse\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T00:00:50.137283Z"}, {"uuid": "6a509fc6-66f2-4e2a-99c3-d7f1ed07b0ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53646", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/88469", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a FOSKiller\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 7megaumka7\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-12 10:32:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nFOSSBilling CVE-2026-53647 &amp; CVE-2026-53646 PoC \u2014 Unauthenticated API key disclosure &amp; password reset token reuse\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T00:00:50.178412Z"}]}