{"uuid": "e4e86aa3-cff4-471f-8ef2-9e60cf2e81ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34971", "type": "seen", "source": "https://bsky.app/profile/greymoth-jp.bsky.social/post/3mmmvp55z4c2q", "content": "9 security fixes shipped:\n\n- Supabase RLS: profiles require auth, subscribers locked\n- jsonwebtoken 9 to 10.4.0 (CVE auth bypass)\n- wasmtime 29 to 36 (CVE-2026-34971, CVSS 9.0)\n- Next.js 16.2.5 to 16.2.6 (13 CVEs)\n- 35 raw service-key calls centralised\n\nkairon.trade\n", "creation_timestamp": "2026-05-24T21:26:28.706753Z"}