{"vulnerability": "CVE-2026-2742", "sightings": [{"uuid": "22abd264-ceda-4ace-87b4-e15b4156d728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27421", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlbdrwbppn2i", "content": "CVE-2026-27421 - WordPress Royal Elementor Addons plugin\nCVE ID : CVE-2026-27421\n \n Published : May 7, 2026, 9:16 a.m. | 3\u00a0hours, 8\u00a0minutes ago\n \n Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal ...", "creation_timestamp": "2026-05-07T13:41:25.996961Z"}, {"uuid": "fccaa39a-cc92-4edd-8b7c-b4765a81361e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2742", "type": "seen", "source": "https://bsky.app/profile/hackinghub.bsky.social/post/3mmu3o5rvev2e", "content": "Vaadin treats the request as a framework request, triggers initialization, and creates a session without proper authorization.\n\nThis is CVE-2026-2742: unauthorized session creation via reserved framework path access.", "creation_timestamp": "2026-05-27T18:01:56.285277Z"}, {"uuid": "ab7412d1-8f7f-4742-9b2c-ecee34ac53a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-27427", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmquylwq7m2n", "content": "CVE-2026-27427 - WordPress Geo Mashup plugin\nCVE ID : CVE-2026-27427\n \n Published : May 26, 2026, 8:19 a.m. | 2\u00a0hours, 12\u00a0minutes ago\n \n Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup al...", "creation_timestamp": "2026-05-26T11:24:31.627294Z"}]}