{"vulnerability": "CVE-2026-28737", "sightings": [{"uuid": "854f77b2-35b3-46c6-b4c1-581cef6f1b0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28737", "type": "seen", "source": "https://bsky.app/profile/vmorecloud.bsky.social/post/3mjvoyk7fjb2y", "content": "", "creation_timestamp": "2026-04-20T05:04:51.250631Z"}, {"uuid": "2c1f4773-868a-4d91-8ea5-0fbed7011a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-28737", "type": "published-proof-of-concept", "source": "https://github.com/go-gitea/gitea/security/advisories/GHSA-9cpj-qc93-vw8v", "content": "", "creation_timestamp": "2026-06-14T20:13:42.000000Z"}, {"uuid": "0d55a552-9466-4211-9541-339fd12adf20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-28737", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpweilsl2s24", "content": "\ud83d\udfe0 CVE-2026-28737 - High (8.7)\n\nGitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensions...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-28737/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-05T20:00:48.713636Z"}]}