{"vulnerability": "CVE-2026-4454", "sightings": [{"uuid": "2a2fc9fc-848c-4cde-84f5-decc2a378567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4454", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmh72zff32t", "content": "", "creation_timestamp": "2026-03-22T02:00:59.458742Z"}, {"uuid": "2a14759e-b308-41ac-9add-b1d269ca90f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44547", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116564324244482665", "content": "\ud83d\udea8 CVE-2026-44547: CRITICAL improper authentication in ChurchCRM 7.2.0 \u2013 7.3.0 (CVSS 9.6). Low-priv attackers can bypass auth and compromise data. Upgrade to 7.3.1 urgently! https://radar.offseq.com/threat/cve-2026-44547-cwe-287-improper-authentication-in--0654119a #OffSeq #ChurchCRM #Vuln #infosec", "creation_timestamp": "2026-05-13T00:00:38.052582Z"}, {"uuid": "124f00b4-4a16-4572-aced-966f952e9c9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4454", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116260136237858100", "content": "", "creation_timestamp": "2026-03-20T06:41:37.340345Z"}, {"uuid": "9d59379b-cf19-4694-9f84-a20418a7895c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4454", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260324", "content": "", "creation_timestamp": "2026-03-24T01:00:00.000000Z"}, {"uuid": "b0b6d343-3447-40cf-b92a-c9cbe296430c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44547", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mloypqjnid2d", "content": "CRITICAL: ChurchCRM 7.2.0 \u2013 7.3.0 has a major auth flaw (CVE-2026-44547, CVSS 9.6). Attackers can fully compromise data \u2014 upgrade to 7.3.1 now! \ud83d\udd11 https://radar.offseq.com/threat/cve-2026-44547-cwe-287-improper-authentication-in--0654119a #OffSeq #ChurchCRM #security", "creation_timestamp": "2026-05-13T00:00:39.042964Z"}, {"uuid": "fe1cabea-86e4-471f-ad99-6863b311b3ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44548", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp5am37m42p", "content": "CVE-2026-44548 - ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)\nCVE ID : CVE-2026-44548\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church management s...", "creation_timestamp": "2026-05-13T01:21:38.956525Z"}, {"uuid": "856e6e42-3ab0-4dff-a546-070812a88691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44548", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp5eh2e672e", "content": "CVE-2026-44548 - ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)\nCVE ID : CVE-2026-44548\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church management sy...", "creation_timestamp": "2026-05-13T01:23:47.961696Z"}, {"uuid": "92dbb930-75ae-434a-8369-8784d926200c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp7gkadlq2v", "content": "CVE-2026-44547 - ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2\nCVE ID : CVE-2026-44547\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : ChurchCRM is an open-source churc...", "creation_timestamp": "2026-05-13T02:00:45.882500Z"}, {"uuid": "5950661e-ae43-49e8-bd07-88fc193f1584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlp7yh4nla2i", "content": "CVE-2026-44547 - ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2\nCVE ID : CVE-2026-44547\n \n Published : May 12, 2026, 11:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : ChurchCRM is an open-source church...", "creation_timestamp": "2026-05-13T02:10:46.573881Z"}, {"uuid": "48e2f0e2-ce7a-4c8d-9919-f110fc1085cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44547", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlpdczvqto2g", "content": "\ud83d\udd34 CVE-2026-44547 - Critical (9.6)\n\nChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44547/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-13T03:10:23.757397Z"}, {"uuid": "c6e263a2-4ee4-4193-8c43-95d606ceb0d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44548", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlpddbew5w2g", "content": "\ud83d\udfe0 CVE-2026-44548 - High (8.1)\n\nChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET na...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44548/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-13T03:10:31.746129Z"}, {"uuid": "f96c2e24-7d96-4767-9b77-62e310ff1b0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44542", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mltfj43q4y2l", "content": "CRITICAL: gtsteffaniak FileBrowser Quantum (<1.3.1-stable, <1.3.9-beta) vulnerable to path traversal (CVE-2026-44542) \u2014 attackers can delete files outside shared dirs. Upgrade now! \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-44542-cwe-22-improper-limitation-of-a-pat-f7d1f33b #OffSeq #vulnerability...", "creation_timestamp": "2026-05-14T18:00:13.692256Z"}, {"uuid": "89411b43-374b-46e4-b5ee-c5828c15d1e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44542", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116574231625366098", "content": "\ud83d\udea8 CRITICAL: CVE-2026-44542 in gtsteffaniak FileBrowser Quantum (<1.3.1-stable, <1.3.9-beta) allows unauthenticated file deletion via path traversal. Upgrade to fixed versions ASAP for protection! https://radar.offseq.com/threat/cve-2026-44542-cwe-22-improper-limitation-of-a-pat-f7d1f33b #OffSeq #vulnerability #FileBrowser #cybersecurity", "creation_timestamp": "2026-05-14T18:02:13.443525Z"}, {"uuid": "79f91043-5e11-4ce8-8408-6ee244095327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44549", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mlws46qntr2f", "content": "Open WebUI 0.8.0\u672a\u6e80\u3067\u3001\u7d30\u5de5\u3055\u308c\u305fExcel\u30d5\u30a1\u30a4\u30eb\u306b\u3088\u308aXSS\u8106\u5f31\u6027\u304c\u767a\u751f\u3002\u653b\u6483\u8005\u306fHTML\u306b\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u57cb\u3081\u8fbc\u307f\u3001DOM\u306b\u633f\u5165\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002\nCVE-2026-44549 CVSS 7.3 | HIGH", "creation_timestamp": "2026-05-16T02:23:37.676428Z"}, {"uuid": "3e7ece21-fc59-4969-9b0e-1a89e8c66ff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44549", "type": "published-proof-of-concept", "source": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jwf8-pv5p-vhmc", "content": "", "creation_timestamp": "2026-05-05T17:12:05.000000Z"}, {"uuid": "cfbf247e-7602-4516-8873-7654644a7a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44543", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwm5qtmgk2e", "content": "\ud83d\udfe0 CVE-2026-44543 - High (8.7)\n\nLocal Path Provisioner provides a way for the Kubernetes users to utilize the local storage in ea...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44543/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T18:02:19.920149Z"}, {"uuid": "ecb183a1-95c0-4e69-b8a6-b7a2b37f9970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44542", "type": "published-proof-of-concept", "source": "https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-fwj3-42wh-8673", "content": "", "creation_timestamp": "2026-05-01T19:08:36.000000Z"}, {"uuid": "bef83f90-0c7a-4bc5-b62c-a374b7b23f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44543", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwskzrhml2t", "content": "CVE-2026-44543 - Local Path Provisioner: HelperPod Template Injection\nCVE ID : CVE-2026-44543\n \n Published : May 28, 2026, 5:16 p.m. | 1\u00a0hour, 54\u00a0minutes ago\n \n Description : Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each no...", "creation_timestamp": "2026-05-28T19:57:07.314747Z"}]}