{"vulnerability": "cve-2026-1224", "sightings": [{"uuid": "5e1e4376-a3a5-4a7f-a2da-eb7ca34e605a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12249", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movmu4ylmw2q", "content": "CVE-2026-12249 - Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment\nCVE ID : CVE-2026-12249\n \n Published : June 22, 2026, 3:43 p.m. | 3\u00a0hours, 26\u00a0minutes ago\n \n Description : An issue was discovered in Canonical ADSys upstream versions through...", "creation_timestamp": "2026-06-22T19:32:33.826545Z"}, {"uuid": "aac4be51-006f-4eac-b49e-7d33e2e50d0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12249", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116800366330235493", "content": "Our CTI team identified a lot of activities targeting Canonical Ubuntu (CVE-2026-12249) https://vuldb.com/vuln/372740/cti", "creation_timestamp": "2026-06-23T16:29:16.891157Z"}, {"uuid": "54c1fb92-e35b-484c-82a2-a329db1777af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12242", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp23lpcwii2s", "content": "CVE-2026-12242 - AdRotate Banner Manager\nCVE ID : CVE-2026-12242\n \n Published : June 24, 2026, 12:33 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7...", "creation_timestamp": "2026-06-24T14:06:55.912045Z"}, {"uuid": "8c6ef2b3-4a64-487d-80b2-480a15304504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12245", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp3xbltijl2w", "content": "CVE-2026-12245 - Denial of DNS over TLS service by any DoT client\nCVE ID : CVE-2026-12245\n \n Published : June 25, 2026, 5:24 a.m. | 1\u00a0hour, 46\u00a0minutes ago\n \n Description : NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a cra...", "creation_timestamp": "2026-06-25T07:55:01.490227Z"}, {"uuid": "bcaded03-6345-49f1-a0d1-133e0ff90c2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12244", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp3xkkigqf2x", "content": "CVE-2026-12244 - Heap overflow and crash with crafted SVCB RR\nCVE ID : CVE-2026-12244\n \n Published : June 25, 2026, 5:24 a.m. | 1\u00a0hour, 46\u00a0minutes ago\n \n Description : If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing ...", "creation_timestamp": "2026-06-25T08:00:01.689906Z"}, {"uuid": "576d7554-0e91-4f49-a6af-47712c4b710e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12242", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mp6iuiorov2r", "content": "CVE-2026-12242 adrotate (CVSS Score 8.8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-26T08:15:08.591918Z"}, {"uuid": "1ff0f063-ac81-4ddb-b6a0-fdfa2349162d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12244", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mpegnart7x2e", "content": "NSD 4.14.3 from NLnet Labs (June 25) patches CVE-2026-12244, 12245, 12246, and 12490. The most serious is a heap overflow reachable via a crafted SVCB record in an AXFR, rated a stated CVSS of 8.7. Does your secondary trust its AXFR source enough to delay this patch?\n\n#DNS", "creation_timestamp": "2026-06-28T16:51:16.170233Z"}, {"uuid": "5a5b1483-d6f7-4538-959a-b9759fe03f79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12243", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mphu4lougb2t", "content": "NLTK 3.9.4 has a HIGH severity path traversal flaw \u2014 percent-encoded payloads can read files via nltk.data.load(). Affects web/NLP apps &amp; Jupyter. Review usage and restrict resource input. https://radar.offseq.com/threat/cve-2026-12243-cwe-22-improper-limitation-of-a-pat-3eae11979fc43a41 #OffSeq ...", "creation_timestamp": "2026-06-30T01:30:29.868277Z"}, {"uuid": "fc3c78df-4b5b-484b-a24f-2de8047efe60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12243", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116836468435158836", "content": "CVE-2026-12243: NLTK 3.9.4 suffers from a HIGH severity path traversal bug \u2014 percent-encoded sequences like ..%2f bypass directory checks, allowing arbitrary file reads in NLP apps/Jupyter/CLI. Audit usages &amp; restrict resource loading. https://radar.offseq.com/threat/cve-2026-12243-cwe-22-improper-limitation-of-a-pat-3eae11979fc43a41 #OffSeq #NLTK #Python", "creation_timestamp": "2026-06-30T01:30:32.997816Z"}, {"uuid": "4ae01c5a-afb9-41ec-b14c-43b5ad5a238b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12243", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mphut4okqz22", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-12243 \u0432 NLTK 3.9.4: \u0443\u0433\u0440\u043e\u0437\u0430 path traversal \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/D8109989-D984-4F37-B7BF-7B36809D1F96", "creation_timestamp": "2026-06-30T01:43:05.220815Z"}, {"uuid": "a43e4b8a-d024-440d-a94b-eacc92291b3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12243", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mphvan63hs2t", "content": "CVE-2026-12243 - Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()\nCVE ID : CVE-2026-12243\n \n Published : June 30, 2026, 12:14 a.m. | 1\u00a0hour, 31\u00a0minutes ago\n \n Description : NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomp...", "creation_timestamp": "2026-06-30T01:50:38.568333Z"}, {"uuid": "d13be5c9-cb43-4cf8-a742-f10f7fca080a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12240", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpis2mbdhh2u", "content": "CVE-2026-12240 - Export User Data\nCVE ID : CVE-2026-12240\n \n Published : June 30, 2026, 6:52 a.m. | 2\u00a0hours, 53\u00a0minutes ago\n \n Description : The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unser...", "creation_timestamp": "2026-06-30T10:26:14.708403Z"}, {"uuid": "49e937dd-9be2-43d2-9914-507755e49d46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12244", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpixuqdrz423", "content": "NLnet Labs patched critical NSD DNS vulnerabilities, including CVE-2026-12244. Update now to protect your multi-tenant secondary DNS deployments.\n\n#NSDDNS #CyberSecurity #Vulnerability #CVE202612244", "creation_timestamp": "2026-06-30T12:10:20.547895Z"}, {"uuid": "61986c70-b528-49af-ad45-ccfd7a1f0773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12240", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3mpjzrq4vsk2i", "content": "CVE-2026-12240 export-user-data (CVSS Score 8) \n\n#WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #hacking #wpsecurity #atomicedge #cybersecurity #malware #vulnerabilityresearch #cve #redteam #proofofconcept", "creation_timestamp": "2026-06-30T22:17:06.711604Z"}, {"uuid": "c68e5e72-d730-4bbf-aaa1-82aa5d4ea608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12245", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqaz5nfcwr23", "content": "\ud83d\udccc CVE-2026-12245 - NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be trigge... https://www.cyberhub.blog/cves/CVE-2026-12245", "creation_timestamp": "2026-07-10T01:37:06.802318Z"}, {"uuid": "d7412446-5efd-4b31-9b29-929286deb30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12244", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqbsccla2q2m", "content": "\ud83d\udccc CVE-2026-12244 - If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB... https://www.cyberhub.blog/cves/CVE-2026-12244", "creation_timestamp": "2026-07-10T09:07:06.979906Z"}]}