{"vulnerability": "cve-2026-4189", "sightings": [{"uuid": "62a90421-5e2c-4665-a45f-a8e4f75ad553", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41898", "type": "seen", "source": "Telegram/FGivxNz61ghqDj4ER4orUo942MC3d41x9N89ngSi7socZnE", "content": "", "creation_timestamp": "2026-04-24T19:23:26.000000Z"}, {"uuid": "533ce068-8809-4a00-9a9d-d69914a8f1ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41891", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlahjfoxve2e", "content": "CVE-2026-41891 - CI4MS: Deactivated User Session Bypass (active=0)\nCVE ID : CVE-2026-41891\n \n Published : May 7, 2026, 3:24 a.m. | 1\u00a0hour ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authoriza...", "creation_timestamp": "2026-05-07T05:15:35.996527Z"}, {"uuid": "6053e562-0447-44b7-beed-6a627067dbac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41890", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlaltohzys2i", "content": "CVE-2026-41890 - CI4MS: Arbitrary Database Table Drop via Theme deleteProcess\nCVE ID : CVE-2026-41890\n \n Published : May 7, 2026, 3:23 a.m. | 1\u00a0hour, 1\u00a0minute ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architectur...", "creation_timestamp": "2026-05-07T06:32:55.274902Z"}, {"uuid": "b257e4ff-a794-42da-b55b-4fae1a54ad39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41893", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlh66esqzt2e", "content": "CVE-2026-41893 - Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force)\nCVE ID : CVE-2026-41893\n \n Published : May 9, 2026, 8:16 p.m. | 33\u00a0minutes ago\n \n Description : Signal K Server is a server application that runs on a central hub in a boat...", "creation_timestamp": "2026-05-09T21:17:00.057280Z"}, {"uuid": "3d5ab42b-74b2-4fb2-b680-c323592bb275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116549813973032624", "content": "\ud83d\udee1\ufe0f HIGH severity in SignalK signalk-server <2.25.0 (CVE-2026-41893): WebSocket login bypasses rate limits, enabling fast brute force attacks. Patch to 2.25.0+ ASAP. Details: https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #infosec #vuln #bruteforce", "creation_timestamp": "2026-05-10T10:30:27.621952Z"}, {"uuid": "677a5b80-0a61-403d-aadc-1917581ad32b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41893", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlikjaceor2p", "content": "SignalK signalk-server <2.25.0 has a HIGH severity flaw: attackers can brute force passwords via WebSocket with no rate limit. Upgrade to 2.25.0+ to stay protected. \ud83d\udd12 https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #cybersecurity #vuln", "creation_timestamp": "2026-05-10T10:30:29.331059Z"}, {"uuid": "a126b841-66f9-469e-af9d-19002533b5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41893", "type": "published-proof-of-concept", "source": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-vmfm-ch9h-5c7g", "content": "", "creation_timestamp": "2026-04-23T17:45:50.000000Z"}, {"uuid": "753c6046-07fe-4389-bf7e-97ac99a48ce4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41894", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872", "content": "", "creation_timestamp": "2026-04-19T09:48:52.000000Z"}, {"uuid": "9da6543b-d94e-4125-b03a-03b0c7ca8a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41894", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mp2zg2oftg2u", "content": "\ud83d\udea8 EUVD-2026-39122\n\ud83d\udcca 7.5/10\n\ud83c\udfe2 siyuan-note\n\n\ud83d\udcdd SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 (\"Path Traversal via Double URL Encoding\")...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-39122\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-06-24T23:00:38.531766Z"}, {"uuid": "a258c537-718a-4ddc-9a32-e97f33c4d587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41896", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mphmhrstrp2h", "content": "CVE-2026-41896 - Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret\nCVE ID : CVE-2026-41896\n \n Published : June 29, 2026, 8:16 p.m. | 1\u00a0hour, 29\u00a0minutes ago\n \n Description : Coolify is an open-source and self-hostable tool for managing servers...", "creation_timestamp": "2026-06-29T23:13:38.106042Z"}, {"uuid": "586849a3-1218-4af3-a145-a94d8e9df642", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41896", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mphmq3627t2n", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41896 \u0432 Coolify: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/871F2929-0446-40E5-9079-68E5DD082B08", "creation_timestamp": "2026-06-29T23:18:12.504250Z"}]}