{"vulnerability": "cve-2026-5055", "sightings": [{"uuid": "f85cbab7-f7ad-4587-b94a-fcd4167e3607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5055", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj6sqgkwlk2r", "content": "", "creation_timestamp": "2026-04-11T02:40:39.828970Z"}, {"uuid": "f2a768aa-1a7c-4e73-a85f-806f1c6658f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5055", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mj72l7qsdp2h", "content": "", "creation_timestamp": "2026-04-11T05:00:55.254461Z"}, {"uuid": "abd36422-bf2d-4ff0-9ef3-166df866bc15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5055", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mjleup4in42t", "content": "", "creation_timestamp": "2026-04-16T02:37:07.242983Z"}, {"uuid": "ad82df8e-1640-4fff-865a-75a3d7307bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5055", "type": "seen", "source": "Telegram/oNJqzE-05Z_hzc8NPQW-z5MMZ2uUFxP7FYrJiMTOKneUM6w", "content": "", "creation_timestamp": "2026-04-11T03:21:45.000000Z"}, {"uuid": "b7967b47-afd3-441a-a334-89ed8dcd525b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50559", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mooa7iyulz2r", "content": "Quarkus patched a semicolon auth bypass in May. CVE-2026-50559 reopens it with URL-encoded characters, so an unauthenticated request can reach protected routes and files. Patch now; the May fix does not cover it.\n\n#CVE #infosec #cybersecurity", "creation_timestamp": "2026-06-19T20:57:38.885937Z"}, {"uuid": "b42cfc88-2790-43cb-b9f3-c999d2b9ecc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50559", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mooeqikk4j2g", "content": "CVE-2026-50559 - Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities\nCVE ID : CVE-2026-50559\n \n Published : June 19, 2026, 8:26 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : Quarkus is a Java framework for building cloud-native applications. Pr...", "creation_timestamp": "2026-06-19T22:18:43.283587Z"}, {"uuid": "078155ce-f5fc-4080-9fd6-a619d2dfc3ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50556", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3movzuf2ets2s", "content": "CVE-2026-50556 - Angular: Missing ` ` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR\nCVE ID : CVE-2026-50556\n \n Published : June 22, 2026, 3:38 p.m. | 7\u00a0hours, 32\u00a0minutes ago\n \n Description : Angular is a development platform for building mo...", "creation_timestamp": "2026-06-22T23:25:20.548376Z"}, {"uuid": "c29ee1d7-4b06-4146-9423-95dc0fea51f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50555", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mow2l7isc52j", "content": "CVE-2026-50555 - Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @angular/platform-server\nCVE ID : CVE-2026-50555\n \n Published : June 22, 2026, 3:37 p.m. | 7\u00a0hours, 33\u00a0minutes ago\n \n Description : Angular is a development platfo...", "creation_timestamp": "2026-06-22T23:38:06.614928Z"}, {"uuid": "f51db912-9269-4400-8148-a912033c601f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50551", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp3dwi46mr2x", "content": "CVE-2026-50551 - SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content\nCVE ID : CVE-2026-50551\n \n Published : June 24, 2026, 9:20 p.m. | 3\u00a0hours, 50\u00a0minutes ago\n \n Description : SiYuan is an open-source personal knowledge management system. Prior to 3.7.0...", "creation_timestamp": "2026-06-25T02:08:47.149353Z"}, {"uuid": "c60d168f-6d81-495a-a381-78232823977a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50551", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp3gsuacvy2b", "content": "CRITICAL XSS in SiYuan (<3.7.0) allows RCE through Electron client. Upgrade to v3.7.0+ to prevent exploitation. Details: https://radar.offseq.com/threat/cve-2026-50551-cwe-79-improper-neutralization-of-i-e91ef5b4d83fcdb8 #OffSeq #XSS #SiYuan", "creation_timestamp": "2026-06-25T03:00:27.623337Z"}, {"uuid": "c1c2db4a-442c-4c60-9435-edf7860c4eb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50551", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116808510648585515", "content": "CVE-2026-50551: SiYuan (<3.7.0) suffers CRITICAL stored XSS in Attribute View, enabling RCE via Electron client. Upgrade to v3.7.0+ to mitigate. No workaround available. Details: https://radar.offseq.com/threat/cve-2026-50551-cwe-79-improper-neutralization-of-i-e91ef5b4d83fcdb8 #OffSeq #XSS #SiYuan #Cybersecurity", "creation_timestamp": "2026-06-25T03:00:28.769501Z"}]}