{"vulnerability": "cve-2026-5063", "sightings": [{"uuid": "bd366f25-a7cc-432d-922e-b655e081b8b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5063", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116512750014975316", "content": "Some increased actor activities are shown targeting webaways NEX-Forms Plugin (CVE-2026-5063) https://vuldb.com/vuln/360874/cti", "creation_timestamp": "2026-05-03T21:24:35.979203Z"}, {"uuid": "7b456c1d-16a8-4c56-8f84-120c224e8834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5063", "type": "seen", "source": "https://bsky.app/profile/atomicedge.bsky.social/post/3ml5xzr7ehn2g", "content": "CVE-2026-5063 nex-forms-express-wp-form-builder (CVSS Score 7.2) #WordPress plugin #vulnerability #cybersecurity #wordpressfirewall #wordpresssecurity #hacking #wpsecurity #atomicedge", "creation_timestamp": "2026-05-06T05:33:05.118738Z"}, {"uuid": "65699637-c67e-4915-840e-27ec59f81006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5063", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mlxp2mqv2s2b", "content": "\u3010\u8106\u5f31\u6027\u60c5\u5831\u3011 CVE-2026-5063 NEX-Forms \u2013 Ultimate Forms Plugin for WordPress\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\n\n\u3053\u306e\u8106\u5f31\u6027\u306f\u3001WordPress\u7528\u306eNEX-Forms \u2013 Ultimate Forms Plugin\u306b\u5b58\u5728\u3057\u3001POST\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u30ad\u30fc\u540d\u3092\u901a\u3058\u3066Stored Cross-Site Scripting\u304c\u53ef\u80fd\u3067\u3059\u3002", "creation_timestamp": "2026-05-16T11:02:06.005319Z"}, {"uuid": "36422a25-231e-4efa-901c-5053b080e98b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50638", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnxgqgtcdm22", "content": "CVE-2026-50638: Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections", "creation_timestamp": "2026-06-10T19:23:14.915520Z"}, {"uuid": "a81d359a-745b-47ef-a444-73986970af3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50639", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnxgzfkxhr2s", "content": "CVE-2026-50639: Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections", "creation_timestamp": "2026-06-10T19:28:15.651376Z"}, {"uuid": "f121d7b9-aef6-478f-9f12-02b7ab78c277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50637", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnxhce4ahv24", "content": "CVE-2026-50637: Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections", "creation_timestamp": "2026-06-10T19:33:16.142127Z"}, {"uuid": "07a8a3f2-79af-4d51-9c1d-97b228aae3a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50630", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrdeb7n62w", "content": "CVE-2026-50630: Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection", "creation_timestamp": "2026-06-11T17:38:07.213914Z"}, {"uuid": "6d5700c5-f5bb-4934-b5d8-ea65ce178202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50631", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrq2n2dz2f", "content": "CVE-2026-50631: Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing", "creation_timestamp": "2026-06-11T17:45:12.947695Z"}, {"uuid": "ab55ca0a-8626-46d3-8ba7-61a8fb4e662e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50632", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzrxqdwri25", "content": "CVE-2026-50632: Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory", "creation_timestamp": "2026-06-11T17:49:30.577152Z"}, {"uuid": "d0de61d3-9905-48d8-9760-a29996297a01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50633", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzw4xdw6y2h", "content": "CVE-2026-50633: Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl", "creation_timestamp": "2026-06-11T19:04:00.477741Z"}, {"uuid": "f54a222e-9706-442f-88f0-200042a6fdc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50634", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzzc7npcn2t", "content": "CVE-2026-50634: Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry", "creation_timestamp": "2026-06-11T20:00:38.317754Z"}, {"uuid": "1dbf0bad-022d-41a3-8b68-ee7696e99e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50632", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moapueqzdn2p", "content": "\ud83d\udfe0 CVE-2026-50632 - High (8.1)\n\nA further incomplete fix for\u00a0a previous advisory CVE-2026-44417\u00a0(Untrusted JMS configuration ca...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50632/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T12:00:29.021430Z"}, {"uuid": "4dbbb989-7e72-45d3-8c72-212ef67f367c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50633", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3moapulsnzq2a", "content": "\ud83d\udfe0 CVE-2026-50633 - High (8.1)\n\nA JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50633/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T12:00:36.722054Z"}]}