{"vulnerability": "cve-2026-5435", "sightings": [{"uuid": "3ca642d6-20e7-4852-8ebf-35bbf74c10c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54358", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116744774971353040", "content": "Some increased actor activities are shown targeting MISP (CVE-2026-54358) https://vuldb.com/vuln/370709/cti", "creation_timestamp": "2026-06-13T20:51:39.617415Z"}, {"uuid": "483fba80-eac1-4586-b63d-d07276e8df52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mow4im4pyb2r", "content": "A single Budibase app builder can read every secret on your server.\n\nA rigged app-icon upload exposes the master keys, forges an admin token, and reaches every workspace.\n\nSelf-hosted? Update to 3.39.9 and rotate secrets. (CVE-2026-54352)", "creation_timestamp": "2026-06-23T00:12:27.775773Z"}, {"uuid": "05edb625-7fd3-4d5b-9009-6868441ac2c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54353", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-gfq7-5x4g-3xhf", "content": "", "creation_timestamp": "2026-06-04T08:57:12.000000Z"}, {"uuid": "83d8cde4-c156-4cdb-bcae-c60c0651005b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54351", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-rgvg-3wpc-h44p", "content": "", "creation_timestamp": "2026-06-04T08:55:20.000000Z"}]}