{"vulnerability": "cve-2026-6146", "sightings": [{"uuid": "40f297fd-d79c-468c-8dbe-59604fa6a0cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6146", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlm23hs5hc2s", "content": "CVE-2026-6146: Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys", "creation_timestamp": "2026-05-11T19:47:06.472956Z"}, {"uuid": "54b803ed-af29-4387-ad84-b1ceafadb65c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6146", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mlm23hs5hc2s", "content": "CVE-2026-6146: Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys", "creation_timestamp": "2026-05-11T19:47:06.467673Z"}, {"uuid": "fa83565e-593e-4ada-b90f-62ee7b214c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6146", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlma2wdosm2i", "content": "CVE-2026-6146 - Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys\nCVE ID : CVE-2026-6146\n \n Published : May 11, 2026, 8:25 p.m. | 5\u00a0minutes ago\n \n Description : Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate en...", "creation_timestamp": "2026-05-11T21:34:10.402289Z"}, {"uuid": "64cf56c1-cb7d-4897-8de4-421ef00f8734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61460", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqcwtdtmiu2w", "content": "\ud83d\udfe0 CVE-2026-61460 - High (8.8)\n\nKrayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadContro...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-61460/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-10T20:00:53.334393Z"}, {"uuid": "aaab971b-cc4e-464e-b033-ec9335f14d70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61460", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqczegkuia2x", "content": "CVE-2026-61460 - Krayin CRM Insecure Direct Object Reference via Controllers\nCVE ID : CVE-2026-61460\n \n Published : July 10, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController,...", "creation_timestamp": "2026-07-10T20:46:13.716954Z"}, {"uuid": "bb5118ae-f94d-4144-b07b-474a1f1ed500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61461", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqd27bttqh24", "content": "CVE-2026-61461 - Dify\nCVE ID : CVE-2026-61461\n \n Published : July 10, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying...", "creation_timestamp": "2026-07-10T21:01:14.544417Z"}, {"uuid": "1caba320-cbf8-43e1-bc2f-108fc4cad47d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61460", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdhl2ili52e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61460 \u0432 Krayin CRM: \u0443\u0433\u0440\u043e\u0437\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/B13E7B85-D817-4059-B360-AE31BF0F9D71", "creation_timestamp": "2026-07-11T01:00:28.088767Z"}, {"uuid": "50bf81a0-eda5-4c21-9c2a-af65a58a5b7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61460", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mqdhl2hsrm2d", "content": "\u6df1\u5ea6\u89e3\u6790Krayin CRM 2.2.3\u7248\u672c\u4e2d\u7684\u4e0d\u5b89\u5168\u76f4\u63a5\u5bf9\u8c61\u5f15\u7528\u6f0f\u6d1e(CVE-2026-61460)\n\n\n\nhttps://qian.cx/posts/241929F8-0D31-4C8F-BFE1-89723471D056", "creation_timestamp": "2026-07-11T01:00:28.530248Z"}, {"uuid": "18e976c1-ec52-4168-9bad-a0a81806f555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61461", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdi752b5h2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61461 \u0432 Dify: \u0443\u0433\u0440\u043e\u0437\u0430 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/8EF1F756-0C83-453F-9A3E-69A1515D149A", "creation_timestamp": "2026-07-11T01:11:41.856495Z"}, {"uuid": "7593c404-fe17-4551-abdb-803815a2157a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61461", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mqdi77tzr62o", "content": "\u6df1\u5ea6\u89e3\u6790Dify 1.16.0-rc1\u524d\u7248\u672c\u7684SQL\u6ce8\u5165\u6f0f\u6d1e(CVE-2026-61461)\u53ca\u5b89\u5168\u9632\u62a4\u6307\u5357\n\n\n\nhttps://qian.cx/posts/93E89CE6-BB7D-4BE2-B873-86DA5D1CD42B", "creation_timestamp": "2026-07-11T01:11:44.876503Z"}, {"uuid": "2a6314b0-22de-40a8-9b77-ce406cf7669c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61461", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mqdl35n2ke25", "content": "\u6df1\u5ea6\u89e3\u6790Dify 1.16.0-rc1\u524d\u7248\u672c\u7684SQL\u6ce8\u5165\u6f0f\u6d1e(CVE-2026-61461)\u53ca\u5b89\u5168\u9632\u62a4\u6307\u5357\n\n\n\nhttps://qian.cx/posts/DD5FF299-DAC3-4BB0-BAE3-D45B4FF916EC", "creation_timestamp": "2026-07-11T02:03:09.427645Z"}, {"uuid": "3bc01188-3b63-407d-8012-3d946917a571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61461", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdl35r54t27", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61461 \u0432 Dify: \u0443\u0433\u0440\u043e\u0437\u0430 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/F1F5D0B0-F7E2-4071-8081-B549123335A8", "creation_timestamp": "2026-07-11T02:03:10.353672Z"}, {"uuid": "e2d024da-10af-4890-9f7e-0b8dc2ef76c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61460", "type": "seen", "source": "https://bsky.app/profile/qiancx.bsky.social/post/3mqdlm5flzg2d", "content": "\u6df1\u5ea6\u89e3\u6790Krayin CRM 2.2.3\u7248\u672c\u4e2d\u7684\u76f4\u63a5\u5bf9\u8c61\u5f15\u7528\u6f0f\u6d1e(CVE-2026-61460)\u53ca\u5176\u5b89\u5168\u9632\u62a4\u7b56\u7565\n\n\n\nhttps://qian.cx/posts/B8D2F67B-0292-4D5C-8AE7-5464C1BFAB1C", "creation_timestamp": "2026-07-11T02:12:40.343957Z"}, {"uuid": "d48a8957-55ad-422d-a3f2-4b45da9a9a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61460", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdlm5gtqt2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61460 \u0432 Krayin CRM: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u0440\u044f\u043c\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/F389346F-98EB-4F7B-B113-9F1CDBA10457", "creation_timestamp": "2026-07-11T02:12:39.652233Z"}, {"uuid": "ccfbadb7-0820-46b4-9597-61eea83e53d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61465", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqev2g7vee2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61465 \u0432 ImageMagick: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/2D2A3D73-6827-4B9D-AB3B-D235819BB595", "creation_timestamp": "2026-07-11T14:34:22.452426Z"}, {"uuid": "2359ffcc-1010-40fd-83b1-047545b1aab2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61465", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqeyzhasa22x", "content": "CVE-2026-61465 - ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass\nCVE ID : CVE-2026-61465\n \n Published : July 11, 2026, 2:16 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation ...", "creation_timestamp": "2026-07-11T15:45:35.424391Z"}, {"uuid": "0a5ff1a1-6f68-43e5-9352-39d660a6969c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61461", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqezuzs5f32l", "content": "\ud83d\udfe0 CVE-2026-61461 - High (8.8)\n\nDify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-61461/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-11T16:00:52.725032Z"}, {"uuid": "021a9fbc-8870-443e-a5ac-6d061f97d7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61462", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqke5w7ni22d", "content": "CVE-2026-61462\nMCP-GitLab has a security flaw that allows attackers to redirect GitLab API requests to any endpoint. This means an attacker could potentially access sensitive information or take unauthorized actions within\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-13T18:48:04.759299Z"}, {"uuid": "ba6cc3e7-1458-4c4c-bb3d-abe9562ee64f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61463", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqkeoqqymn2k", "content": "CVE-2026-61463 - Shiori Authenticated Privilege Escalation via PATCH /api/v1/auth/account\nCVE ID : CVE-2026-61463\n \n Published : July 13, 2026, 6:16 p.m. | 17\u00a0minutes ago\n \n Description : Shiori contains a privilege escalation vulnerability in the account update endpoint that ...", "creation_timestamp": "2026-07-13T18:57:29.294932Z"}, {"uuid": "65aa78bf-aff8-4491-aa84-295c4e4e959e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61462", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqkexp5qxn2t", "content": "CVE-2026-61462 - mcp-gitlab Path Traversal via job_id Parameter\nCVE ID : CVE-2026-61462\n \n Published : July 13, 2026, 6:16 p.m. | 17\u00a0minutes ago\n \n Description : mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers ...", "creation_timestamp": "2026-07-13T19:02:29.529211Z"}, {"uuid": "5bcf3c8d-6b15-475e-84e7-28566abee8e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61463", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqlck67g3c2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61463 \u0432 Shiori: \u043a\u0430\u043a \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u043f\u0440\u043e\u0435\u043a\u0442 \u043e\u0442 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\n\nhttps://kripta.biz/posts/CCDCAAB4-53E1-442E-AF1B-F36390E41DC9", "creation_timestamp": "2026-07-14T03:51:47.625512Z"}, {"uuid": "fe4e2ba4-5412-4c63-89ba-0b505394ea03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-61462", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqld3dppxo2y", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-61462 \u0432 mcp-gitlab: \u0443\u0433\u0440\u043e\u0437\u0430 \u043f\u0443\u0442\u0438 \u043f\u0435\u0440\u0435\u0431\u043e\u0440\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/44B86A96-6435-4217-BD96-8E04B556FC59", "creation_timestamp": "2026-07-14T04:01:23.939605Z"}]}