{
  "feed_version": "1.0",
  "title": "ARETIQ Daily Vulnerability Bulletin",
  "description": "Curated daily digest of high-priority vulnerabilities.",
  "home_page_url": "https://aretiq.ai/bulletins/",
  "feed_url": "https://aretiq.ai/feed/bulletins.json",
  "date": "2026-05-25",
  "generated_at": "2026-05-26T04:20:24.907483+00:00",
  "count": 4,
  "items": [
    {
      "cve_id": "CVE-2026-42774",
      "vendor": "crocoblock",
      "product": "jetengine",
      "cvss": 9.3,
      "severity": "HIGH",
      "summary": "Crocoblock JetEngine versions 3.8.8.1 and earlier contain a SQL injection vulnerability (CVE-2026-42774, CVSS 9.3) that allows unauthenticated attackers to execute arbitrary SQL commands due to improper input sanitization. Organizations running WordPress sites with JetEngine for dynamic content generation should immediately update to a patched release to prevent unauthorized database access and potential data compromise. Security teams should scan deployed instances for affected versions and prioritize remediation given the high CVSS rating and ease of exploitation.",
      "references": [
        "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-8-1-sql-injection-vulnerability?_s_id=cve"
      ],
      "published": "2026-05-25T18:34:09.714000-04:00"
    },
    {
      "cve_id": "CVE-2026-42773",
      "vendor": "emagicone",
      "product": "emagicone_store_manager",
      "cvss": 9.3,
      "severity": "HIGH",
      "summary": "eMagicOne Store Manager versions 1.3.2 and earlier contain a blind SQL injection vulnerability (CVE-2026-42773, CVSS 9.3) that allows attackers to extract sensitive database information through improper input validation in the WordPress connector plugin. E-commerce sites using this plugin should immediately update to a patched version to prevent unauthorized access to customer data, order information, and store credentials. Security teams should scan for affected installations and prioritize remediation given the high severity rating and potential for silent data exfiltration through blind SQL injection techniques.",
      "references": [
        "https://patchstack.com/database/wordpress/plugin/store-manager-connector/vulnerability/wordpress-emagicone-store-manager-plugin-1-3-2-sql-injection-vulnerability?_s_id=cve"
      ],
      "published": "2026-05-25T18:35:22.966000-04:00"
    },
    {
      "cve_id": "CVE-2026-9058",
      "vendor": "krajowa_izba_rozliczeniowa",
      "product": "szafir_sdk",
      "cvss": 9.3,
      "severity": "HIGH",
      "summary": "Szafir SDK versions prior to 463 contain a critical flaw in digital signature verification that incorrectly reports successful validation even when the signer's certificate trust status cannot be established (CVE-2026-9058, CVSS 9.3). Organizations using applications built on this Polish cryptographic library, particularly those in financial and government sectors, should immediately contact their software vendors to obtain and deploy patched versions. Security teams should audit all systems relying on Szafir SDK for certificate validation and prioritize updates to prevent acceptance of unverified or fraudulent digital signatures.",
      "references": [
        "https://cert.pl/posts/2026/05/CVE-2026-9058",
        "https://www.elektronicznypodpis.pl/"
      ],
      "published": "2026-05-25T09:23:09.157000-04:00"
    },
    {
      "cve_id": "CVE-2026-9476",
      "vendor": "totolink",
      "product": "a8000ru",
      "cvss": 9.3,
      "severity": "HIGH",
      "summary": "Totolink A8000RU router firmware version 7.1cu.643_b20200521 is vulnerable to remote OS command injection (CVE-2026-9476, CVSS 9.3) through the web management interface, where unsanitized input to the password configuration function allows unauthenticated attackers to execute arbitrary system commands. Organizations and individuals using affected Totolink routers should immediately check for vendor firmware updates and apply patches to prevent unauthorized remote access and complete system compromise. Security teams should inventory A8000RU routers on their networks and prioritize patching given the high severity, ease of exploitation, and availability of public exploit code.",
      "references": [
        "https://vuldb.com/vuln/365457",
        "https://vuldb.com/vuln/365457/cti",
        "https://vuldb.com/submit/813459",
        "https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_348/README.md",
        "https://www.totolink.net/"
      ],
      "published": "2026-05-25T13:00:16.579000-04:00"
    }
  ]
}