CVE-2026-53737 — Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes i — CVE Database · The Intelligence Room