CVE-2026-28211

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

GHSA-MJF5-7G4M-GX5W Storybook Dev Server is Vulnerable to WebSocket Hijacking

Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...

EUVD-2026-8750

Storybook Dev Server is Vulnerable to WebSocket Hijacking...

Storybook Dev Server is Vulnerable to WebSocket Hijacking

Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...

PT-2026-22208

Name of the Vulnerable Software and Affected Versions NVDA Dev & Test Toolbox versions 2.0 through 8.0 Description A security issue exists in the Log Reader feature of the NVDA Dev & Test Toolbox add-on. Maliciously crafted log files can lead to arbitrary code execution when a user reads them usi...

GO-2026-4545 esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh

esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh...

CVE-2026-27148

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148 Storybook Dev Server Vulnerable to WebSocket Hijacking

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2026-27148

Storybook Dev Server WebSocket vulnerability (CVE-2026-27148) affects WebSocket message handlers used to create/save stories in the dev server prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10. Root cause: injection via unsanitized componentFilePath in WebSocket messages, enabling persistent ...

SUSE-SU-2026:20498-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim bsc1256280. - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. ...

MAL-2026-982 Malicious code in trunket-dev-driver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ed872a63bcf6182fad3d7b6cfbe87019ff531f1ecff3a511b10371479c79810 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in trunket-dev-driver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ed872a63bcf6182fad3d7b6cfbe87019ff531f1ecff3a511b10371479c79810 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-2944 Tosei Online Store Management System ネット店舗管理システム HTTP POST Request monitor.php system os command injection

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...

Tosei Online Store Management System 操作系统命令注入漏洞

Tosei Online Store Management System is an online store management system developed by Tosei Corporation. Version 1.01 of the Tosei Online Store Management System contains a vulnerability related to operating system command injection. This vulnerability arises from incorrect handling of the...

CVE-2026-2886 Tenda A21 SetOnlineDevName set_device_name stack-based overflow

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function setdevicename of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to t...

a-api-server (=1.3.0), a2 (>=0.1.0 <=0.3.17) +3857 more potentially affected by CVE-2026-27205 via flask (>=0.10.1 <=3.1.2)

flask PYPI version =0.10.1, =0.1.0, =0.10.0, =1.0.2, =1.0.0, =1.0.5, =1.8.8, =1.0.2, =0.3.1, =0.8.44.4, =1.3.1.post1 and more Source cves: CVE-2026-27205 Source advisory: OSV:GHSA-68RP-WP8R-4726...

Malicious Package

Overview buildrunner-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...