136 matches found
CVE-2026-58489
HedgeDoc prior to v1.11.0 is vulnerable to a CSRF-like flaw in the GitHub Gist export callback. The OAuth2 state value was only checked for presence, not validated against the user session, allowing an attacker to craft a callback URL with their own valid GitHub OAuth code. When a logged-in victi...
PT-2026-57920
Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description The GitHub Gist export flow fails to properly validate the OAuth2 state value, checking only for its presence instead of verifying it against the user session. This allows an attacker to forge a...
GHSA-Q7JX-V53G-848W
creationtimestamp| type| source ---|---|--- 2026-07-10 02:42:38+00:00| seen| https://gist.github.com/alon710/c858490dcced6d8c05b3d0f0cec528f1...
GHSA-9M9W-GXF7-RH8M
creationtimestamp| type| source ---|---|--- 2026-07-10 01:41:47+00:00| seen| https://gist.github.com/alon710/34fe998f34bdbbf866bd428a21589671...
GHSA-7JVP-HJ45-2F2M
creationtimestamp| type| source ---|---|--- 2026-07-06 17:41:59+00:00| seen| https://gist.github.com/alon710/3392c028816ef9767631ce548afd9d91...
CVE-2026-51924
creationtimestamp| type| source ---|---|--- 2026-07-01 08:42:09+00:00| seen| https://gist.github.com/ZeroBreach-GmbH/530286989ec11137978035020d84bdc4 2026-07-11 00:30:03+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdfunrwsr2i...
GHSA-PX7Q-GGQJ-HCF2
creationtimestamp| type| source ---|---|--- 2026-06-26 16:42:20+00:00| seen| https://gist.github.com/alon710/8649cee74b41dfbab6352036ad771ea3 2026-06-26 16:52:45+00:00| seen| https://gist.github.com/alon710/ab6fb045bc60bbc32d947423444fcf91...
GHSA-47QP-HQVX-6R3F
creationtimestamp| type| source ---|---|--- 2026-06-18 13:41:25+00:00| seen| https://gist.github.com/alon710/adfa7aacc3b80320d7d38d47591141d2 2026-06-18 14:01:20+00:00| seen| https://gist.github.com/alon710/1009ff77420ca2d3dfc49ca0eb601808...
GHSA-69QJ-PVH9-C5WG
creationtimestamp| type| source ---|---|--- 2026-06-16 22:41:17+00:00| seen| https://gist.github.com/alon710/2d3358848147c1728694a3629d631316 2026-06-16 23:01:53+00:00| seen| https://gist.github.com/alon710/67012fd2d01a0b46570236682933fc3c...
GHSA-22M2-HVR2-XQC8
creationtimestamp| type| source ---|---|--- 2026-06-09 02:27:39+00:00| seen| https://gist.github.com/lyuyun/60b1d6a8ad599cf3430761a4b380b17e 2026-07-06 14:20:05+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpybw7ndmy2r...
Malicious code in ethers-abstract-signer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...
MAL-2026-3760 Malicious code in ethers-abstract-signer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...
Malicious code in npmjs_web3-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...
MAL-2026-3768 Malicious code in npmjs_web3-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...
GHSA-7RX4-C5VX-G8W3
creationtimestamp| type| source ---|---|--- 2026-05-14 18:40:28+00:00| seen| https://gist.github.com/alon710/260608e1e5e80ae5e3b0acd83fc48ee1...
CVE-2024-25624
creationtimestamp| type| source ---|---|--- 2026-05-10 02:48:32+00:00| seen| https://gist.github.com/khoindq/bded28fd1242788522ce29d279b9d883 2026-05-10 03:58:34+00:00| seen| https://gist.github.com/khoindq/f145db4952e1aa3644b83c964afbf97a...
GHSA-FG3J-5W9G-HMG7
creationtimestamp| type| source ---|---|--- 2026-05-06 07:40:29+00:00| seen| https://gist.github.com/alon710/cdeb633d740e110eed8363124062a03a...
CVE-2026-41358
creationtimestamp| type| source ---|---|--- 2026-05-04 17:10:29+00:00| seen| https://gist.github.com/alon710/d4f3d9fbcfea6645ceefb383fa46637f...
Malicious code in mgc (npm)
Package fetches platform-specific stage-2 payloads from a GitHub Gist. The stage-2 payloads are full Remote Access Trojans RATs for Linux Python and Windows PowerShell that beacon to a C2 server, exfiltrate system information, enumerate directories, execute arbitrary commands, and support binary...
MAL-2026-2449 Malicious code in mgc (npm)
Package fetches platform-specific stage-2 payloads from a GitHub Gist. The stage-2 payloads are full Remote Access Trojans RATs for Linux Python and Windows PowerShell that beacon to a C2 server, exfiltrate system information, enumerate directories, execute arbitrary commands, and support binary...