29437 matches found
CVE-2026-40302
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302
CVE-2026-40302 affects zrok prior to v2.0.1. The proxyUi template engine used Go's text/template (no HTML escaping), leading to reflected XSS via an attacker-controlled refreshInterval error rendered in the GitHub OAuth callback. An attacker can send a crafted login URL; after OAuth completes, th...
CVE-2026-40302 zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302 zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
GHSA-C9XC-4327-HW8J vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-44VF-4X73-JV4X vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-3M3G-56CX-59Q7 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-X449-4QCH-5WJQ vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-6XWP-952X-4VGF vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-JVCH-X2XH-P75V vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-7VCH-9RMG-WJRJ vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-24V7-W2X9-2CXH vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-X5C8-43VF-FMPC vulnerabilities
Vulnerabilities for packages: chromium...
New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files
Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data...
Malicious code in solanakit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...
MAL-2026-2837 Malicious code in solanakit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...
Malicious code in azure-ai-agentserver-githubcopilot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5302d683e413611c8a5f1bcfb18c19e34353a50c1d4450546b284197bab5a6f7 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
MAL-2026-2831 Malicious code in azure-ai-agentserver-githubcopilot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5302d683e413611c8a5f1bcfb18c19e34353a50c1d4450546b284197bab5a6f7 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...
GHSA-37GX-XXP4-5RGX vulnerabilities
Vulnerabilities for packages: powershell, dotnet-bootstrap, dotnet-sdk, dotnet, dotnet-sdk-stage0, promitor...