29577 matches found
GHSA-2M2V-V563-QQVJ
creationtimestamp| type| source ---|---|--- 2026-04-18 01:18:19+00:00| published-proof-of-concept| Telegram/lPGIWgtQcs4RDQrNkGM74AEu7FEWLIcUMs54pp3qHTSOJE...
PT-2026-34558
Name of the Vulnerable Software and Affected Versions PHPUnit versions prior to 12.5.22 PHPUnit versions prior to 13.1.6 Description PHPUnit forwards PHP INI settings to child processes as -d name=value command-line arguments without neutralizing INI metacharacters. Because the PHP INI parser...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...
GHSA-PHW3-QP59-X2V4
creationtimestamp| type| source ---|---|--- 2026-04-17 21:23:11+00:00| published-proof-of-concept| Telegram/GxkwnkIopWEGLbC11BdcbbYVRqOADIf4t7f5VnXFMKG7Kn8...
CVE-2026-40302
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302 zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302 zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302
CVE-2026-40302 affects zrok prior to v2.0.1. The proxyUi template engine used Go's text/template (no HTML escaping), leading to reflected XSS via an attacker-controlled refreshInterval error rendered in the GitHub OAuth callback. An attacker can send a crafted login URL; after OAuth completes, th...
GHSA-C9XC-4327-HW8J vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-44VF-4X73-JV4X vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-X5C8-43VF-FMPC vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-JVCH-X2XH-P75V vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-7VCH-9RMG-WJRJ vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-3M3G-56CX-59Q7 vulnerabilities
Vulnerabilities for packages: chromium...