signal-echo-radar

Signal Echo Radar Signal Echo Radar is a static cybersecurity...

@domoskanonos/nidoca-pwa (>=1.0.1 <=1.0.2) potentially affected by unknown CVE via jest-electron (=0.1.11)

jest-electron NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on jest-electron and may be impacted: - @domoskanonos/nidoca-pwa =1.0.1, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4138...

Linux Distros Unpatched Vulnerability : CVE-2026-5892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a...

CVE-2026-5892

CVE-2026-5892 affects Google Chrome prior to 147.0.7727.55. The issue is insufficient policy enforcement for PWAs, allowing a remote attacker who has compromised the renderer process to install a PWA via a crafted HTML page without user consent. The vulnerability is described with a Chromium/Chro...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

PT-2026-31510

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

Malicious code in shakti-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdac10e664bf4e0a73263401629caf12d2ed80e3cf76f36fa18a7c2d599e5229 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-2100 Malicious code in shakti-pwa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdac10e664bf4e0a73263401629caf12d2ed80e3cf76f36fa18a7c2d599e5229 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview shakti-pwa is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2026-30240

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

CVE-2026-28355

The CVE-2026-28355 entry covers a Self Cross-Site Scripting (XSS) vulnerability in the Canarytokens “PWA” Canarytoken. Affected component is the title field of the PWA token; versions prior to sha-7ff0e12 allow the creator to inject JavaScript that executes when the installation page is visited b...

CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

Canarytokens 跨站脚本漏洞

Canarytokens is a web activity tracking system open source by Thinkst Applied Research. Previous versions of Canarytokens had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the title field in PWA Canarytoken, which could lead to cross-site scripting...

EUVD-2018-17846

Malware in sbrugna...

EUVD-2021-34193

Malicious code in bioql PyPI...