CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

Canarytokens 跨站脚本漏洞

Canarytokens is a web activity tracking system open source by Thinkst Applied Research. Previous versions of Canarytokens had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the title field in PWA Canarytoken, which could lead to cross-site scripting...

PT-2025-53683

I was credited for discovering and responsibly disclosing CVE-2025-67797 TC-2025-01 affecting Thinkst Canary. The issue is a relative path traversal vulnerability in the Canary HTTP Web Server specific webskins only https://t.co/Q7p1Er1eJI @thinkst CVE CyberSecurity 🇹🇿 https://t.co/TXxlliE7A2...

Canarytokens 安全漏洞

Canarytokens is an open source web activity tracking system from Thinkst Applied Research. A security vulnerability exists in Canarytokens that stems from a server-side request forgery vulnerability that was discovered in the Webhook alert feature...

Thinkst Canarytokens Security Vulnerability

Thinkst Canarytokens is a web activity tracking system. A security vulnerability exists in previous versions of Thinkst Canarytokens sha-c595a1f8 that stems from vulnerability to CSV injection attacks...

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

In large metropolitan areas, tourists are often easy to spot because theyre far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like dat...

Thinkst Canarytokens 跨站脚本漏洞

Thinkst Canarytokens is a web activity tracking system. Thinkst Canarytokens suffers from a cross-site scripting vulnerability that stems from the history page of the canarytoken it triggers allowing an attacker to implement cross-site scripting...

Thinkst Canarytokens 跨站脚本漏洞

Thinkst Canarytokens is a web activity tracking system. Thinkst Canarytokens suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute Javascript code...

Canarytokens 2019-03-01 - Detection Bypass Exploit

Exploit Title: Canarytokens 2019-03-01 - Detection Bypass Exploit Author: Benjamin Zink Loft, Gionathan "John" Reale Vendor Homepage: https://thinkst.com/ Version: up to 2019-03-01 Software Link: https://github.com/thinkst/canarytokens Google Dork: N/A CVE: 2019-9768...

Canarytokens 2019-03-01 Detection Bypass

Exploit Title: Canarytokens 2019-03-01 - Detection Bypass Date: 20.03.2019 Exploit Author: Benjamin Zink Loft, Gionathan "John" Reale Vendor Homepage: https://thinkst.com/ Version: up to 2019-03-01 Software Link: https://github.com/thinkst/canarytokens Google Dork: N/A CVE: 2019-9768...

Canarytokens 2019-03-01 - Detection Bypass

Canarytokens 2019-03-01 - Detection Bypass Exploit Title: Canarytokens 2019-03-01 - Detection Bypass Date: 20.03.2019 Exploit Author: Benjamin Zink Loft, Gionathan "John" Reale Vendor Homepage: https://thinkst.com/ Version: up to 2019-03-01 Software Link: https://github.com/thinkst/canarytokens...

Canarytokens 2019-03-01 - Detection Bypass

Exploit Title: Canarytokens 2019-03-01 - Detection Bypass Date: 20.03.2019 Exploit Author: Benjamin Zink Loft, Gionathan "John" Reale Vendor Homepage: https://thinkst.com/ Version: up to 2019-03-01 Software Link: https://github.com/thinkst/canarytokens Google Dork: N/A CVE: 2019-9768...

Improper access control

Thinkst Canarytokens through commit hash 4e89ee0 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token...

CVE-2019-9768

Thinkst Canarytokens through commit hash 4e89ee0 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token...

CVE-2019-9768

CVE-2019-9768 affects Thinkst Canarytokens embedded in Word documents. The root cause is limited variation in file size, metadata, and timestamps, enabling an attacker to estimate whether a document contains a token. Public PoC/code (Exploit/Detection-Bypass) demonstrates a bypass approach: unzip...

CVE-2019-9768

Thinkst Canarytokens through commit hash 4e89ee0 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token...