1063 matches found
CVE-2026-27807
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...
OliveTin 安全漏洞
OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 contained security vulnerabilities. These vulnerabilities were caused by authentication context confusion in the RestartAction, which could allow low-privilege verified users to perform...
MAL-2026-1094 Malicious code in dc-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4a9ee6e67e1a649fe34c92b180cb1de89af4ac592d918fd7806dcc7aeccb53 The package dc-web-app was found to contain malicious code. Source: ghsa-malware eb1d0c37e10d0f166990673f475cf3b1686c9f8b8ffd25199d48e3ddc45edb85 Any...
Malicious code in dc-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4a9ee6e67e1a649fe34c92b180cb1de89af4ac592d918fd7806dcc7aeccb53 The package dc-web-app was found to contain malicious code. Source: ghsa-malware eb1d0c37e10d0f166990673f475cf3b1686c9f8b8ffd25199d48e3ddc45edb85 Any...
Inside a fake Google security check that becomes a browser RAT
A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...
CVE-2026-1697
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...
PT-2026-22402
Name of the Vulnerable Software and Affected Versions Canarytokens versions prior to sha-7ff0e12 Description The Canarytokens PWA Canarytoken has a Self Cross-Site Scripting issue. A Canarytoken creator can execute Javascript code by inserting it into the title field of their PWA token. This allo...
CVE-2026-1697
CVE-2026-1697 affects PcVue components: GraphicalData web services and the WebClient web app, across versions 12.0.0 through 16.3.3. The underlying issue is the use of unsecure cookies due to missing Secure and SameSite attributes, enabling potential cookie exposure. Metrics show a Network-attack...
Manyfold 安全漏洞
Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.1 contained a security vulnerability, which was caused by the getmodel method in the ModelFilesController bypassing Pundit authorization...
Malicious code in @ai-studio-web/app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a29e5e23697b695bdd456d100ba49a1ef5c6f4450b46672dedcd164a073e8eb The package @ai-studio-web/app was found to contain malicious code. Source: ghsa-malware...
CVE-2026-27205 vulnerabilities
Vulnerabilities for packages: airflow, open-webui, mitmproxy, kubeflow-volumes-web-app, mlflow, emissary...
GHSA-29VQ-49WR-VM6X vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, airflow, open-webui, tensorflow-cpu-jupyter, kubeflow-volumes-web-app, mlflow, emissary, superset...
CVE-2026-27199 vulnerabilities
Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, localstack, superset, tensorflow-gpu-jupyter, tensorflow-cpu-jupyter, airflow, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, litellm, azure-functions-python-worker...
CVE-2026-27205 vulnerabilities
Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, airflow, kubeflow-volumes-web-app, mitmproxy...
GHSA-68RP-WP8R-4726 vulnerabilities
Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, airflow, kubeflow-volumes-web-app, mitmproxy...
GHSA-29VQ-49WR-VM6X vulnerabilities
Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, localstack, superset, tensorflow-gpu-jupyter, tensorflow-cpu-jupyter, airflow, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, litellm, azure-functions-python-worker...
CVE-2026-23616
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to...
CVE-2026-25057
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...
CVE-2026-25057
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...
CVE-2026-24900
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...