Ciberseguridad
Titel (i dansk)
Titel (i dansk)Sammendrag (i dansk)CVE-2026-4983 er en sikkerhedsvilk├Ñrlighedsfejl, der kan lede til stored cross-site scripting (XSS) hvis en bruger navigerer direkte til et ikon URL for en udvidelse. Dennefejl har f├©lgende effekter:1. **Local Storage**: Scripteksekution sker indenfor Open VSX-applikationens origin, hvilket giver mulighed for sessionhijacking, autentifikationsautotjekning og ubegrundet udgivelse af udvidelser.2. **Ekstern Lagring**: I tilf├ªlde af brug af eksterne lagring...
Titel (i dansk)
Titel (i dansk)Sammendrag (i dansk)Hvad er vulnerability/exploitet omkring?Open VSX Registry ikke sanitiserer SVG-filer der bliver uploade som ekstensionsikoner f├©r lagring, og servere dem med Content-Type: image/svg+xml uden sikkerhedsheder som Content-Security-Policy eller Content-Disposition: attachment. Det g├©r det muligt for et attacker at publicere en ekstension med en misbrugelig SVG-ikon og n├Ñle til lagret cross-site scripting (XSS) n├Ñr en bruger navigerer direkte til...
CVE-2026-4983 - Detalle CVSS, EPSS y CISA Kev | CVE Find (Bengali)
ÓªÂÓºüÓªºÓºüÓª«Óª¥ÓªñÓºìÓª░ Óª¬ÓºìÓª░ÓªñÓª┐ÓªÀÓºìÓªáÓª¥Óª¿ÓºçÓª░ Óª©Óª¥ÓªÑÓºç Óª»ÓºïÓªùÓª¥Óª»Óª╝ ÓªàÓª¿ÓºìÓª» Óª©ÓºçÓªòÓªÂÓª¿ÓºçÓª░ Óª¼Óª┐ÓªÂÓºçÓªÀ ÓªòÓª¥Óª£ ÓªòÓª░ÓªñÓºç Óª╣Óª¼ÓºçÓÑñ ÓªÅÓª«Óª¿Óª¡Óª¥Óª¼Óºç, Óª¬ÓºìÓª░ÓªñÓª┐ÓªÀÓºìÓªáÓª¥Óª¿ÓºçÓª░ Óª©Óª¥ÓªÑÓºç Óª»ÓºïÓªùÓª¥Óª»Óª╝ ÓªàÓª¿ÓºìÓª» Óª©ÓºçÓªòÓªÂÓª¿ÓºçÓª░ Óª¼Óª┐ÓªÂÓºçÓªÀ ÓªòÓª¥Óª£ ÓªòÓª░ÓªñÓºç Óª╣Óª¼ÓºçÓÑñReferencesOriginal reference: https://www.cvefind.com/es/cve/CVE-2026-4983.htmlRelated reference:...
Traefik HTTP/2 Denial-of-Service Vulnerability
Traefik HTTP/2 Denial-of-Service VulnerabilityTraefik HTTP/2 Denial-of-Service VulnerabilitySummaryThis article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.What the vulnerability/exploit is aboutTraefik before version 2.10.5 and 3.0.0-beta4 contains a...
Open VSX Registry Vulnerability Allows Stored XSS and Session Hijacking
Open VSX Registry Vulnerability Allows Stored XSS and Session HijackingSummaryOpen VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment, allowing an attacker to publish an extension with a malicious SVG icon and achieve stored cross-site scripting (XSS) when a user navigates directly to the icon URL. On deployments using...
Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE Find
Vulnerabilitas CVE-2026-12866Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE FindRingkasanCVE-2026-12866 adalah vulnerability yang melibatkan paket expr-eval versi 0. Dampaknya dapat menyebabkan eksekusi JavaScript secara arbitrer oleh pengguna yang tidak berhak.Apa itu Vulnerabilitas/Exploit?Vulnerabilitas ini terjadi karena fungsi toJSFunction() dari paket expr-eval versi 0 tidak memeriksa atau tidak benar-benar memeriksa elemen spesial yang dapat mengubah sintaks atau...
Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e KEV | CVE Find (Portuguese (Brazil))
T├¡tulo: Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e KEV | CVE FindSum├írioO CVE-2026-12866 ├® uma vulnerabilidade de seguran├ºa no pacote `expr-eval` que permite a execu├º├úo de c├│digo arbitr├írio atrav├®s da API `toJSFunction()`. Um atacante pode executar JavaScript arbitr├írio fornecendo express├Áes maliciosas compiladas em c├│digo nativo usando `new Function()`. Devido ├á transforma├º├úo direta das express├Áes controladas pelo usu├írio para c├│digo JavaScript execut├ível,...
Titlu (Romaian)
TitluVulnerabilitate CVE-2026-12866: Detalii CVSS, EPSS ╚Öi CISA KevSumarPachetul expr-eval vulnerabil de Code Execution via API-ul toJSFunction(). Un atacator poate executa JavaScript arbitrar prin furnizarea expresiilor craftate care sunt compilate ├«n cod nativ folosind new Function(). Deo expresiile controlate de utilizatori sunt transformate direct ├«n JavaScript executabil, atacatorii pot evita sandbox-ul intentat ╚Öi rula cod arbitrar ├«n contextul aplica╚øiei.Explicare Tehnic─â pentru...
Titolo (in Italian) (Italiano)
Titolo (in Italian)Sintesi (in Italian)Il CVE-2026-12866 è un vulnerabilità di sicurezza che riguarda il pacchetto expr-eval, una libreria JavaScript utilizzata per eseguire espressioni matematiche. La vulnerabilità permette all'attaccante di eseguire codice JavaScript arbitrario tramite l'uso della funzione toJSFunction().Cosa è il problema del vulnerabilità/exploitsIl CVE-2026-12866 riguarda un bug nella libreria expr-eval che permette all'attaccante di eseguire codice...
Titolo (Italiano)
Titolo**Vulnerabilità CVE-2026-12866: Dettagli CVSS, EPSS e CISA Kev**SintesiLa vulnerabilità CVE-2026-12866 riguarda un problema di sicurezza in un pacchetto JavaScript chiamato `expr-eval`. Il pacchetto ha una vulnerabilità che permette all'attacco di eseguire codice arbitrario tramite l'API `toJSFunction()`. Questo potrebbe essere usato per eseguire qualsiasi codice JavaScript, evitando così il sandbox dell'espressione.Descrizione tecnica per i difensoriIl pacchetto...
Titel (in Dutch)
Titel (in Dutch)Samenvatting (in Dutch)Deze vulnereer is expr-eval, een JavaScript bibliotheek die gebruikt wordt om expressies te evalueren. Deze bibliotheek heeft een codeinjectievulnereer waarbij een aanvaller via de toJSFunction() API arbitraire JavaScript kan uitvoeren. Dit gebeurt omdat gebruikersgeïntroduceerde expressies direct worden omgezet naar uitvoerbare JavaScript, waardoor aanvallen kunnen uitgevoerd worden die de beperkte sandbox van de expressie kunnen opwinden.Wat de...
AN SEO TITLE
T├¡tulo: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE FindResumo:A vulnerabilidade CVE-2026-12866 est├í relacionada ├á biblioteca expr-eval, que ├® um pacote JavaScript usado para avaliar express├Áes matem├íticas. O problema ocorre ao utilizar a fun├º├úo `toJSFunction` em conjunto com a fun├º├úo `expr-eval`, o que pode levar a uma inje├º├úo de c├│digo maliciosa. Isso pode permitir que um atacante execute c├│digo arbitr├írio no contexto do aplicativo, o que pode levar...
Más blogs
Leer más
Traefik HTTP/2 Denial-of-Service Vulnerability
Traefik HTTP/2 Denial-of-Service VulnerabilityTraefik HTTP/2 Denial-of-Service...
CVE-2026-4983 - Detalle CVSS, EPSS y CISA Kev | CVE Find (Bengali)
ÓªÂÓºüÓªºÓºüÓª«Óª¥ÓªñÓºìÓª░ Óª¬ÓºìÓª░ÓªñÓª┐ÓªÀÓºìÓªáÓª¥Óª¿ÓºçÓª░ Óª©Óª¥ÓªÑÓºç Óª»ÓºïÓªùÓª¥Óª»Óª╝...
Titel (in Dutch) (Dutch)
Titel (in Dutch)Samenvatting (in Dutch)Het artikel beschrijft een belangrijk cijfer in de...
Titel (i dansk)
Titel (i dansk)Sammendrag (i dansk)Hvad er vulnerability/exploitet omkring?Open VSX Registry ikke...
Titlu (Romaian)
TitluVulnerabilitate CVE-2026-12866: Detalii CVSS, EPSS și CISA KevSumarPachetul expr-eval...
© 2026 RedSocial.cl
Korean
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek
Chinese (Simplified)
Chinese (Traditional)
Japanese
Korean
Hindi
Vietnamese
Polish
Swedish
Ukrainian
Hebrew
Thai
Indonesian
Bengali
Urdu
Persian
Tamil
Danish
Finnish
Norwegian
Czech
Hungarian
Bulgarian
Slovak
Slovenian
Lithuanian
Latvian
Estonian
Croatian
Serbian
Malay