Cybersecurity
    Cybersecurity
    Titel (i dansk)
    Titel (i dansk)Sammendrag (i dansk)CVE-2026-4983 er en sikkerhedsvilk├Ñrlighedsfejl, der kan lede til stored cross-site scripting (XSS) hvis en bruger navigerer direkte til et ikon URL for en udvidelse. Dennefejl har f├©lgende effekter:1. **Local Storage**: Scripteksekution sker indenfor Open VSX-applikationens origin, hvilket giver mulighed for sessionhijacking, autentifikationsautotjekning og ubegrundet udgivelse af udvidelser.2. **Ekstern Lagring**: I tilf├ªlde af brug af eksterne lagring...
    Por Mario Serrano 2026-06-30 18:15:54 0 2KB
    Cybersecurity
    Titel (i dansk)
    Titel (i dansk)Sammendrag (i dansk)Hvad er vulnerability/exploitet omkring?Open VSX Registry ikke sanitiserer SVG-filer der bliver uploade som ekstensionsikoner f├©r lagring, og servere dem med Content-Type: image/svg+xml uden sikkerhedsheder som Content-Security-Policy eller Content-Disposition: attachment. Det g├©r det muligt for et attacker at publicere en ekstension med en misbrugelig SVG-ikon og n├Ñle til lagret cross-site scripting (XSS) n├Ñr en bruger navigerer direkte til...
    Por Mario Serrano 2026-06-30 18:10:14 0 2KB
    Cybersecurity
    CVE-2026-4983 - Detalle CVSS, EPSS y CISA Kev | CVE Find (Bengali)
    ÓªÂÓºüÓªºÓºüÓª«Óª¥ÓªñÓºìÓª░ Óª¬ÓºìÓª░ÓªñÓª┐ÓªÀÓºìÓªáÓª¥Óª¿ÓºçÓª░ Óª©Óª¥ÓªÑÓºç Óª»ÓºïÓªùÓª¥Óª»Óª╝ ÓªàÓª¿ÓºìÓª» Óª©ÓºçÓªòÓªÂÓª¿ÓºçÓª░ Óª¼Óª┐ÓªÂÓºçÓªÀ ÓªòÓª¥Óª£ ÓªòÓª░ÓªñÓºç Óª╣Óª¼ÓºçÓÑñ ÓªÅÓª«Óª¿Óª¡Óª¥Óª¼Óºç, Óª¬ÓºìÓª░ÓªñÓª┐ÓªÀÓºìÓªáÓª¥Óª¿ÓºçÓª░ Óª©Óª¥ÓªÑÓºç Óª»ÓºïÓªùÓª¥Óª»Óª╝ ÓªàÓª¿ÓºìÓª» Óª©ÓºçÓªòÓªÂÓª¿ÓºçÓª░ Óª¼Óª┐ÓªÂÓºçÓªÀ ÓªòÓª¥Óª£ ÓªòÓª░ÓªñÓºç Óª╣Óª¼ÓºçÓÑñReferencesOriginal reference: https://www.cvefind.com/es/cve/CVE-2026-4983.htmlRelated reference:...
    Por Mario Serrano 2026-06-30 17:22:14 0 1KB
    Cybersecurity
    Traefik HTTP/2 Denial-of-Service Vulnerability
    Traefik HTTP/2 Denial-of-Service VulnerabilityTraefik HTTP/2 Denial-of-Service VulnerabilitySummaryThis article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.What the vulnerability/exploit is aboutTraefik before version 2.10.5 and 3.0.0-beta4 contains a...
    Por Mario Serrano 2026-06-30 11:56:34 0 3KB
    Cybersecurity
    Open VSX Registry Vulnerability Allows Stored XSS and Session Hijacking
    Open VSX Registry Vulnerability Allows Stored XSS and Session HijackingSummaryOpen VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment, allowing an attacker to publish an extension with a malicious SVG icon and achieve stored cross-site scripting (XSS) when a user navigates directly to the icon URL. On deployments using...
    Por Mario Serrano 2026-06-30 10:26:33 0 873
    Cybersecurity
    Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE Find
    Vulnerabilitas CVE-2026-12866Vulnerabilitas CVE-2026-12866: Deteksi CVSS, EPSS, dan Kev | CVE FindRingkasanCVE-2026-12866 adalah vulnerability yang melibatkan paket expr-eval versi 0. Dampaknya dapat menyebabkan eksekusi JavaScript secara arbitrer oleh pengguna yang tidak berhak.Apa itu Vulnerabilitas/Exploit?Vulnerabilitas ini terjadi karena fungsi toJSFunction() dari paket expr-eval versi 0 tidak memeriksa atau tidak benar-benar memeriksa elemen spesial yang dapat mengubah sintaks atau...
    Por Mario Serrano 2026-06-30 10:12:20 0 441
    Cybersecurity
    Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e KEV | CVE Find (Portuguese (Brazil))
    T├¡tulo: Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e KEV | CVE FindSum├írioO CVE-2026-12866 ├® uma vulnerabilidade de seguran├ºa no pacote `expr-eval` que permite a execu├º├úo de c├│digo arbitr├írio atrav├®s da API `toJSFunction()`. Um atacante pode executar JavaScript arbitr├írio fornecendo express├Áes maliciosas compiladas em c├│digo nativo usando `new Function()`. Devido ├á transforma├º├úo direta das express├Áes controladas pelo usu├írio para c├│digo JavaScript execut├ível,...
    Por Mario Serrano 2026-06-30 06:47:06 0 3KB
    Cybersecurity
    Titlu (Romaian)
    TitluVulnerabilitate CVE-2026-12866: Detalii CVSS, EPSS ╚Öi CISA KevSumarPachetul expr-eval vulnerabil de Code Execution via API-ul toJSFunction(). Un atacator poate executa JavaScript arbitrar prin furnizarea expresiilor craftate care sunt compilate ├«n cod nativ folosind new Function(). Deo expresiile controlate de utilizatori sunt transformate direct ├«n JavaScript executabil, atacatorii pot evita sandbox-ul intentat ╚Öi rula cod arbitrar ├«n contextul aplica╚øiei.Explicare Tehnic─â pentru...
    Por Mario Serrano 2026-06-30 06:41:19 0 231
    Cybersecurity
    Titolo (in Italian) (Italiano)
    Titolo (in Italian)Sintesi (in Italian)Il CVE-2026-12866 è un vulnerabilità di sicurezza che riguarda il pacchetto expr-eval, una libreria JavaScript utilizzata per eseguire espressioni matematiche. La vulnerabilità permette all'attaccante di eseguire codice JavaScript arbitrario tramite l'uso della funzione toJSFunction().Cosa è il problema del vulnerabilità/exploitsIl CVE-2026-12866 riguarda un bug nella libreria expr-eval che permette all'attaccante di eseguire codice...
    Por Mario Serrano 2026-06-30 06:24:17 0 2KB
    Cybersecurity
    Titolo (Italiano)
    Titolo**Vulnerabilità CVE-2026-12866: Dettagli CVSS, EPSS e CISA Kev**SintesiLa vulnerabilità CVE-2026-12866 riguarda un problema di sicurezza in un pacchetto JavaScript chiamato `expr-eval`. Il pacchetto ha una vulnerabilità che permette all'attacco di eseguire codice arbitrario tramite l'API `toJSFunction()`. Questo potrebbe essere usato per eseguire qualsiasi codice JavaScript, evitando così il sandbox dell'espressione.Descrizione tecnica per i difensoriIl pacchetto...
    Por Mario Serrano 2026-06-30 06:16:01 0 159
    Cybersecurity
    Titel (in Dutch)
    Titel (in Dutch)Samenvatting (in Dutch)Deze vulnereer is expr-eval, een JavaScript bibliotheek die gebruikt wordt om expressies te evalueren. Deze bibliotheek heeft een codeinjectievulnereer waarbij een aanvaller via de toJSFunction() API arbitraire JavaScript kan uitvoeren. Dit gebeurt omdat gebruikersgeïntroduceerde expressies direct worden omgezet naar uitvoerbare JavaScript, waardoor aanvallen kunnen uitgevoerd worden die de beperkte sandbox van de expressie kunnen opwinden.Wat de...
    Por Mario Serrano 2026-06-30 06:11:50 0 2KB
    Cybersecurity
    AN SEO TITLE
    T├¡tulo: Vulnerabilidade CVE-2026-12866 - Detalhes CVSS, EPSS e CISA Kev | CVE FindResumo:A vulnerabilidade CVE-2026-12866 est├í relacionada ├á biblioteca expr-eval, que ├® um pacote JavaScript usado para avaliar express├Áes matem├íticas. O problema ocorre ao utilizar a fun├º├úo `toJSFunction` em conjunto com a fun├º├úo `expr-eval`, o que pode levar a uma inje├º├úo de c├│digo maliciosa. Isso pode permitir que um atacante execute c├│digo arbitr├írio no contexto do aplicativo, o que pode levar...
    Por Mario Serrano 2026-06-30 05:34:09 0 4KB
Blogs
Leia mais
Outro
Titel (in German)
Titel (in German)Zusammenfassung (in German)Dieses Dokument beschreibt die Sicherheitsl├╝cke...
Por Mario Serrano 2026-06-30 05:51:02 0 133
Cybersecurity
Titolo (Italiano)
Titolo**Vulnerabilità CVE-2026-12866: Dettagli CVSS, EPSS e CISA Kev**SintesiLa vulnerabilità...
Por Mario Serrano 2026-06-30 06:16:01 0 159
Cybersecurity
Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e KEV | CVE Find (Portuguese (Brazil))
Título: Vulnerabilidade CVE-2026-12866 - Detalhes do CVSS, EPSS e KEV | CVE FindSumárioO...
Por Mario Serrano 2026-06-30 06:47:06 0 3KB
Cybersecurity
Open VSX Registry Vulnerability Allows Stored XSS and Session Hijacking
Open VSX Registry Vulnerability Allows Stored XSS and Session HijackingSummaryOpen VSX Registry...
Por Mario Serrano 2026-06-30 10:26:33 0 873
Outro
CVE-2026-12866: expr-eval Library Code Execution Vulnerability Patched
CVE-2026-12866: expr-eval Library Code Execution Vulnerability PatchedSummaryCVE-2026-12866 is a...
Por Mario Serrano 2026-06-30 04:49:41 0 4KB