8
CVE-2026-28405 - MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content route reads the contents of a student-submitted file and renders them without sanitization. This issue has been pβ¦
10
CVE-2026-28353 - Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Relβ¦
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive infβ¦
6.1
CVE-2026-28350 - lxml_html_clean: <base> tag injection through default Cleaner configuration
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an β¦
6.1
CVE-2026-28348 - lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression() fiβ¦
6.4
CVE-2026-28343 - CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craftβ¦
7.5
CVE-2026-28790 - OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but β¦
7.5
CVE-2026-28789 - OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTinβs OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, cauβ¦
7.5
CVE-2026-28342 - OliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By issuing multiple parallel requests, an attacker β¦
7
CVE-2026-21621 - Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate toβ¦
Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' module) allows Privilege Escalation. An API key created with read-only permissions (domain: "api", resource: "read") can be escalated to full write access under specific conditions. When exchanging aβ¦
6.8
CVE-2026-28277 - LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker canβ¦