Skip to content

Instantly share code, notes, and snippets.

View alon710's full-sized avatar
💪

Alon Barad alon710

💪
17 followers · 29 following
View GitHub Profile
@alon710
alon710 / CVE-2026-26273.md
Created February 13, 2026 23:10
CVE-2026-26273: The Over-Helpful Doorman: Full Account Takeover in 'Known' CMS - CVE Security Report

CVE-2026-26273: The Over-Helpful Doorman: Full Account Takeover in 'Known' CMS

CVSS Score: 9.8 Published: 2026-02-13 Full Report: https://cvereports.com/reports/CVE-2026-26273

Summary

CVE-2026-26273 is a catastrophic logic flaw in the 'Known' social publishing platform that turns the password reset mechanism into an open buffet for attackers. By simply knowing a victim's email address, an unauthenticated attacker can trigger a password reset and then retrieve the secret recovery token directly from the application's HTML source code. This bypasses the email delivery requirement entirely, allowing for instant, silent, and full account takeover (ATO). Rated as Critical (CVSS 9.8), this vulnerability highlights the dangers of implicit trust in client-side requests and 'convenience' features that leak state.

TL;DR

@alon710
alon710 / GHSA-P5VF-5754-X7P3.md
Created February 13, 2026 22:40
GHSA-P5VF-5754-X7P3: The 'S' Stands for Stealing: Dissecting the Polymarket Typosquat - CVE Security Report

GHSA-P5VF-5754-X7P3: The 'S' Stands for Stealing: Dissecting the Polymarket Typosquat

CVSS Score: 10.0 Published: 2026-02-13 Full Report: https://cvereports.com/reports/GHSA-P5VF-5754-X7P3

Summary

In the fast-moving world of crypto-prediction markets, developers often prioritize speed over security. GHSA-P5VF-5754-X7P3 (also known as RUSTSEC-2026-0011) exploits this urgency through a classic typosquatting attack. By publishing a crate named polymarket-client-sdks—adding a single, pluralizing 's' to the legitimate SDK name—an attacker managed to distribute a malicious payload designed to harvest credentials from developer machines. This wasn't a subtle buffer overflow; it was a brazen smash-and-grab operation targeting AWS keys, SSH credentials, and wallet data, executing automatically the moment the package was compiled.

TL;DR

@alon710
alon710 / GHSA-W5CR-2QHR-JQC5.md
Created February 13, 2026 21:40
GHSA-W5CR-2QHR-JQC5: Agent Provocateur: Breaking the Fourth Wall in Cloudflare's AI Playground - CVE Security Report

GHSA-W5CR-2QHR-JQC5: Agent Provocateur: Breaking the Fourth Wall in Cloudflare's AI Playground

CVSS Score: 6.2 Published: 2026-02-13 Full Report: https://cvereports.com/reports/GHSA-W5CR-2QHR-JQC5

Summary

In the rush to connect Large Language Models (LLMs) to the real world via the Model Context Protocol (MCP), developers often overlook the plumbing. CVE-2026-1721 is a classic Reflected Cross-Site Scripting (XSS) vulnerability found in the Cloudflare Agents SDK's OAuth callback handler. By abusing how error messages are serialized into HTML, attackers could hijack a developer's session, stealing sensitive AI chat logs and potentially commanding connected agents to perform unauthorized actions.

TL;DR

@alon710
alon710 / GHSA-G433-PQ76-6CMF.md
Created February 13, 2026 20:40
GHSA-G433-PQ76-6CMF: The Verification Theater: Breaking hpke-rs - CVE Security Report

GHSA-G433-PQ76-6CMF: The Verification Theater: Breaking hpke-rs

CVSS Score: 9.8 Published: 2026-02-13 Full Report: https://cvereports.com/reports/GHSA-G433-PQ76-6CMF

Summary

A collection of critical cryptographic failures in the hpke-rs library, ranging from RFC non-compliance (missing all-zero checks) to catastrophic nonce reuse via integer overflow. Despite being marketed as a high-assurance, formally verified library, it failed to implement basic safety checks required by RFC 9180.

TL;DR

@alon710
alon710 / CVE-2026-26187.md
Created February 13, 2026 19:10
CVE-2026-26187: CVE-2026-26187: escaping the Lake with a Path Traversal Two-Step - CVE Security Report

CVE-2026-26187: CVE-2026-26187: escaping the Lake with a Path Traversal Two-Step

CVSS Score: 8.1 Published: 2026-02-13 Full Report: https://cvereports.com/reports/CVE-2026-26187

Summary

A critical path traversal vulnerability in the lakeFS Local Block Adapter allows authenticated users to break out of their storage namespace boundaries. By exploiting a weak prefix validation check and a namespace logic error, attackers can read and write files in sibling repositories or unrelated directories on the host filesystem.

TL;DR

@alon710
alon710 / GHSA-27JP-WM6Q-GP25.md
Created February 13, 2026 17:10
GHSA-27JP-WM6Q-GP25: Death by Parentheses: The sqlparse Recursive DoS - CVE Security Report

GHSA-27JP-WM6Q-GP25: Death by Parentheses: The sqlparse Recursive DoS

CVSS Score: 6.5 Published: 2026-02-13 Full Report: https://cvereports.com/reports/GHSA-27JP-WM6Q-GP25

Summary

A high-impact Denial of Service vulnerability in the ubiquitous sqlparse Python library allows attackers to exhaust server CPU and memory via deeply nested SQL statements. By exploiting unchecked recursion in the grouping engine, a crafted payload containing massive lists of tuples can crash applications using this library for logging, formatting, or analysis.

TL;DR

@alon710
alon710 / CVE-2025-56647.md
Created February 13, 2026 14:40
CVE-2025-56647: Harvesting Your Code: The Farm Dev Server CSWSH Exploit - CVE Security Report

CVE-2025-56647: Harvesting Your Code: The Farm Dev Server CSWSH Exploit

CVSS Score: 6.5 Published: 2026-02-12 Full Report: https://cvereports.com/reports/CVE-2025-56647

Summary

A critical flaw in the @farmfe/core build tool allows remote attackers to siphon source code directly from a developer's machine via Cross-Site WebSocket Hijacking (CSWSH). By failing to validate the Origin header during Hot Module Replacement (HMR) negotiation, Farm permits any website visited by a developer to connect to their local dev server and listen for code updates.

TL;DR

@alon710
alon710 / CVE-2025-47911.md
Created February 13, 2026 14:10
CVE-2025-47911: Death by a Thousand Tags: The Quadratic HTML DoS in Go - CVE Security Report

CVE-2025-47911: Death by a Thousand Tags: The Quadratic HTML DoS in Go

CVSS Score: 5.3 Published: 2026-02-12 Full Report: https://cvereports.com/reports/CVE-2025-47911

Summary

In the world of safe memory languages, we often forget that algorithmic complexity is a vulnerability class of its own. CVE-2025-47911 serves as a stark reminder: you don't need a buffer overflow to kill a server; you just need a really annoying HTML table. This vulnerability affects the golang.org/x/net/html package—the de facto standard for HTML parsing in the Go ecosystem—allowing attackers to trigger quadratic time complexity ($O(n^2)$) during the parsing of specially crafted inputs.

TL;DR

@alon710
alon710 / CVE-2026-26055.md
Created February 13, 2026 13:40
CVE-2026-26055: Flying Blind: Yoke ATC's Open Door Policy (CVE-2026-26055) - CVE Security Report

CVE-2026-26055: Flying Blind: Yoke ATC's Open Door Policy (CVE-2026-26055)

CVSS Score: 7.5 Published: 2026-02-12 Full Report: https://cvereports.com/reports/CVE-2026-26055

Summary

A critical authentication bypass in Yoke's Air Traffic Controller (ATC) component allows unauthenticated network actors to trigger WebAssembly admission logic directly. By failing to validate the identity of the caller (typically the Kubernetes API Server), the ATC exposes its validation and mutation endpoints to the entire cluster network. This allows attackers to bypass admission controls, exhaust resources via WASM execution, or potentially corrupt controller state.

TL;DR

@alon710
alon710 / CVE-2026-26056.md
Created February 13, 2026 12:40
CVE-2026-26056: Yoke ATC: Flying Blind into WASM RCE - CVE Security Report

CVE-2026-26056: Yoke ATC: Flying Blind into WASM RCE

CVSS Score: 8.8 Published: 2026-02-12 Full Report: https://cvereports.com/reports/CVE-2026-26056

Summary

A critical remote code execution vulnerability in Yoke's Air Traffic Controller (ATC) component allows attackers to execute arbitrary WebAssembly (WASM) modules via simple Kubernetes annotations. By failing to validate the origin of 'flight' overrides, Yoke inadvertently turns the cluster's management layer into a malware distribution platform.

TL;DR