github · asrar-mared · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026
diff --git a/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json b/advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gx7g-wjxg-jwwj",
-  "modified": "2022-04-18T22:17:42Z",
+  "modified": "2026-02-18T23:33:34Z",
   "published": "2022-04-04T00:00:55Z",
   "aliases": [
     "CVE-2022-0088"
@@ -52,6 +52,10 @@
       "type": "WEB",
       "url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/yourls/yourls"

diff --git a/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json b/advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mg5h-rhjq-6v84",
-  "modified": "2022-11-01T20:35:47Z",
+  "modified": "2026-02-18T23:33:51Z",
   "published": "2022-10-31T12:00:18Z",
   "aliases": [
     "CVE-2022-3766"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/thorsten/phpmyfaq"

diff --git a/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json b/advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cp9c-phxx-55xm",
-  "modified": "2022-12-12T22:08:01Z",
+  "modified": "2026-02-18T23:34:01Z",
   "published": "2022-12-11T15:30:45Z",
   "aliases": [
     "CVE-2022-4407"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/thorsten/phpmyfaq"

diff --git a/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json b/advisories/github-reviewed/2024/06/GHSA-5pxr-7m4j-jjc6/GHSA-5pxr-7m4j-jjc6.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5pxr-7m4j-jjc6",
-  "modified": "2025-03-19T14:49:46Z",
+  "modified": "2026-02-18T23:46:36Z",
   "published": "2024-06-07T19:37:10Z",
   "aliases": [
     "CVE-2024-37160"
   ],
   "summary": "Cross-site scripting (XSS) vulnerability in Description metadata",
-  "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).\n\n### PoC\n1. Log in with an Administrator user account.\n2. Navigate to /panel/options/site/.\n3. Inject the JS script by adding to the description field.\n4. Simulate a victim who is not a site member visiting the website. You will notice that the JS script executes on every page they vis\n\n![image](https://github.com/getformwork/formwork/assets/170840940/1c40be24-3367-4c80-bb44-9db64ef88970)\n![image](https://github.com/getformwork/formwork/assets/170840940/68dd5bff-9db1-441b-a3b3-a0c014565f59)\n![image](https://github.com/getformwork/formwork/assets/170840940/3cd84c39-9b44-49d0-8b6a-6c8aeda7e49f)\n![image](https://github.com/getformwork/formwork/assets/170840940/f45afd87-80e9-4cf1-8121-bb4e121849c9)",
+  "details": "### Summary\nRegardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS will trigger on any page a victim visits, such as the about, blog, contact, or any other pages, except for the panel.\n\n### Impact\nThis vulnerability allows attackers to inject malicious JS or HTML through a crafted payload into the vulnerable spot, achieving persistence and attacking numerous visitors or anyone accessing the website. The attack can be widespread and affect many users because the malicious JS will execute on every page, unlike an injection on a specific page (e.g., injecting on the About page would only affect that page). In this case, a single injection point leads to the execution of the malicious JS on all pages.\n\n### Patches\n- [**Formwork 1.13.1**](https://github.com/getformwork/formwork/releases/tag/1.13.1) has been released with a patch that solves this vulnerability by escaping all metadata attributes.\n- [**Formwork 2.x** (f531201)](https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5) also escapes metadata attributes.\n\n### Details\nAn attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard).",
   "severity": [
     {
       "type": "CVSS_V3",

diff --git a/advisories/github-reviewed/2025/03/GHSA-c85w-x26q-ch87/GHSA-c85w-x26q-ch87.json b/advisories/github-reviewed/2025/03/GHSA-c85w-x26q-ch87/GHSA-c85w-x26q-ch87.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c85w-x26q-ch87",
-  "modified": "2025-03-16T17:19:23Z",
+  "modified": "2026-02-18T23:47:37Z",
   "published": "2025-03-01T00:11:52Z",
   "aliases": [],
   "summary": "Formwork improperly validates input of User role preventing site and panel availability",
-  "details": "### Summary\n\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\n\nThe attack involves injecting any invalid user role value (e.g. \">\") into the Role=User parameter in the /panel/users/{name}/profile page, which is the user profile update page.\nDoing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\n\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.\n\n### PoC\n\n![2025-02-27_10-25](https://github.com/user-attachments/assets/4b5a2d71-3397-4a5b-8464-35752376115a)\n\n1. Intercept the request and inject an input that will trigger an error.\n\n![2025-02-27_10-25_1](https://github.com/user-attachments/assets/a888c109-a724-4478-ae80-d9e8b05ef1aa)\n\n![image](https://github.com/user-attachments/assets/e81bb9fc-8c92-413c-8cc0-0bcffd2e2922)\n\n2.After that, it will be observed that the system is shut down or completely broken. Even changing the browser or resetting the server will not be able to restore it.",
+  "details": "### Summary\nImproper validation of select fields allows attackers to craft an input that crashes the system, resulting in a 500 status and making the entire site and administration panel unavailable.\nThis clearly impacts the Availability aspect of the CIA triad (confidentiality, integrity, and availability), although the attack still has certain limitations.\n\n### Details\nThe attack involves injecting any invalid user role value. Doing this will change the users data in a way that prevents users and then the entire site from loading. Even though the actual data change is minimal, the error is unrecoverable until a valid role parameter is restored by direct modification of the user account file.\nProper validation of select fields will prevent extraneous valid from being accepted and making the entire site and administration panel unavailable.\n\n### Patches\n- [**Formwork 2.x** (d9f0c1f)](https://github.com/getformwork/formwork/commit/d9f0c1feb3b9855d5bdc8bb189c0aaab2792e7ca) adds proper validation to select fields.\n\n### Impact\nThe condition for this attack is having high privileges or Admin access, which means it could be exploited by an Insider Threat. Alternatively, if an attacker gains access to a privileged user account, they can execute the attack as well.\nOverall, the attack is relatively difficult to carry out, but if successful, the impact and damage would be significant.",
   "severity": [
     {
       "type": "CVSS_V3",

diff --git a/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json b/advisories/github-reviewed/2025/03/GHSA-vf6x-59hh-332f/GHSA-vf6x-59hh-332f.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vf6x-59hh-332f",
-  "modified": "2025-03-17T20:27:03Z",
+  "modified": "2026-02-18T23:47:22Z",
   "published": "2025-03-01T00:11:46Z",
   "aliases": [],
   "summary": " Formwork has a cross-site scripting (XSS) vulnerability in Site title",
-  "details": "### Summary\n\nThe site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.\n\n### Impact\n\nThe attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.\n\n### Patches\n- [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation.\n\n### Details\n\nBy embedding \"<!--\", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute.\n\n### PoC\n\n![image](https://github.com/user-attachments/assets/8fc68f6f-8bc4-4b97-8b93-dee5b88a3fcf)\n\n1. The page where the vulnerability was found, and the attack surface is the Title field.\n![image](https://github.com/user-attachments/assets/dbf94354-7115-4d3b-81ba-6b6aff561b81)\n\n2. I tested accessing the Dashboard page using a regular user account with Firefox, a different browser, and found that it was also affected.\n![image](https://github.com/user-attachments/assets/0e72129a-7f2d-4f0e-b85e-0b1cedfd377e)\n\n3. Additionally, the remaining code was commented out to disrupt the UX/UI, making it difficult to revert the settings.",
+  "details": "### Summary\n\nThe site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.\n\n### Impact\n\nThe attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.\n\n### Patches\n- [**Formwork 2.x** (aa3e9c6)](https://github.com/getformwork/formwork/commit/aa3e9c684035d9e8495169fde7c57d97faa3f9a2) escapes site title from panel header navigation.\n\n### Details\n\nBy embedding \"<!--\", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute.",
   "severity": [
     {
       "type": "CVSS_V3",

diff --git a/advisories/github-reviewed/2025/04/GHSA-pmc3-p9hx-jq96/GHSA-pmc3-p9hx-jq96.json b/advisories/github-reviewed/2025/04/GHSA-pmc3-p9hx-jq96/GHSA-pmc3-p9hx-jq96.json
@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmc3-p9hx-jq96",
-  "modified": "2025-04-23T14:43:44Z",
+  "modified": "2026-02-18T23:34:53Z",
   "published": "2025-04-23T14:43:44Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-26994"
+  ],
   "summary": "uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries",
   "details": "### Description\nBefore version 1.7.0, utls did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a utls ClientHello spec. This allowed an active network adversary to downgrade TLS 1.3 connections initiated by a utls client to a lower TLS version (e.g., TLS 1.2) by modifying the ClientHello message to exclude the SupportedVersions extension, causing the server to respond with a TLS 1.2 ServerHello (along with a downgrade canary in the ServerHello random field). Because utls did not check the downgrade canary in the ServerHello random field, clients would accept the downgraded connection without detecting the attack. This attack could also be used by an active network attacker to fingerprint utls connections.\n\n### Fix Commit or Pull Request\n\nrefraction-networking/utls#337, specifically refraction-networking/utls@f8892761e2a4d29054264651d3a86fda83bc83f9\n\n### References\n\n- https://github.com/refraction-networking/utls/issues/181",
   "severity": [

diff --git a/advisories/github-reviewed/2025/10/GHSA-fwxx-wv44-7qfg/GHSA-fwxx-wv44-7qfg.json b/advisories/github-reviewed/2025/10/GHSA-fwxx-wv44-7qfg/GHSA-fwxx-wv44-7qfg.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fwxx-wv44-7qfg",
-  "modified": "2025-10-16T21:29:31Z",
+  "modified": "2026-02-19T22:00:41Z",
   "published": "2025-10-16T15:30:43Z",
   "aliases": [
     "CVE-2025-41253"
@@ -18,17 +18,74 @@
     {
       "package": {
         "ecosystem": "Maven",
-        "name": "org.springframework.cloud:spring-cloud-gateway-server-webflux"
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "3.1.0"
+              "introduced": "4.3.0"
             },
             {
-              "last_affected": "4.3.0"
+              "fixed": "4.3.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "4.2.0"
+            },
+            {
+              "fixed": "4.2.6"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "4.0.0"
+            },
+            {
+              "last_affected": "4.1.9"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.springframework.cloud:spring-cloud-gateway-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.1.10"
             }
           ]
         }

diff --git a/advisories/github-reviewed/2025/11/GHSA-7j46-f57w-76pj/GHSA-7j46-f57w-76pj.json b/advisories/github-reviewed/2025/11/GHSA-7j46-f57w-76pj/GHSA-7j46-f57w-76pj.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7j46-f57w-76pj",
-  "modified": "2025-11-27T09:01:07Z",
+  "modified": "2026-02-18T23:48:02Z",
   "published": "2025-11-24T22:13:32Z",
   "aliases": [
     "CVE-2025-65956"
   ],
   "summary": "Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags",
-  "details": "### Summary\nInserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting (XSS).\nAny user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is persistent and impacts privileged administrative workflows, the severity is elevated.\n\n### Details\nFormwork CMS fails to properly sanitize data inserted into tags, before saving them and rendering them into the edit blog interface.  When a specially crafted tag becomes saved as a tag into the system, it is unable to be removed.  Any attempt to remove the tag from the affected post, causes the XSS to trigger once again.\n\nAdditionally, once the malicious tag is present, managing standard tags becomes impossible. This is due to script execution on attempted modification. This leads to a form of interface lockout where the payload continually reinserts itself due to the stored, unsafe rendering.\n\n### PoC\n1. Log into the CMS as any user.\n2. Select \"pages\"\n<img width=\"179\" height=\"354\" alt=\"image\" src=\"https://github.com/user-attachments/assets/1d96449c-cc48-45bd-9d66-e6b3068edbfe\" />\n\n3. Select any page utilizing the \"Blog Post\" template.  In this scenario I use the default \"Coffee, Mornings and Ideas\" page.\n<img width=\"841\" height=\"96\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6c22bbbf-654d-449d-ab21-0443a12510de\" />\n\n4. Insert the malicious payload:\n<img width=\"872\" height=\"202\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a8c1af89-5c71-425d-8beb-c1e21a336440\" />\n\n5. Select Save.\n<img width=\"960\" height=\"430\" alt=\"image\" src=\"https://github.com/user-attachments/assets/956182a6-d91e-4ae1-9b8c-cee60f452b3f\" />\n\n\n### Impact\nThis is a stored cross‑site scripting (XSS) vulnerability.\n\nThis impacts all users who access the affected blog post’s edit page.",
+  "details": "### Summary\nInserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting (XSS).\nAny user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is persistent and impacts privileged administrative workflows, the severity is elevated.\n\n### Details\nFormwork CMS fails to properly sanitize data inserted into tags, before saving them and rendering them into the edit blog interface.  When a specially crafted tag becomes saved as a tag into the system, it is unable to be removed.  Any attempt to remove the tag from the affected post, causes the XSS to trigger once again.\n\nAdditionally, once the malicious tag is present, managing standard tags becomes impossible. This is due to script execution on attempted modification. This leads to a form of interface lockout where the payload continually reinserts itself due to the stored, unsafe rendering.\n\n### Impact\nThis is a stored cross‑site scripting (XSS) vulnerability.\n\nThis impacts all users who access the affected blog post’s edit page.\n\n### Patches\n[Formwork 2.2.0](https://github.com/getformwork/formwork/releases/tag/2.2.0) ensures proper escaping of user input in tag fields.",
   "severity": [
     {
       "type": "CVSS_V3",