Tag

Web_application

3 briefs RSS

Taiko AG1000-01A SMS Alert Gateway Stored XSS (CVE-2026-9144)

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 is vulnerable to stored cross-site scripting (CVE-2026-9144) in the web configuration interface, allowing authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields for persistent code execution.

AG1000-01A SMS Alert Gateway xss stored_xss CVE-2026-9144 web_application

2r 1t 1c May 20, 2026

critical advisory

DevGuard Unauthenticated Identity Assertion via X-Admin-Token

1 rule 2 TTPs

DevGuard versions before 1.2.2 are vulnerable to unauthenticated identity assertion via a client-supplied `X-Admin-Token` HTTP request header, potentially granting attackers full control over organizations if they can guess an admin/owner's Kratos identity UUID.

devguard +1 authentication authorization privilege_escalation web_application

1r 2t May 6, 2026

medium advisory

Ech0 OAuth Redirect URI Validation Bypass Vulnerability

2 rules 1 TTP

Ech0's OAuth redirect URI validation ignores the path component, allowing attackers to craft malicious redirect URIs for exchange-code theft and potential account takeover.

github.com/lin-snow/Ech0 oauth redirect_bypass account_takeover web_application

2r 1t Jan 23, 2024