Skip to main content

Shynet

2 CVEs product

Monthly

CVE-2026-35508 MEDIUM PATCH This Month

Cross-site scripting (XSS) in Shynet before version 0.14.0 allows unauthenticated remote attackers to inject arbitrary scripts through the urldisplay and iconify template filters, potentially compromising user sessions and data integrity with medium attack complexity and cross-site scope. The vulnerability affects the analytics platform's template rendering layer and has been patched in version 0.14.0 with no confirmed active exploitation reported.

XSS Shynet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-35507 MEDIUM PATCH This Month

Host header injection in Shynet before 0.14.0 allows unauthenticated remote attackers to manipulate password reset functionality through crafted HTTP Host headers, enabling account hijacking and unauthorized access via email-based password reset flows. The vulnerability requires user interaction (clicking a reset link) and carries a CVSS score of 6.4 with confirmed patch availability in version 0.14.0.

Code Injection Shynet
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) in Shynet before version 0.14.0 allows unauthenticated remote attackers to inject arbitrary scripts through the urldisplay and iconify template filters, potentially compromising user sessions and data integrity with medium attack complexity and cross-site scope. The vulnerability affects the analytics platform's template rendering layer and has been patched in version 0.14.0 with no confirmed active exploitation reported.

XSS Shynet
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Host header injection in Shynet before 0.14.0 allows unauthenticated remote attackers to manipulate password reset functionality through crafted HTTP Host headers, enabling account hijacking and unauthorized access via email-based password reset flows. The vulnerability requires user interaction (clicking a reset link) and carries a CVSS score of 6.4 with confirmed patch availability in version 0.14.0.

Code Injection Shynet
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy