Persistent XSS/RCE using WebSockets in Storybook’s dev server
CVE-2026-27148 exposes a WebSocket hijacking flaw in Storybook that can escalate into supply chain compromise. Learn the attack path, impact, and how to remediate. Category: Vulnerabilities & Threats
Read the full articleYou might also wanna read

Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)
Critical RCE vulnerabilities (CVE-2025-55182/CVE-2025-66478) were found in React Server Components and Next.js via unsafe deserialization. I
CVE-2026-58588: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal Canvas
CVE-2026-58588 is a Cross-Site Scripting (XSS) vulnerability in the Drupal Canvas product. It arises from improper neutralization of input d
CVE-2026-58587: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal Canvas
CVE-2026-58587 is a Cross-Site Scripting (XSS) vulnerability in the Drupal Canvas product. It arises from improper neutralization of input d
CVE-2026-55808: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal core
CVE-2026-55808 is a Cross-Site Scripting (XSS) vulnerability in Drupal core caused by improper neutralization of input during web page gener
Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js
Detect and mitigate React2Shell (CVE-2025-55182), critical RCE vulnerability in React and Next.js exploited in the wild. Organizations shoul
CVE-2026-55810: CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Drupal Plotly.js Graphing
CVE-2026-55810 is a vulnerability in Drupal Plotly.js Graphing that allows improper modification of dynamically-determined object attributes

Comments
Sign in to join the conversation.
No comments yet. Be the first.