CVE-2026-40470 - Hackage package and doc upload stored XSS vulnerability
CVE ID :CVE-2026-40470 Published : April 23, 2026, 2:53 p.m. | 56 minutes ago Description :A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] "Hackers can now launch massive 2Tbps attacks": Report reveals staggering 10x growth in botnet size with record-breaking DDoS incidents peaking for 40 minutes as multi-vector attacks grow in complexity and become harder to dismantle
- [CYBER] Finance body says Africa faces an 86 million tonne fuel shortfall by 2040
- [CYBER] Apple just fixed an iOS flaw exploited by the FBI - here's what happened
- [CYBER] CTFs in the AI Era
- [CYBER] Secure System Design -- 14 Challenges
- [CYBER] New Checkmarx supply-chain breach affects KICS analysis tool