Browse all 7 CVE security advisories affecting thinkst. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Thinkst specializes in creating deceptive security tokens like Canaries and Tokens to detect unauthorized access and lateral movement. Their research has historically focused on exposing vulnerabilities across multiple classes, including remote code execution, cross-site scripting, and privilege escalation, with 7 CVEs documented. The company is known for its practical security tools and public research, though no major security incidents have been reported. Thinkst's approach emphasizes simplicity and effectiveness, helping organizations detect breaches through deceptive assets rather than traditional defenses. Their work highlights common attack vectors while providing actionable security insights through real-world testing and transparent vulnerability reporting.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28355 | "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting — canarytokensCWE-79 | 6.1 | - | 2026-02-27 |
| CVE-2024-48911 | OpenCanary Executes Commands From Potentially Writable Config File — opencanaryCWE-863 | 8.8AI | HighAI | 2024-10-14 |
| CVE-2024-41664 | Blind SSRF via Canarytoken Webhook — canarytokensCWE-918 | 5.4 | Medium | 2024-07-23 |
| CVE-2024-41663 | Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting — canarytokensCWE-79 | 3.5 | Low | 2024-07-23 |
| CVE-2024-28111 | CSV Injection in exported history CSV files — canarytokensCWE-1236 | 6.5 | Medium | 2024-03-06 |
| CVE-2023-22475 | Cross-Site Scripting in Canarytoken history — canarytokensCWE-79 | 6.3 | Medium | 2023-01-06 |
| CVE-2022-31113 | Cross-Site Scripting in Canarytoken history — canarytokensCWE-79 | 6.3 | Medium | 2022-07-01 |
This page lists every published CVE security advisory associated with thinkst. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.