1183 matches found
CVE-2026-4079
The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality...
CVE-2026-8262
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...
CVE-2026-41318
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...
CVE-2026-24597
Cross-Site Request Forgery CSRF vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5...
CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-8689
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...
CVE-2026-40595
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...
CVE-2026-41518
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
CVE-2026-41518
Chartbrew (versions 4.9.0–5.0.0) is affected by a stored DOM XSS in the ChartTooltip rendering path. An authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in ChartDatasetConfig.legend, which is persisted and injected into the tooltip via an unguarded innerHTML ...
CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
PT-2026-46317
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...
BIT-PROMETHEUS-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-8689
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...
CVE-2026-8689 Visualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification via renderChartPages() and uploadData() Functions
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...
CVE-2026-8689 Visualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification via renderChartPages() and uploadData() Functions
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...
CVE-2026-8689
The CVE concerns the Visualizer: Tables and Charts Manager for WordPress plugin (WordPress) with versions up to 3.11.14. Root cause: missing capability checks on renderChartPages() and uploadData(), enabling certain AJAX actions (wp_ajax_visualizer-create-chart, wp_ajax_visualizer-edit-chart, and...
CVE-2026-8689
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...
PT-2026-44219
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wp ajax visualizer-create-chart...