Lucene search
+L

43 matches found

NVD
NVD
added 2026/07/08 4:16 p.m.10 views

CVE-2026-57439

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS0.00094EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 2:58 p.m.31 views

CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS0.00094EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 2:58 p.m.6 views

CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS6.1AI score0.00094EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.4AI score0.00294EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/29 6:33 a.m.16 views

CyberChef has a Cross-site Scripting issue

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/29 6:33 a.m.5 views

GHSA-H4HV-92PP-PCJG CyberChef has a Cross-site Scripting issue

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/29 5:23 a.m.6 views

Cross-site Scripting (XSS)

Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ShowBase64Offsets.mjs. An attacker can execute arbitrary JavaScript code in the context of...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 2026/04/29 4:16 a.m.4 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/29 2:55 a.m.4 views

EUVD-2026-26191

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.1AI score0.00294EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/29 2:55 a.m.3 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5AI score0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/29 2:55 a.m.4 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5AI score0.00294EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/29 2:55 a.m.34 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS0.00294EPSS
Exploits0References4
OSV
OSV
added 2026/04/29 2:55 a.m.3 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.9AI score0.00294EPSS
Exploits0References6
CVE
CVE
added 2026/04/29 2:55 a.m.15 views

CVE-2026-42615

CyberChef up to version 11.0.0 is affected by an XSS in the Show Base64 offsets path, allowing script injection via the URL/fragment (e.g., /#recipe=Show_Base64_offsets...). Root cause: improper handling of Base64 offset input in the recipe viewer. Impact: potential script execution in the victim...

7.2CVSS5.1AI score0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

CyberChef 跨站脚本漏洞

CyberChef is an open-source network application developed by GCHQ, featuring functions such as encryption, encoding, compression, and data analysis. Versions of CyberChef prior to 11.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Show Base64 Offsets...

7.2CVSS5.6AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35866

Name of the Vulnerable Software and Affected Versions GCHQ CyberChef versions prior to 11.0.0 Description Cross-Site Scripting XSS is possible via the Show Base64 offsets feature. This occurs through the endpoint '/recipe=Show Base64 offsets', where an attacker can inject malicious scripts...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0636

Malware in sbrugna...

6.1CVSS6.1AI score0.01311EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.15 views

CVE-2019-15532

CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs...

6.1CVSS6AI score0.01311EPSS
Exploits1References1
OSV
OSV
added 2024/11/18 8:1 p.m.35 views

GHSA-7CC9-J4MV-VCJP XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/11/18 8:1 p.m.364 views

XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder