6 matches found
CVE-2026-57439
CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...
CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation
CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...
EUVD-2026-42294
CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...
CVE-2026-57439
CyberChef’s CVE-2026-57439 affects the Series Chart operation prior to version 11.2.0. The vulnerability arises when parsing user-supplied CSV, where proto can be used as a key, enabling prototype pollution. This can be chained with other operations (e.g., Parse UDP) to inject malicious JavaScrip...
@activfinancial/activ-workstation (>=0.3.0 <=0.4.35), @activfinancial/time-series-chart (>=0.3.40 <=0.3.51) +36 more potentially affected by CVE-2026-1513 via billboard.js (>=1.0.1 <=3.14.0)
billboard.js NPM version =1.0.1, =0.3.0, =0.3.40, =3.0.0, =0.0.55, =1.0.0, =1.0.0, =4.0.0, =1.0.0, =1.0.0, =0.0.1-alpha.1, =5.4.0, =1.5.0, =2.0.0 and more Source cves: CVE-2026-1513 Source advisory: OSV:GHSA-RPC5-PM7Q-HJMP...
Malicious Package
Overview time-series-chart-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...