14 matches found
GHSA-M9RG-MR6G-75GM `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
Impact For sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. Patches Fixed in vega-functions 6.1.1 Workarounds There is no workaround besides upgrading. Using...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2025-57320
CVE-2025-57320 affects the package json-schema-editor-visual. Connected sources confirm a Prototype Pollution vulnerability in the setData and deleteData functions for versions up to and including 1.1.1, allowing a crafted payload to inject or delete properties on Object.prototype. Practical impa...
json-schema-editor-vue 安全漏洞
json-schema-editor-vue is a json editor by AlbertZhang personal developer. A security vulnerability exists in json-schema-editor-vue 1.1.1 and earlier versions, which stems from prototype contamination in the setData and deleteData functions, which could lead to a denial of service attack...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2020-0129
In SetData of btmblemultiadv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID...
Integer overflow
Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile...
CVE-2018-16435
Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile...
CVE-2018-16435
CVE-2018-16435 affects Little CMS 2.9, where an integer overflow in cmscgats.c:AllocateDataSet enables a heap-based buffer overflow in SetData when processing a crafted file in cmsIT8LoadFromFile. No exploitation details are provided in the documents beyond the overflow risk. Remediation: upgrade...
Integer overflow
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service incorrect memory allocation and application crash via an MP4 video...
Microsoft GDIPlus Library File Integer Overflow Vulnerability
This host is having GDIPlus Library and is prone to Integer Overflow Vulnerability. OpenVAS Vulnerability Test $Id: gbgdiplusintoverflowvuln.nasl 5369 2017-02-20 14:48:07Z cfi $ Microsoft GDIPlus Library File Integer Overflow Vulnerability Authors: Sujit Ghosal Copyright c 2009 Greenbone Networks...