2607 matches found
EUVD-2026-23291
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
EUVD-2026-23284
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...
[SECURITY] Fedora 42 Update: polymake-4.15-3.fc42
Polymake is a tool to study the combinatorics and the geometry of convex polytopes and polyhedra. It is also capable of dealing with simplicial complexes, matroids, polyhedral fans, graphs, tropical objects, and so forth. Polymake can use various computational packages if they are installed. Thos...
CVE-2026-6309
Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-21904
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
CVE-2026-35565
The CVE affects Apache Storm UI before 2.8.6. The Storm UI visualization component interpolates topology metadata (component IDs, stream names, grouping values) directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization, enabling stored XSS when an authenticated user wit...
CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI
Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...
CVE-2026-39892 vulnerabilities
Vulnerabilities for packages: superset, kserve, mitmproxy, in-toto, k8s-sidecar, py3-cassandra-medusa, kubeflow-volumes-web-app, mycli, kubeflow-pipelines-visualization-server, dask-kubernetes, datadog-agent, jupyter-base-notebook, kubeflow-jupyter-web-app, semgrep, airflow, open-webui...
GHSA-P423-J2CM-9VMQ vulnerabilities
Vulnerabilities for packages: superset, kserve, mitmproxy, in-toto, k8s-sidecar, py3-cassandra-medusa, kubeflow-volumes-web-app, mycli, kubeflow-pipelines-visualization-server, dask-kubernetes, datadog-agent, jupyter-base-notebook, kubeflow-jupyter-web-app, semgrep, airflow, open-webui...
GHSA-P423-J2CM-9VMQ vulnerabilities
Vulnerabilities for packages: semgrep, kubeflow-pipelines-visualization-server, mitmproxy, airflow, kubeflow-volumes-web-app, apache-beam-python-3.11-sdk, nemo, apache-beam-python-3.12-sdk, kubeflow-jupyter-web-app, py3-cassandra-medusa, dagster, metaflow-service, k8s-sidecar, datadog-agent-fips,...
CVE-2026-39892 vulnerabilities
Vulnerabilities for packages: semgrep, kubeflow-pipelines-visualization-server, mitmproxy, airflow, kubeflow-volumes-web-app, apache-beam-python-3.11-sdk, nemo, apache-beam-python-3.12-sdk, kubeflow-jupyter-web-app, py3-cassandra-medusa, dagster, metaflow-service, k8s-sidecar, datadog-agent-fips,...
SentinelSphere: Integrating AI-Powered Real-Time Threat Detection with Cybersecurity Awareness Training
The field of cybersecurity is confronted with two interrelated challenges: a worldwide deficit of qualified practitioners and ongoing human-factor weaknesses that account for the bulk of security incidents. To tackle these issues, we present SentinelSphere, a platform driven by artificial...
[SECURITY] Fedora 43 Update: vtk-9.2.6-44.fc43
VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...
[SECURITY] Fedora 42 Update: vtk-9.2.6-38.fc42
VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...
EUVD-2026-12665
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2026-21994
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
Vertex AI SDK 1.131.0 Cross Site Scripting Scanner
This script is a defensive behavioral security scanner designed to test whether HTML reports generated by the internal visualization module of the google-cloud-aiplatform part of Google Cloud improperly render unescaped user-controlled input...
SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction
Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...