43 matches found
CVE-2026-57439
CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...
CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation
CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...
CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation
CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
GHSA-H4HV-92PP-PCJG CyberChef has a Cross-site Scripting issue
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CyberChef has a Cross-site Scripting issue
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
Cross-site Scripting (XSS)
Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ShowBase64Offsets.mjs. An attacker can execute arbitrary JavaScript code in the context of...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
EUVD-2026-26191
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
CVE-2026-42615
CyberChef up to version 11.0.0 is affected by an XSS in the Show Base64 offsets path, allowing script injection via the URL/fragment (e.g., /#recipe=Show_Base64_offsets...). Root cause: improper handling of Base64 offset input in the recipe viewer. Impact: potential script execution in the victim...
CyberChef 跨站脚本漏洞
CyberChef is an open-source network application developed by GCHQ, featuring functions such as encryption, encoding, compression, and data analysis. Versions of CyberChef prior to 11.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Show Base64 Offsets...
PT-2026-35866
Name of the Vulnerable Software and Affected Versions GCHQ CyberChef versions prior to 11.0.0 Description Cross-Site Scripting XSS is possible via the Show Base64 offsets feature. This occurs through the endpoint '/recipe=Show Base64 offsets', where an attacker can inject malicious scripts...
EUVD-2019-0636
Malware in sbrugna...
CVE-2019-15532
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs...
GHSA-7CC9-J4MV-VCJP XXE in PHPSpreadsheet's XLSX reader
Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...
XXE in PHPSpreadsheet's XLSX reader
Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...