Lucene search
+L

93 matches found

Snyk
Snyk
added 2026/05/18 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@abtnode/ux (>=1.16.40 <=1.17.13-beta-20260512-042419-7b556a38), @ada-lc/echarts-materials (>=0.0.1 <=0.0.2) +501 more potentially affected by unknown CVE via echarts-for-react (>=3.0.0-beta.2 <=3.0.6)

echarts-for-react NPM version =3.0.0-beta.2, =1.16.40, =0.0.1, =0.1.0, =0.0.2-7.1, =0.1.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.3.5-beta.937, =1.0.8-alpha, =3.34.0, =0.1.10, =1.0.5, =1.0.339 and more Source cves: unknown CVE Source advisory: SNYK:JS-ECHARTSFORREACT-16754865...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/05/18 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@abtnode/ux (>=1.16.40 <=1.17.13-beta-20260512-042419-7b556a38), @ada-lc/echarts-materials (>=0.0.1 <=0.0.2) +501 more potentially affected by unknown CVE via echarts-for-react (>=3.0.0-beta.2 <=3.0.6)

echarts-for-react NPM version =3.0.0-beta.2, =1.16.40, =0.0.1, =0.1.0, =0.0.2-7.1, =0.1.1, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.3.5-beta.937, =1.0.8-alpha, =3.34.0, =0.1.10, =1.0.5, =1.0.339 and more Source cves: unknown CVE Source advisory: SNYK:JS-ECHARTSFORREACT-16755035...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/05/18 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/05/18 9:0 p.m.13 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.6 views

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

6.1CVSS4.7AI score0.00246EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 10:15 p.m.15 views

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

6.1CVSS0.00246EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/11 9:23 p.m.28 views

CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS0.00246EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/11 9:23 p.m.3 views

CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS4.7AI score0.00246EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:23 p.m.4 views

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS4.7AI score0.00246EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/11 9:23 p.m.25 views

CVE-2026-26023

CVE-2026-26023 affects Dify’s web chat frontend when using echarts prior to version 1.13.0, enabling a client-side DOM XSS via inputs containing a specific JavaScript payload. The vulnerability, exploitable with network access and passive user interaction, has no confidentiality/integrity/availab...

6.1CVSS4.7AI score0.00246EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/11 9:23 p.m.6 views

CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS4.7AI score0.00246EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

dify 跨站脚本漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient validation of inputs when echarts was used in the web application chat front-end,...

6.1CVSS5.6AI score0.00246EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.12 views

PT-2026-7724

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS4.7AI score0.00246EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/22 9:26 p.m.8 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00607EPSS
Exploits1References1
NVD
NVD
added 2026/01/21 9:16 p.m.8 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS0.00607EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/21 9:6 p.m.6 views

EUVD-2026-3779

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00607EPSS
Exploits1References2
Rows per page
Query Builder