CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

ATTACKERKB•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-3570

The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...

5.3CVSS5.8AI score0.00193EPSS

Exploits0References4

OSV•added 2026/01/05 10:56 p.m.•4 views

GHSA-829Q-M3QG-PH8R Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Impact Applications meeting these two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches both vega library and a vega.View instance similar to the Vega Editor to the global window, or has an...

8.1CVSS6.9AI score0.00026EPSS

Exploits1References3

Snyk•added 2026/01/05 9:55 p.m.•3 views

Cross-site Scripting (XSS)

Overview vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by tricking a user int...

9.3CVSS5.4AI score0.00026EPSS

Exploits1References2

Snyk•added 2026/01/05 9:55 p.m.•2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by...

9.3CVSS5.5AI score0.00026EPSS

Exploits1References2

Cvelist•added 2026/01/05 9:22 p.m.•23 views

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

8.1CVSS0.00026EPSS

Exploits1References1

CVE•added 2026/01/05 9:22 p.m.•11 views

CVE-2025-65110

CVE-2025-65110 affects Vega, a visualization grammar. Prior to versions 6.1.2 and 5.6.3, if an application both attaches the Vega library and a vega.View instance to the global window (or has other safe-function gadget in the global scope) and allows user-defined Vega JSON definitions, it is at r...

9.3CVSS7AI score0.00026EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/01/05 9:22 p.m.•3 views

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

8.1CVSS7AI score0.00026EPSS

Exploits1References1

OSV•added 2026/01/05 9:22 p.m.•2 views

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

8.1CVSS7.2AI score0.00026EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-2958

Malware in sbrugna...

7.5CVSS6.4AI score0.00478EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-18094

Malware in sbrugna...

9.8CVSS9.3AI score0.0063EPSS

Exploits0References3

OSV•added 2024/03/06 10:53 a.m.•17 views

BIT-ENVOY-2023-35942 Envoy's gRPC access log crash caused by the listener draining

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...

6.5CVSS7.7AI score0.00023EPSS

Exploits1References2

SUSE CVE•added 2023/02/15 6:18 a.m.•0 views

SUSE CVE-2005-1154

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...

7.5CVSS7AI score0.06584EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:40 a.m.•2 views

SUSE CVE-2013-1738

Use-after-free vulnerability in the JSGetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and...

9.3CVSS9.2AI score0.04616EPSS

Exploits0References5

Github Security Blog•added 2019/09/11 11:1 p.m.•14 views

Undefined Behavior in sailsjs-cacheman

All versions of sailsjs-cacheman have a vulnerability that may lead to Undefined Behavior. The config variable is exposing to the global scope which may overwrite other variables and cause the application to misbehave. Recommendation No fix is currently available. Consider using an alternative...

3.9AI score

Exploits0References4Affected Software1

OSV•added 2019/09/11 11:1 p.m.•7 views

GHSA-5W65-6875-RHQ8 Undefined Behavior in sailsjs-cacheman

7.1AI score

Exploits0References3

Cvelist•added 2018/12/31 8:0 p.m.•12 views

CVE-2018-6334

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...

9.4AI score0.0063EPSS

Exploits0References2