82 matches found
EUVD-2026-43054
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...
CVE-2026-55810
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...
CVE-2026-55810
The CVE-2026-55810 issue affects Drupal Plotly.js Graphing, with PHP object injection via unserialization in the Plotly.js Graphing module. Concrete details from connected sources: vulnerable versions 0.0.0 through 3.0.2; attacker must have permission to edit a content entity containing the plotl...
CVE-2026-55810 Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...
CVE-2026-55810 Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...
DRUPAL-CONTRIB-2026-050
The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection...
Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050
The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection...
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
CVE-2026-8207
Gibbon up to version 30.0.01 is affected by an authenticated SQL injection via the Tracking/graphing feature in Tracking/graphing.php (line 145). Exploitation requires Teacher or higher privileges and can lead to unintended read/write access to the database. A fix is available in Gibbon v30.0.01;...
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
EUVD-2026-28880
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
PT-2026-39317
Name of the Vulnerable Software and Affected Versions Gibbon versions prior to 30.0.01 Description An authenticated SQL Injection exists in the Tracking/graphing feature. Users with Teacher or higher privileges can abuse this functionality to perform unintended read and write activities on the...
Gibbon SQL注入漏洞
Gibbon is a school platform developed by the Gibbon team that addresses practical issues encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained an SQL injection vulnerability. This vulnerability stemmed from the misuse of the Tracking/graphing feature, allowing...
CVE-2021-47877
GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become...
CVE-2021-47877 GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service
GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become...
CVE-2021-47877 GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service
GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become...