6 matches found
EUVD-2022-50305
Malicious code in bioql PyPI...
CVE-2022-47544
An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed...
Cross-Site Scripting (XSS)
Vega, vega-functions is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sandboxing, which allows unsupported JavaScript functions to be called from the Vega expression language...
Server-Side Template Injection
getgrav/grav is vulnerable to Server-Side Template Injection. The vulnerability is due to insufficient sandboxing and validation of user-defined Twig template functions and filters, allowing authenticated users to execute arbitrary code on the server...
CVE-2022-47544
An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed...
CVE-2021-37549
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient...