45 matches found
UBUNTU-CVE-2026-9029
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...
CVE-2026-9029
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...
EUVD-2026-38243
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...
CVE-2026-9029 Stored XSS via Geomap Panel Template Variable Attribution Injection
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...
CVE-2026-9029
CVE-2026-9029 affects Grafana’s Geomap panel (XYZ tile layer) where sanitizeTextPanelContent() runs on the raw template string before variable substitution via getTemplateSrv().replace(), allowing an Editor to inject an XSS payload into a textbox variable default value that executes for all dashb...
CVE-2026-9029
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...
Astra Linux – Vulnerability in ffmpeg, ffmpeg5
The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through a floating-point exception error at libavfilter/vfminterpolate.c:1078:60 in interpolate...
MAL-2026-3866 Malicious code in @antv/d3-interpolate (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@antv/g-base (=0.5.13), @yogeshcl/g6-react-ba (=0.0.6) potentially affected by unknown CVE via @antv/d3-interpolate (=1.0.3)
@antv/d3-interpolate NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/d3-interpolate and may be impacted: - @antv/g-base =0.5.13 - @yogeshcl/g6-react-ba =0.0.6 Source cves: unknown CVE Source advisory:...
@antv/d3-interpolate (>=1.0.2 <=1.0.3), @antv/g-base (=0.5.13) +1 more potentially affected by unknown CVE via @antv/d3-color (=1.0.0)
@antv/d3-color NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/d3-color and may be impacted: - @antv/d3-interpolate =1.0.2, =1.0.3 - @antv/g-base =0.5.13 - @yogeshcl/g6-react-ba =0.0.6 Source cves: unknown CVE Source advisory:...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Display template option of the Set field type, where user-supplied input is processed by the $interpolate function and rendered via Vue's v-html directive without proper sanitization. An attacker can...
📄 Cockpit CMS 2.13.5 Cross Site Scripting
Cockpit CMS version 2.13.5 suffers from a persistent cross site scripting vulnerability in the content model display template. The $interpolate function in /modules/App/assets/js/app/utils.js uses new Function to evaluate template strings, allowing arbitrary JavaScript execution. Any authenticate...
Atlassian Confluence 9.0.1 < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101573)
The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-101573 advisory. - A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack...
Linux Distros Unpatched Vulnerability : CVE-2017-12067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potrace 1.14 has a heap-based buffer over-read in the interpolatecubic function in mkbitmap.c. CVE-2017-12067 Note that Nessus relies on the presence of the...
SUSE SLED15: ffmpeg / ffmpeg-private-devel / libavcodec-devel / libavcodec57 / etc (SUSE-SU-2024:3114-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3114-1 advisory. - CVE-2020-22027: Fixed heap-based Buffer Overflow vulnerability exits in deflate16 at...
OSV-2024-792 Index-out-of-bounds in AAHD::make_ahd_rb_hv
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42536934 Crash type: Index-out-of-bounds Crash state: AAHD::makeahdrbhv AAHD::makeahdrb LibRaw::aahdinterpolate...
The vulnerability of the interpolate component (libavfilter/vf_minterpolate.c) in the FFmpeg multimedia library allows a hacker to execute arbitrary code.
The vulnerability of the interpolate component libavfilter/vfminterpolate.c in the FFmpeg multimedia library involves copying buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
SUSE CVE-2023-51798
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...
CVE-2023-51798
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...
DEBIAN-CVE-2023-51798
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception FPE error at libavfilter/vfminterpolate.c:1078:60 in interpolate...