CVE-2026-41242

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

CVE-2022-37378

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

EUVD-2015-3483

Malware in sbrugna...

EUVD-2010-2755

Malware in sbrugna...

EUVD-2023-30092

Malicious code in bioql PyPI...

EUVD-2022-40012

Malicious code in bioql PyPI...

EUVD-2025-4108

Malicious code in bioql PyPI...

Prototype Pollution

@nyariv/sandboxjs is vulnerable to prototype pollution. The vulnerability is due to insufficient prototype access checks in the sandbox’s executor logic, particularly when handling JavaScript function objects, which allows an attacker to inject arbitrary properties into Object.prototype...

CVE-2019-14251

An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer to traverse the file system and access files or directories that are...

Cross-Site Scripting (XSS)

Vega, vega-functions is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sandboxing, which allows unsupported JavaScript functions to be called from the Vega expression language...

CVE-2025-26619

Vega (Node) and Vega‑functions prior to versions 5.31.0/5.16.0 allow calling JavaScript functions from the Vega expression language that were not meant to be supported. This is the CVE-2025-26619 issue; the root cause is exposure of arbitrary JS execution through the expression interpreter. The v...

CVE-2025-26619 Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

CVE-2025-25304

CVE-2025-25304 affects Vega (visualization grammar) and its vega-selections component. Before version 5.26.0 of Vega and 5.4.2 of vega-selections, the vlSelectionTuples function could call attacker-controlled JavaScript functions, including Function(), enabling cross-site scripting via multiple c...

WordPress plugin Media Library Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vulnerability

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations. TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web page:...

CVE-2022-37378

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-14251

An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer to traverse the file system and access files or directories that are...

Out-Of-Bounds Read

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns

Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...

Microsoft Edge Chakra JIT Op_MaxInAnArray / Op_MinInAnArray Misuse

Microsoft Edge: Chakra: JIT: OpMaxInAnArray and OpMinInAnArray can explicitly call user defined JavaScript functions CVE-2017-11893 1. Call patterns like "Math.max.applyMath, 1, 2, 3, 4, 5" and "Math.max.applyMath, arr" can be optimized to directly call the method "JavascriptMath::MaxInAnArray" i...