EUVD-2018-5967

Malware in sbrugna...

EUVD-2025-4543

Malicious code in bioql PyPI...

Malicious code in kendo-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c625b89207a2538d26f0a63c2df6530e4e8c1cd6ebccacfc59ebee9d74e840a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4008 Malicious code in kendo-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c625b89207a2538d26f0a63c2df6530e4e8c1cd6ebccacfc59ebee9d74e840a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11628

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection...

CVE-2024-11628

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection...

CVE-2024-11628 Prototype Pollution in Progress® Telerik® Kendo UI for Vue

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection...

CVE-2024-11628

Affected software: Progress Telerik Kendo UI for Vue. Vulnerable as per CVE-2024-11628 in versions v2.4.0 through v6.0.1. Root cause: prototype pollution via ability to introduce or modify properties in the global prototype chain, which can lead to denial of service or command injection. Document...

CVE-2024-11628 Prototype Pollution in Progress® Telerik® Kendo UI for Vue

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection...

PT-2025-6508 · Telerik · Kendo Ui

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Kendo UI for Vue versions v2.4.0 through v6.0.1 Description: The issue allows an attacker to introduce or modify properties within the global prototype chain, which can result in denial of service or command injection...

GHSA-J7WP-VJJ6-CP5M Cross-Site Scripting in @progress/kendo-angular-editor

Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...

Cross-Site Scripting in @progress/kendo-angular-editor

Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...

CVE-2018-14037

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...

Cross site scripting

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...

CVE-2018-14037

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...

CVE-2018-14037

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...

CVE-2018-14037

CVE-2018-14037 is a cross-site scripting vulnerability in Progress Kendo UI Editor v2018.1.221. The issue arises from the editorNS.Serializer toEditableHtml function in kendo.all.min.js, enabling an attacker to inject arbitrary JavaScript into the editor’s DOM. If a victim loads the editor, the p...

Progress Kendo UI Editor Cross-Site Scripting Vulnerability

Progress Kendo UI Editor is a complete UI toolkit for web development. A cross-site scripting vulnerability exists in Progress Kendo UI Editor that allows an attacker to execute JavaScript within the context of the editor itself...

Progress Kendo UI Editor 2018.1.221 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: Progress Kendo UI Editor vulnerable version: v2018.1.221 fixed version: none, see workaround CVE number: CVE-2018-14037 impact: mediu...