128 matches found
CVE-2026-41518
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
EUVD-2026-34319
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
PT-2026-46317
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...
Friday Squid Blogging: Another Squid
Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Security update for grafana
This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...
CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...
CVE-2026-32118
OpenEMR contains a Stored XSS vulnerability in the Graphical Pain Map (clickmap) form, present before version 8.0.0.1. An authenticated clinician can inject arbitrary JavaScript via unescaped annotation text, which executes in the browser of every subsequent viewer of the affected encounter form....
CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...
CVE-2020-24650
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
A Bootiful Podcast: Apache Tomcat legend Mark Thomas (Happy new year!)
In this episode, I talk with Mark Thomas, the legendary and highly prolific committer to Apache Tomcat. Happy New Year!...
EUVD-2025-202369
Malicious code in sfdc-abstract-legend npm...
Malicious Package
Overview sfdc-abstract-legend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in sfdc-abstract-legend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a29f7f51ba229ced87dfa4e1c978407d9e716ba77115ad38601c49896e0584bb The package sfdc-abstract-legend was found to contain malicious code. Source: ghsa-malware...
MAL-2025-192418 Malicious code in sfdc-abstract-legend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a29f7f51ba229ced87dfa4e1c978407d9e716ba77115ad38601c49896e0584bb The package sfdc-abstract-legend was found to contain malicious code. Source: ghsa-malware...
A Bootiful Podcast: Spring community legend and friend Simon Martinelli
Hi, Spring fans! Happy Thanksgiving from me, and I am sure the entire Spring team, to you! We are, it should be clear, oh so very grateful.. thankful.. for you, the community. This week it is my great pleasure to chat with Spring community legend Simon Martinelli...
EUVD-2020-17366
Malware in sbrugna...
MAL-2025-47554 Malicious code in finos-legend (npm)
The package finos-legend was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d52237f76bf811889cf1da6bfa8df5deacc81e076c88890187022381ae951370 Any computer that has this package installed or running should be considered fully...
Malicious Package
Overview finos-legend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in finos-legend (npm)
The package finos-legend was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d52237f76bf811889cf1da6bfa8df5deacc81e076c88890187022381ae951370 Any computer that has this package installed or running should be considered fully...