372 matches found
EUVD-2026-37998
AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...
MAL-2026-4078 Malicious code in @antv/s2-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4079 Malicious code in @antv/s2-react-components (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4081 Malicious code in @antv/s2-vue (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4080 Malicious code in @antv/s2-ssr (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +11 more potentially affected by unknown CVE via @antv/g-plugin-dom-interaction (>=2.0.0 <=2.1.9)
@antv/g-plugin-dom-interaction NPM version =2.0.0, =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory:...
@antv/gpt-vis-ssr (>=0.3.4 <=0.3.8), @tiangong-ai/vis-server (>=0.0.1 <=0.0.5) potentially affected by unknown CVE via @antv/s2-ssr (>=0.0.2 <=0.1.1)
@antv/s2-ssr NPM version =0.0.2, =0.3.4, =0.0.1, =0.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2SSR-16754942...
qbi-charts (=1.0.17), shuyi-charts (>=1.1.1 <=1.1.27) potentially affected by unknown CVE via @antv/s2-vue (=2.2.0)
@antv/s2-vue NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/s2-vue and may be impacted: - qbi-charts =1.0.17 - shuyi-charts =1.1.1, =1.1.27 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2VUE-16754366...
@binarysee/widgets (=1.0.5), @binlove/widgets (=1.0.5) potentially affected by unknown CVE via @antv/s2-react (=2.0.0-next.28)
@antv/s2-react NPM version =2.0.0-next.28 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/s2-react and may be impacted: - @binarysee/widgets =1.0.5 - @binlove/widgets =1.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2REACT-16754376...
@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +9 more potentially affected by unknown CVE via @antv/g-plugin-html-renderer (>=2.0.0 <=2.3.1)
@antv/g-plugin-html-renderer NPM version =2.0.0, =2.0.0, =1.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINHTMLRENDERER-16754947...
@antv/gpt-vis-ssr (>=0.3.4 <=0.3.8), @tiangong-ai/vis-server (>=0.0.1 <=0.0.5) potentially affected by unknown CVE via @antv/s2-ssr (>=0.0.2 <=0.1.1)
@antv/s2-ssr NPM version =0.0.2, =0.3.4, =0.0.1, =0.0.5 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2SSR-16755111...
CVE-2026-21916
A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...
CVE-2026-33779
An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect t...
CVE-2026-21916
A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...
PT-2026-31754
Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system CVE: CVE-2026-33793 PT ID: PT-2026-31754 Vendor: Juniper networks Product: Junos OS CVSS: 7.8 Credits: n/a Description: An Execution with Unnecessary...
CVE-2026-4575
A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...
EUVD-2026-14367
A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2026-4575
A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2026-4575 code-projects Exam Form Submission update_s2.php cross site scripting
A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/updates2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...