EUVD-2025-210016

In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-339109116

In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Astra Linux - уязвимость в tiff

The processCropSelections function in the tools/tiffcrop.c file of LibTIFF, as of version 4.5.0, has a heap-based buffer overflow vulnerability. This vulnerability occurs due to a crafted TIFF image being written with a size of 307203 bytes...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemset in libtiff/tifunix.c:340, when called from the process ProcessCropSelections, tools/tiffcrop.c:7619. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIFF file. For users who compile...

PT-2026-25651

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

PT-2026-25642

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

PT-2026-25654

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution...

Cross-site Scripting (XSS)

Overview vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by tricking a user int...

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by...

CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

JLSEC-2025-286 LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from p...

LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...

JLSEC-2025-289 processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow ...

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow e.g., "WRITE of size 307203" via a crafted TIFF image...

org.webjars.npm:vega-selections (>=5.1.0 <=5.6.0), org.webjars.npm:vega-typings (>=0.22.0 <=0.22.3) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-expression (>=2.7.0 <=5.2.0)

org.webjars.npm:vega-expression MAVEN version =2.7.0, =5.1.0, =0.22.0, =0.22.3 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961290...

EUVD-2021-24776

Malware in sbrugna...

EUVD-2010-4175

Malware in sbrugna...

EUVD-2011-3877

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-25304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and...

Linux Distros Unpatched Vulnerability : CVE-2025-55014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and...

StarDict 安全漏洞

StarDict is a desktop dictionary software from StarDict open source. A security vulnerability exists in StarDict version 3.0.7+git20220909+dfsg-6, which stems from the YouDao plugin sending X11 selections to a remote server via plaintext HTTP...