Lucene search
K

6 matches found

NVD
NVD
added 5 hours ago5 views

CVE-2026-57439

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS
Exploits0References5
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS
Exploits0References5
CVE
CVE
added 6 hours ago6 views

CVE-2026-57439

CyberChef’s CVE-2026-57439 affects the Series Chart operation prior to version 11.2.0. The vulnerability arises when parsing user-supplied CSV, where proto can be used as a key, enabling prototype pollution. This can be chained with other operations (e.g., Parse UDP) to inject malicious JavaScrip...

5CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42294

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS5.9AI score
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/01/28 3:30 a.m.9 views

@activfinancial/activ-workstation (>=0.3.0 <=0.4.35), @activfinancial/time-series-chart (>=0.3.40 <=0.3.51) +36 more potentially affected by CVE-2026-1513 via billboard.js (>=1.0.1 <=3.14.0)

billboard.js NPM version =1.0.1, =0.3.0, =0.3.40, =3.0.0, =0.0.55, =1.0.0, =1.0.0, =4.0.0, =1.0.0, =1.0.0, =0.0.1-alpha.1, =5.4.0, =1.5.0, =2.0.0 and more Source cves: CVE-2026-1513 Source advisory: OSV:GHSA-RPC5-PM7Q-HJMP...

6.1CVSS5.8AI score0.00158EPSS
Exploits0
Snyk
Snyk
added 2023/01/29 3:29 p.m.2 views

Malicious Package

Overview time-series-chart-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Rows per page
Query Builder