44 matches found
JLSEC-2026-490
Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the...
GHSA-M9RG-MR6G-75GM `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
Impact For sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. Patches Fixed in vega-functions 6.1.1 Workarounds There is no workaround besides upgrading. Using...
`vega-functions` vulnerable to Cross-site Scripting via `setdata` function
Impact For sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. Patches Fixed in vega-functions 6.1.1 Workarounds There is no workaround besides upgrading. Using...
Cross-site Scripting (XSS)
Overview vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the application by supplyin...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648
The CVE-2025-66648 issue affects vega-functions (Vega expression language implementation). Prior to version 6.1.1, an internal function (not part of the public API) could be abused when sites accept untrusted input, enabling unintended JavaScript execution (XSS). The vulnerability is fixed in veg...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...
EUVD-2015-7154
Malware in sbrugna...
Prototype Pollution
Overview json-schema-editor-visual is a jsonschema editor Affected versions of this package are vulnerable to Prototype Pollution via the setData or deleteData functions. An attacker can manipulate the prototype of objects by supplying a crafted payload, potentially leading to unauthorized...
GHSA-3C3P-XH4F-PFH7 json-schema-editor-visual vulnerable to prototype pollution
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2025-57320
CVE-2025-57320 affects the package json-schema-editor-visual. Connected sources confirm a Prototype Pollution vulnerability in the setData and deleteData functions for versions up to and including 1.1.1, allowing a crafted payload to inject or delete properties on Object.prototype. Practical impa...
json-schema-editor-vue 安全漏洞
json-schema-editor-vue is a json editor by AlbertZhang personal developer. A security vulnerability exists in json-schema-editor-vue 1.1.1 and earlier versions, which stems from prototype contamination in the setData and deleteData functions, which could lead to a denial of service attack...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
CVE-2025-57320
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload,...
OSV-2020-34 UNKNOWN READ in parquet::LevelDecoder::SetData
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20666 Crash type: UNKNOWN READ Crash state: parquet::LevelDecoder::SetData parquet::ColumnReaderImplBaseparquet::PhysicalType parquet::ColumnReaderImplBaseparquet::PhysicalType...
OSV-2020-27 Heap-buffer-overflow in parquet::LevelDecoder::SetData
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20940 Crash type: Heap-buffer-overflow READ 4 Crash state: parquet::LevelDecoder::SetData parquet::ColumnReaderImplBaseparquet::PhysicalType parquet::internal::TypedRecordReaderparquet::PhysicalType...