189 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...
Cross-site Scripting (XSS)
Overview vega-expression is a Vega expression parser and code generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...
Cross-site Scripting (XSS)
Overview vega-interpreter is a CSP-compliant interpreter for Vega expressions. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code b...
CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...
CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...
CVE-2025-59840
CVE-2025-59840 (Vega XSS) : The vulnerability affects Vega prior to 6.2.0 where an application that attaches the Vega library and a global vega.View instance to window and allows user-defined Vega JSON can be exploited to execute arbitrary JavaScript, even with safe mode expressionInterpreter. Th...
CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...
OSV-2025-858 Use-of-uninitialized-value in pcpp::byteArrayToHexString
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=454944849 Crash type: Use-of-uninitialized-value Crash state: pcpp::byteArrayToHexString pcpp::PacketTrailerLayer::toString FuzzTarget.cpp...
EUVD-2021-2489
Malware in sbrugna...
EUVD-2022-5887
Malicious code in bioql PyPI...
EUVD-2022-6441
Malicious code in bioql PyPI...
OSV-2025-718 Heap-buffer-overflow in pcpp::ArpLayer::toString
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=443832078 Crash type: Heap-buffer-overflow READ 2 Crash state: pcpp::ArpLayer::toString pcpp::Packet::toStringList pcpp::Packet::toString...
Linux Distros Unpatched Vulnerability : CVE-2021-22095
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the...
Linux Distros Unpatched Vulnerability : CVE-2016-7504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was observed in RptoString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful...
Malicious code in vinyl-content-tostring (npm)
The package vinyl-content-tostring was found to contain malicious code...
MAL-2025-38410 Malicious code in vinyl-content-tostring (npm)
The package vinyl-content-tostring was found to contain malicious code...
Exposed Dangerous Method or Function
Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the webpackmodules object. An attacker can...
CVE-2021-22095
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...