Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.7 views

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 10:32 p.m.5 views

EUVD-2025-175359

Vega Cross-Site Scripting XSS via expressions abusing toString calls in environments using the VEGADEBUG global variable...

8.1CVSS5.5AI score0.00342EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/13 8:43 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

8.1CVSS5.4AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

8.1CVSS5.5AI score0.00342EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/13 7:54 p.m.2 views

CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS6.6AI score0.00342EPSS
Exploits0References1
Rows per page
Query Builder