CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

UbuntuCve•added 2026/01/05 10:15 p.m.•1 views

CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

9.3CVSS7.4AI score0.00025EPSS

Exploits1References2

UbuntuCve•added 2025/11/13 8:15 p.m.•1 views

CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS7.2AI score0.00034EPSS

Exploits0References2

RedhatCVE•added 2025/10/13 10:7 a.m.•4 views

CVE-2025-25017

A Cross-Site Scripting XSS vulnerability in Kibana’s Vega visualization engine. It results from improper input validation in Vega visualization specifications, allowing attackers to inject malicious JavaScript. Successful exploitation could lead to session hijacking, data theft, or privilege...

8.2CVSS5.9AI score0.00025EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-1128

Malicious code in bioql PyPI...

6.5CVSS6.2AI score0.00354EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-4108

Malicious code in bioql PyPI...

6.9CVSS5.5AI score0.00182EPSS

Exploits0References4

OSV•added 2025/03/27 2:15 p.m.•1 views

UBUNTU-CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

6.1CVSS7.4AI score0.00417EPSS

Exploits1References6

OSV•added 2025/03/27 1:51 p.m.•6 views

CVE-2025-26619 Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`

5.3CVSS6.5AI score0.00417EPSS

Exploits1References6

OSV•added 2025/02/14 7:28 p.m.•15 views

CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS5.5AI score0.00182EPSS

Exploits0References5

OSV•added 2023/03/04 12:15 a.m.•3 views

DEBIAN-CVE-2023-26486

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...

6.1CVSS6.6AI score0.00369EPSS

Exploits1References1

Prion•added 2023/03/04 12:15 a.m.•9 views

Format string

5.8CVSS6.6AI score0.00369EPSS

Exploits1References5Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by