DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

GHSA-GJ48-438W-JH9V vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

GHSA-8RFP-98V4-MMR6 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

GHSA-8RFP-98V4-MMR6 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

GHSA-GJ48-438W-JH9V vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

Chromium: CVE-2026-10918 Use after free in Viz

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Viz components after their release, which could allow remote attackers to achieve sandbox escape by...

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

EUVD-2026-31266

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

CVE-2026-0393

CVE-2026-0393 affects CODESYS Visualization. Root cause: insufficient isolation of authentication data during concurrent login operations allows credentials to be exposed remotely between low-privileged visualization users, limited to the login phase within an active visualization session. Impact...

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

PT-2026-42450

Name of the Vulnerable Software and Affected Versions CODESYS Visualization affected versions not specified Description Insufficient isolation of authentication data may cause the remote exposure of credentials between low privileged visualization users during concurrent login operations. This...

CODESYS Visualization 安全漏洞

CODESYS Visualization is a functional module developed by the German company CODESYS. It transforms the operation status of programs into a visual interface. There is a security vulnerability in CODESYS Visualization, which stems from insufficient authentication data isolation. This vulnerability...

CVE-2026-24573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

Astra Linux - уязвимость в vtk6, vtk7

There is a NULL pointer dereference vulnerability in VTK before 9.2.5. This vulnerability resides in the file IO/Infovis/vtkXMLTreeReader.cxx. The vendor did not check the return value of the libxml2 API function ‘xmlDocGetRootElement’, and tried to dereference that NULL pointer. This is unsafe, ...

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, includin...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...