2728 matches found
DataEase <= 2.4.1 - Sensitive Information Exposure
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...
CVE-2026-55647
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...
PT-2026-56248
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An issue exists in the H2 database JDBC URL validation logic where special Unicode characters can be used to bypass security checks. This occurs because the case-conversion behavior of these...
PT-2026-56244
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The /de2api/share/proxyInfo share interface generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket. This allows unauthenticated attackers who possess a protected...
PT-2026-56251
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated attacker can bypass previous fixes for the H2 zip protocol and file dropper. By uploading a zip archive disguised with a .ttf extension via the FontManage.saveFile function, the...
GHSA-GVPP-V77H-5W8G Cortex has Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR`
Untrusted Project Bootstrap Code Execution via CLAUDEPROJECTDIR Summary The Cortex MCP server neuro-cortex-memory treats the CLAUDEPROJECTDIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the...
JLSEC-2026-633 vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...
EUVD-2026-39582
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...
CVE-2026-22879
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...
GHSA-8RFP-98V4-MMR6 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
GHSA-GJ48-438W-JH9V vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
GHSA-GJ48-438W-JH9V vulnerabilities
Vulnerabilities for packages: label-studio, kubeflow-pipelines-visualization-server...
GHSA-8RFP-98V4-MMR6 vulnerabilities
Vulnerabilities for packages: label-studio, kubeflow-pipelines-visualization-server...
CVE-2026-0393
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...
Chromium: CVE-2026-10918 Use after free in Viz
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Viz components after their release, which could allow remote attackers to achieve sandbox escape by...
CVE-2026-0393
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...
CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...
CVE-2026-0393
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...
CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...