Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

EUVD-2024-51772

Malicious code in bioql PyPI...

CVE-2025-8341

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

CVE-2023-26487

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...

Siemens JT2Go and Teamcenter Visualization out-of-bounds write vulnerability (CNVD-2021-51446)

Siemens Jt2go is a JT file viewer.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. An out-of-bounds write vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2. The...