GHSA-QV8J-HGPC-VRQ8 Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...

Vega 跨站脚本漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can describe data visualizations using JSON format and generate interactive views using HTML5 Canvas or SVG. A cross-site scripting vulnerability exists in Vega versions prio...

Missing Authorization

Overview galaxy-web-apps is a Galaxy web apps Affected versions of this package are vulnerable to Missing Authorization in the create function in visualizations.py.An anonymous user can create visualizations. Remediation Upgrade galaxy-web-apps to version 25.1.dev0 or higher. References - GitHub...

ASLR-bypass-simulation

ASLR Bypass Simulator An interactive educational web applicat...

Grid-STIX: A STIX 2.1-Compliant Cyber-Physical Security Ontology for Power Grid

Modern electrical power grids represent complex cyber-physical systems requiring specialized cybersecurity frameworks beyond traditional IT security models. Existing threat intelligence standards such as STIX 2.1 and MITRE ATT&CK lack coverage for grid-specific assets, operational technology...

Kibana 8.19.7, 9.1.7, 9.2.1 Security Update (ESA-2025-25)

Kibana Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' ESA-2025-25 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in Kibana can lead to DOM-based XSS due to the use of Vega. The issue on Vega is tracked as CVE-2025-59840...

EUVD-2025-37081

Malicious code in epic-visualizations npm...

MAL-2025-49212 Malicious code in epic-visualizations (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 912fe104c26f7778d97790b82bb3921b2747a748a57369f9cf40a305404bcea4 The package epic-visualizations was found to contain malicious code...

Malicious code in epic-visualizations (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 912fe104c26f7778d97790b82bb3921b2747a748a57369f9cf40a305404bcea4 The package epic-visualizations was found to contain malicious code...

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper input neutralization in the web page generation in Vega visualizations. An attacker can...

Kibana 7.0.x <= 7.17.29 / 8.0.x <= 8.18.7 / 8.19.x <= 8.19.3 / 9.0.x <= 9.0.6 / 9.1.x <= 9.1.3 XSS (ESA-2025-16)

The version of Kibana running on the remote host is prior to 7.0 prior to 7.17.29, 8.0 prior to 8.18.7, 8.19 prior to 8.19.3, 9.0 prior to 9.0.6 and 9.1 prior to 9.1.6. It is, therefore, affected by a cross-site scripting vulnerability as referenced in the ESA-2025-16 advisory. - Improper...

EUVD-2019-17154

Malware in sbrugna...

EUVD-2018-15608

Malware in sbrugna...

Kibana 8.18.8, 8.19.4, 9.0.7, 9.1.4 Security Update (ESA-2025-16)

Kibana Cross-Site-Scripting XSS ESA-2025-16 Improper Neutralization of Input During Web Page Generation in Vega visualizations in Kibana can lead to Cross-Site-Scripting XSS Affected Versions: 7.x: All versions from 7.0.0 and up to and including 7.17.29 8.x: All versions from 8.0.0 and up to and...

EUVD-2023-32200

Malicious code in bioql PyPI...

Enhancing Cyber Threat Hunting -- a Visual Approach with the Forensic Visualization Toolkit

In today's dynamic cyber threat landscape, organizations must take proactive steps to bolster their cybersecurity defenses. Cyber threat hunting is a proactive and iterative process aimed at identifying and mitigating advanced threats that may go undetected by traditional security measures. Rathe...

CVE-2023-28530

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site...

Charting the Uncharted: the Landscape of Monero Peer-To-Peer Network

The Monero blockchain enables anonymous transactions through advanced cryptography in its peer-to-peer network, which underpins decentralization, security, and trustless interactions. However, privacy measures obscure peer connections, complicating network analysis. This study proposes a method t...

编号撤回

Siemens Opcenter Intelligence is a software from Siemens Germany. It is used to provide flexible reporting and analysis tools that enable companies to present data to the right people with appropriate visualizations. This CVE number has been withdrawn...

[SECURITY] Fedora 40 Update: python-notebook-7.3.1-1.fc40

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...