89 matches found
CVE-2026-1977
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...
CVE-2026-1977
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...
CVE-2026-1977
The CVE-2026-1977 entry concerns isaacwasserman mcp-vegalite-server. The vulnerability affects the eval usage in the visualize_data component, where manipulating the vegalite_specification argument can cause code injection. A remote attacker could exploit this, and public PoC details are noted. T...
CVE-2026-1977 isaacwasserman mcp-vegalite-server visualize_data eval code injection
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...
CVE-2026-1977 isaacwasserman mcp-vegalite-server visualize_data eval code injection
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...
PT-2026-6671
Name of the Vulnerable Software and Affected Versions isaacwasserman mcp-vegalite-server versions prior to 16aefed598b8cd897b78e99b907f6e2984572c61 Description A security issue exists in the eval function of the visualize data component. Manipulation of the vegalite specification argument can lea...
CVE-2026-21892
Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...
UBUNTU-CVE-2026-21892
Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...
CVE-2026-21892 Parsl Monitoring Visualization Vulnerable to SQL Injection
Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting Python % operator with user-supplied input workflowid directly from URL routes...
CVE-2026-21892
CVE-2026-21892 affects Parsl (Python parallel scripting library) in the parsl-visualize component. Versions prior to 2026.01.05 construct SQL queries using unsafe Python % formatting with user-supplied input (workflow_id) sourced from URL routes, enabling SQL injection by an unauthenticated attac...
PT-2026-2123
Name of the Vulnerable Software and Affected Versions Parsl versions prior to 2026.01.05 Description A SQL Injection issue exists in the parsl-visualize component. The application builds SQL queries using unsafe string formatting with user-supplied input workflow id taken directly from URL routes...
parsl 安全漏洞
parsl is the Parallel Scripting Library open source a parallel scripting library for Python. A security vulnerability exists in parsl versions prior to 2026.01.05, which stems from an SQL injection in the parsl-visualize component that could lead to data exfiltration or denial of service...
CVE-1999-0707
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization...
CVE-2025-13961
The Data Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'visualize' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2025-202978
The Data Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'visualize' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13961 Data Visualizer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Data Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'visualize' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-50833
The Data Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'visualize' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2025-175705
Malicious code in visualize-cache-web-float-slow npm...
EUVD-2025-177269
Malicious code in permission-index-zero-visualize-private npm...
EUVD-2025-178789
Malicious code in gamma-old-visualize-web-view npm...