4 matches found
PT-2026-56253
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Dashboard text components render stored content using Vue v-html without server-side HTML sanitization. This allows an authenticated user with permissions to edit dashboard component data to injec...
CVE-2026-29082
Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...
Malicious code in vue-integration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0efc0a22034000a68b77f7b5cfddbb864cc72d9bb239e7fe1af0feb7643d1ae3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2139 Malicious code in vue-integration (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0efc0a22034000a68b77f7b5cfddbb864cc72d9bb239e7fe1af0feb7643d1ae3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...