VYPR
Vendor

Vega

Products
2
CVEs
14
Across products
14
Status
Private

Products

2

Recent CVEs

14
  • CVE-2025-59840HigNov 13, 2025
    risk 0.53cvss 8.1epss 0.00

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode"…

  • CVE-2026-3323HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.00

    An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

  • CVE-2025-25304MedFeb 14, 2025
    risk 0.38cvss epss 0.01

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the `vlSelectionTuples` function can be used to call JavaScript functions, leading to…

  • CVE-2025-27793MedMar 27, 2025
    risk 0.27cvss epss 0.00

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected…

  • CVE-2026-26341Feb 24, 2026
    risk 0.01cvss epss 0.03

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default…

  • CVE-2026-26342Feb 24, 2026
    risk 0.00cvss epss 0.01

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared…

  • CVE-2026-26340Feb 24, 2026
    risk 0.00cvss epss 0.01

    Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized…

  • CVE-2025-66648Jan 5, 2026
    risk 0.00cvss epss 0.00

    vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript…

  • CVE-2025-65110Jan 5, 2026
    risk 0.00cvss epss 0.00

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode"…

  • CVE-2025-68385Dec 18, 2025
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a method in Vega bypassing a…

  • CVE-2025-26619Mar 27, 2025
    risk 0.00cvss epss 0.00

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that…

  • CVE-2023-26486Mar 3, 2023
    risk 0.00cvss epss 0.01

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a…

  • CVE-2023-26487Mar 3, 2023
    risk 0.00cvss epss 0.01

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as…

  • CVE-2020-26296Dec 30, 2020
    risk 0.00cvss epss 0.01

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an…