CVE-2026-41507

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

CVE-2026-41507

CVE-2026-41507 affects math-codegen. Prior to 0.4.3, string literals passed to cg.parse() are injected into a new Function() body without sanitization, enabling attacker-controlled input to execute arbitrary system commands and potentially achieve full RCE when user input reaches the parser. The ...

math-codegen 代码注入漏洞

Math-CodeGen is an interpreter developed by Mauricio Poppe that generates JavaScript code from mathematical expressions. Versions of Math-CodeGen prior to 0.4.3 contained a code injection vulnerability. This vulnerability stemmed from the cg.parse function not properly cleaning string literal...

CVE-2026-6587 vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

PT-2026-33656

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function try process local file/ try process url of the file src/ragas/metrics/collections/multi modal faithfulness/util.py of the component Collections Module. Performing a manipulation of the...

ragas 安全漏洞

Ragas is an open-source toolkit developed by Vibrant Labs for optimizing and evaluating large language models. Versions of Ragas 0.4.3 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the parameter retrievedcontexts in the...

GHSA-P6X5-P4XF-CC4R Remote Code Execution (RCE) via String Literal Injection into math-codegen

Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...

PT-2026-37126

Name of the Vulnerable Software and Affected Versions math-codegen versions prior to 0.4.3 Description String literal content passed to the cg.parse function is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when...

CVE-2026-32106

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...

CVE-2026-32104

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

EUVD-2026-11375

StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts...

EUVD-2026-11373

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings...

Authorization Bypass Through User-Controlled Key

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to...

Authorization Bypass Through User-Controlled Key

Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the updateUserNotifications handler in...

CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

CVE-2026-32104

StudioCMS suffers an IDOR in updateUserNotifications prior to version 0.4.3: any authenticated user can modify another user’s notification preferences because the endpoint validates login but not ownership (id !== userData.user.id). This can enable, for example, suppression of admin notifications...

CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...

CVE-2026-32106

CVE-2026-32106 — StudioCMS’s REST API endpoint createUser contains a rank check inconsistency: it uses string-based checks that block only owner accounts, while the Dashboard API uses an indexOf-based comparison that prevents creating users at or above the requester’s rank. This allows an admin t...

CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...