CVE-2026-41139

CVE-2026-41139 affects mathjs: Unsafe array index getter in the expression parser allows arbitrary JavaScript execution. The issue was present from version 13.1.0 up to before 15.2.0 and has been patched in 15.2.0. Impact is high (CVSSv3.0: 8.8, network attack vector, user interaction: none, priv...

mathjs 安全漏洞

MathJS is an extension library for JavaScript and Node.js developed by Jos de Jong. It includes a flexible expression parser, offering integrated solutions for handling numbers, large numbers, complex numbers, units, matrices, etc. Versions of MathJS from 13.1.0 to 15.2.0 had security...

PT-2026-38340

Name of the Vulnerable Software and Affected Versions Math.js versions 13.1.0 through 15.1.x Description Arbitrary JavaScript can be executed through the expression parser of the library. Recommendations Update to version 15.2.0...

Malicious code in uuindex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a373d8c2c653d1b6effee8ff65bba442fcf08d7eea88ec95707680697385646 The package uuindex was found to contain malicious code. Source: ghsa-malware 47c06a7b235c91fbc08cc942c69f1e05ecdb8093c9658bd5ade2b8866cc33f4c Any...

Adobe InDesign 13.0 < 13.1.0 Multiple Vulnerabilities (APSB18-11) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 13.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB18-11 advisory. - Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitatio...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 CMS, which stems from an inability to correctly encode user control values in file entities, making ShowImageController susceptible to...

PT-2024-25812 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 13.0.0 through 13.1.0 Description: The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML marku...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS versions 13.0.0 through 13.1.0 that stems from vulnerability to HTML injection...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS that originates from uncontrolled resource consumption in ShowImageController. The affected versions are as follows: 9.0.0 to 9.5.47; 10.0.0 t...

Adobe Substance 3D Designer 缓冲区错误漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Substance 3D Designer 13.1.0 and earlier versions, which can be exploited by an attacker to execute arbitrary code on a system with the privileges of th...

PT-2024-1756 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 13.1.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker...

Adobe Substance 3D Designer Buffer Error Vulnerability

Adobe Substance 3D Designer is a 3D design software from Adobe. A buffer error vulnerability exists in Adobe Substance 3D Designer version 13.0.0 and earlier and version 13.1.0 and earlier, which stems from being affected by an out-of-bounds read vulnerability that could lead to a sensitive memor...

PT-2023-8550 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Designer versions 13.0.0 and earlier Adobe Substance 3D Designer versions 13.1.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An...

PT-2023-8549 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Designer versions 13.0.0 and earlier Adobe Substance 3D Designer versions 13.1.0 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the...

F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit

This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and yo...

F5 Networks BIG-IP : TMM vulnerability (K25400442)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.2.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K25400442 advisory. - On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and...

F5 Networks BIG-IP : DNS TCP virtual server vulnerability (K44200194)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.3.2 / 13.1.0. It is, therefore, affected by a vulnerability as referenced in the K44200194 advisory. - In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x...

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A command injection vulnerability exists in BIG-IP, which stems from insufficient validation of user-supplied input. The following products an...

CVE-2020-26983

A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An...

CVE-2020-27729

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI...