CVE-2026-40897

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the math...

CVE-2026-40897

Math.js vulnerable versions 13.1.1 up to

CVE-2026-40897 Math.js: Unsafe object property setter in mathjs

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the math...

Security Bulletin: IBM Semeru Runtime Quarterly CPU - Oct 2025 - Includes OpenJDK October 2025 CPU (includes CVE-2025-53057, CVE-2025-53066)

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2025 - Includes OpenJDK October 2025 CPU includes CVE-2025-53057, CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...

CVE-2025-58059 Valtimo scripting engine can be used to gain access to sensitive data or resources

Valtimo is a platform for Business Process Automation. In versions before 12.16.0.RELEASE, and from 13.0.0.RELEASE to before 13.1.2.RELEASE, any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to:...

PT-2024-26383 · Umbraco · Umbraco Cms

Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 8.18.13 Umbraco CMS versions prior to 10.8.4 Umbraco CMS versions prior to 12.3.7 Umbraco CMS versions prior to 13.1.1 Description: The issue is a stored Cross-site scripting XSS vulnerability that allows attacke...

Adobe Substance 3D Designer 缓冲区错误漏洞

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. An out-of-bounds read vulnerability previously existed in Adobe Substance 3D Designer version 13.1.1, which could be exploited by an attacker to obtain sensitive information...

TYPO3 vulnerable to an HTML Injection in the History Module

Problem The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. Solution Update to TYPO3...

GHSA-XJWX-78X7-Q6JC TYPO3 vulnerable to an HTML Injection in the History Module

Problem The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. Solution Update to TYPO3...

CVE-2024-34356

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...

CVE-2024-34355 TYPO3 vulnerable to an HTML Injection in the History Module

TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...

CVE-2024-34355 TYPO3 vulnerable to an HTML Injection in the History Module

TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...

PT-2024-25812 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 13.0.0 through 13.1.0 Description: The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML marku...

PT-2024-3563 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 13.1.1 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. This vulnerability can be leveraged by an attacker to bypass...

CVE-2024-29035

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1...

Information Exposure

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Information Exposure due to the logging of failing webhooks when the solution is not in debug mode. An attacker can obtain critical information that should not be accessible externally by exploiting th...

CVE-2024-29035 Umbraco's Blind SSRF Leads to Port Scan by using Webhooks

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1...

PT-2024-22688

Name of the Vulnerable Software and Affected Versions Umbraco versions 13.0.0 through 13.1.0 Description The issue concerns the availability of failing webhooks logs when the solution is not in debug mode, potentially containing critical information. Recommendations For Umbraco versions 13.0.0...

Safari < 13.1.1 Multiple Vulnerabilities

Binary data 701460.pasl...

CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...