Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-23412

Malicious code in bioql PyPI...

9.2CVSS6.5AI score0.00299EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23404

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00261EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.6 views

CVE-2025-54790

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10...

9.2CVSS7.7AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2025/08/02 12:15 a.m.7 views

CVE-2025-54789

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

6.1CVSS0.00261EPSS
Exploits0References3
OSV
OSV
added 2025/08/01 11:37 p.m.6 views

CVE-2025-54790 Files: Potential for SQL Injection through File Browse and List Operations

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10...

9.2CVSS7.3AI score0.00299EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/01 11:26 p.m.8 views

CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

5.1CVSS0.00261EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:12 a.m.9 views

CVE-2024-35183

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

4.4CVSS5.1AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 9:24 p.m.50 views

CVE-2024-35183

CVE-2024-35183 affects wolfictl (Wolfi) and involves a git authentication issue in versions before 0.16.10. The vulnerability arises from a GetGitAuth flow that reads a GitHub token from the GITHUB_TOKEN environment variable and uses it for HTTP basic auth with go-git, in cases where the remote r...

4.4CVSS7.1AI score0.00237EPSS
Exploits0References6
OSV
OSV
added 2024/05/15 9:24 p.m.17 views

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

4.4CVSS5.3AI score0.00237EPSS
Exploits0References8
OSV
OSV
added 2024/03/25 8:15 p.m.4 views

DEBIAN-CVE-2024-28244

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...

6.5CVSS6.4AI score0.02155EPSS
Exploits0References1
OSV
OSV
added 2024/03/25 8:15 p.m.2 views

DEBIAN-CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.4CVSS5.5AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2024/03/25 8:15 p.m.2 views

DEBIAN-CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.4AI score0.01414EPSS
Exploits0References1
OSV
OSV
added 2024/03/25 8:15 p.m.1 views

UBUNTU-CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

5.5CVSS6.1AI score0.00406EPSS
Exploits0References6
OSV
OSV
added 2024/03/25 8:15 p.m.2 views

UBUNTU-CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.5AI score0.01414EPSS
Exploits0References6
OSV
OSV
added 2024/03/25 8:15 p.m.2 views

UBUNTU-CVE-2024-28244

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...

6.5CVSS5.8AI score0.02155EPSS
Exploits0References4
OSV
OSV
added 2024/03/25 7:38 p.m.7 views

GHSA-F98W-7CXR-FF2H KaTeX's `\includegraphics` does not escape filename

Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.10 to remove this vulnerability. Workarounds Avoid use of or turn off the trust option, ...

6.3CVSS6AI score0.00406EPSS
Exploits0References4
OSV
OSV
added 2024/03/25 7:38 p.m.1 views

GHSA-CVR6-37GX-V8WC KaTeX's maxExpand bypassed by Unicode sub/superscripts

Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTe...

6.5CVSS6.4AI score0.02155EPSS
Exploits0References4
OSV
OSV
added 2024/03/25 7:38 p.m.1 views

GHSA-64FM-8HW2-V72W KaTeX's maxExpand bypassed by `\edef`

Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will b...

6.5CVSS5.7AI score0.01414EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.5 views

PT-2024-22360

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.10 Description: KaTeX is a JavaScript library for TeX math rendering on the web. Users who render untrusted mathematical expressions could encounter malicious input using includegraphics that runs arbitrary...

6.5CVSS6.3AI score0.01414EPSS
Exploits0References28
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.13 views

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. A security vulnerability existed prior to the KaTeX v0.16.10 release, which arose from the fact that KaTeX users rendering untrusted mathematical expressions could encounter a malicious input using def or ewcommand...

6.5CVSS6.4AI score0.02155EPSS
Exploits0References4
Rows per page
Query Builder