17 matches found
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
EUVD-2025-34813
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
Arbitrary Code Injection
Overview @cocalc/frontend is a CoCalc: Collaborative Calculation Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the...
Arbitrary Code Injection
Overview @cocalc/hub is a CoCalc: Backend webserver component Affected versions of this package are vulnerable to Arbitrary Code Injection via uploading a crafted SVG file. An attacker can execute arbitrary code by uploading a specially crafted SVG file. Remediation A fix was pushed into the mast...
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CoCalc 安全漏洞
CoCalc is a web-based software from CoCalc, Inc. that enables collaboration in research, teaching, and scientific publishing. A security vulnerability exists in versions prior to CoCalc 0d2ff58 that stems from inadequate validation when uploading specially crafted SVG files, which could lead to t...
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-61514
CVE-2025-61514 affects SageMath, Inc. CoCalc prior to the fix commit 0d2ff58, where an attacker can upload a crafted SVG file to achieve arbitrary code execution. The issue is triggered by an arbitrary file upload vulnerability in the CoCalc front-end/back-end stack, enabling code execution on th...
EUVD-2024-35885
Malicious code in bioql PyPI...
CVE-2024-36109
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
PT-2024-26895 · Cocalc · Cocalc
Name of the Vulnerable Software and Affected Versions: CoCalc versions prior to the version containing commit 419862a9c9879c Description: The issue concerns the markdown parser in CoCalc, which allows tags to be included and executed when published. There are no known workarounds for this issue...
CoCalc 安全漏洞
CoCalc is a web-based software from CoCalc, Inc. that enables collaboration in research, teaching, and scientific publishing. A security vulnerability exists in versions prior to CoCalc 419862a9c9879c that stems from a cross-site scripting XSS vulnerability in the markdown parser...
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...