Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/03/23 10:45 p.m.23 views

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS0.00782EPSS
Exploits0References6
CVE
CVE
added 2026/03/23 10:45 p.m.16 views

CVE-2026-33046

CVE-2026-33046 affects Indico (event management system) where, in versions prior to 3.3.12, TeXLive/LaTeX sanitizer bypass via specially crafted LaTeX snippets could read local files or execute code with server user privileges when server-side LaTeX rendering is enabled (XELATEX_PATH set). If ser...

8.8CVSS5.9AI score0.00782EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 10:45 p.m.2 views

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS5.9AI score0.00782EPSS
Exploits0References6
OSV
OSV
added 2026/03/23 10:45 p.m.2 views

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS6AI score0.00782EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/09/07 11:7 p.m.31 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown

Impact A Remote Command Execution vulnerability was found in the rebber module, which allowed execution of arbitrary commands. The reported problem came from CodeBlocks, which could be escaped to insert malicious LaTeX. Anyone using rebber without sanitation of code content or a custom macro is...

2.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder