Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/03/23 10:45 p.m.0 views

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS6AI score0.00114EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-27577

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.0004EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-31350

Malicious code in bioql PyPI...

2.1CVSS6.3AI score0.00034EPSS
Exploits0References4
NVD
NVDadded 2025/09/26 4:15 p.m.2 views

CVE-2025-59842

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

4.3CVSS0.00034EPSS
Exploits0References2
Snyk
Snykadded 2025/09/10 8:28 p.m.4 views

Cross-site Scripting (XSS)

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Cross-site Scripting XSS when rendering LaTeX math code in contribution and abstract description sections. Details Cross-site scripting or XSS is a code...

5.4CVSS5.1AI score0.0004EPSS
Exploits0References2
NVD
NVDadded 2025/09/10 4:15 p.m.1 views

CVE-2025-59035

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

5.4CVSS0.0004EPSS
Exploits0References2
OSV
OSVadded 2025/09/10 4:3 p.m.1 views

CVE-2025-59035 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

4.6CVSS7AI score0.0004EPSS
Exploits0References4
OSV
OSVadded 2025/01/21 9:17 p.m.8 views

GHSA-QWJ6-Q94F-8425 MathLive's Lack of Escaping of HTML allows for XSS

Summary Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS. Details Overall in the code, other than in the test folder, no functions escaping...

6.3CVSS7.2AI score0.00334EPSS
Exploits0References4
Rows per page
Query Builder