Malicious code in sunruse-math-vector (npm)

The package sunruse-math-vector was found to contain malicious code...

MAL-2025-26006 Malicious code in Math (npm)

The package Math was found to contain malicious code...

MAL-2025-34184 Malicious code in sunruse-math-aabb (npm)

The package sunruse-math-aabb was found to contain malicious code...

The vulnerability of the PHPOffice Math library, related to incorrect restrictions on XML links to external objects, allows attackers to compromise the confidentiality of the protected information.

The vulnerability of the PHPOffice Math library is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of the protected information...

CVE-2025-48072

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...

[SECURITY] Fedora 41 Update: glibc-2.40-27.fc41

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

GHSA-994J-5C83-R424 string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

@devsoutinho/alfred-currency-converter (>=2.0.0 <=2.1.1), @felixcatto/ui (>=0.0.14 <=0.0.32) +13 more potentially affected by CVE-2025-45143 via string-math (=1.2.2)

string-math NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on string-math and may be impacted: - @devsoutinho/alfred-currency-converter =2.0.0, =0.0.14, =0.4.0-beta.2, =1.5.12, =0.1.47, =0.0.32, =2.0.0, =4.0.0, =1.0.0, =1.2.0, =1.0.8,...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

PT-2025-27455 · Unknown · String-Math

Name of the Vulnerable Software and Affected Versions: string-math version 1.2.2 Description: The issue is a Regex Denial of Service ReDoS that can be exploited via a crafted input. Recommendations: For string-math version 1.2.2, consider validating and sanitizing all inputs to prevent crafted...

CVE-2025-45143

CVE-2025-45143 affects the JavaScript library string-math v1.2.2. Multiple sources consistently describe a Regex Denial of Service (ReDoS) caused by inefficient regular expression handling, exploitable via crafted input. The CVSSBase score is 7.0 (HIGH), with network attack vector, high attack co...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

string-math 安全漏洞

string-math is a module function for calculating results based on arithmetic formulas by the Polish individual developer devrafalko. A security vulnerability exists in string-math version 1.2.2, which stems from improper handling of regular expressions and could lead to a regular expression denia...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

[SECURITY] Fedora 41 Update: glibc-2.40-26.fc41

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...