Malicious code in sunruse-math-aabb (npm)

The package sunruse-math-aabb was found to contain malicious code...

Malicious code in sunruse-math-vector (npm)

The package sunruse-math-vector was found to contain malicious code...

03_node_1 (=1.0.0), 111nodejs03 (=1.0.0) +96 more potentially affected by unknown CVE via math (=0.0.3)

math NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on math and may be impacted: - 03node1 =1.0.0 - 111nodejs03 =1.0.0 - @daostack/arc =0.0.1-rc.21, =0.0.1-rc.41-v2, =1.0.1, =1.0.0, =2.0.11, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.0...

MAL-2025-26006 Malicious code in Math (npm)

The package Math was found to contain malicious code...

MAL-2025-34185 Malicious code in sunruse-math-vector (npm)

The package sunruse-math-vector was found to contain malicious code...

MAL-2025-17911 Malicious code in d3-brave-math (npm)

The package d3-brave-math was found to contain malicious code...

MAL-2025-26007 Malicious code in math_example113 (npm)

The package mathexample113 was found to contain malicious code...

MAL-2025-34184 Malicious code in sunruse-math-aabb (npm)

The package sunruse-math-aabb was found to contain malicious code...

The vulnerability of the PHPOffice Math library, related to incorrect restrictions on XML links to external objects, allows attackers to compromise the confidentiality of the protected information.

The vulnerability of the PHPOffice Math library is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of the protected information...

CVE-2025-48072

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...

[SECURITY] Fedora 41 Update: glibc-2.40-27.fc41

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

@devsoutinho/alfred-currency-converter (>=2.0.0 <=2.1.1), @felixcatto/ui (>=0.0.14 <=0.0.32) +13 more potentially affected by CVE-2025-45143 via string-math (=1.2.2)

string-math NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on string-math and may be impacted: - @devsoutinho/alfred-currency-converter =2.0.0, =0.0.14, =0.4.0-beta.2, =1.5.12, =0.1.47, =0.0.32, =2.0.0, =4.0.0, =1.0.0, =1.2.0, =1.0.8,...

GHSA-994J-5C83-R424 string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

CVE-2025-45143

CVE-2025-45143 affects the JavaScript library string-math v1.2.2. Multiple sources consistently describe a Regex Denial of Service (ReDoS) caused by inefficient regular expression handling, exploitable via crafted input. The CVSSBase score is 7.0 (HIGH), with network attack vector, high attack co...