CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

168 matches found

CNNVD•added 2026/05/26 12:0 a.m.•3 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the mathematical plugin not properly escaping HTML when rendering inline and block-level mathematic...

6.1CVSS5.7AI score0.00031EPSS

Exploits1References2

CNNVD•added 2026/05/15 12:0 a.m.•5 views

MCP Calculate Server 代码注入漏洞

MCP Calculate Server is a mathematical calculation service tool developed by 611711Dark, based on the MCP protocol. Versions of MCP Calculate Server prior to 0.1.1 contained a code injection vulnerability. This vulnerability arose from the use of eval to evaluate mathematical expressions without...

9.8CVSS6.2AI score0.00333EPSS

Exploits0References1

CNNVD•added 2026/05/02 12:0 a.m.•4 views

The Ultimate Mathematical & AI Toolkit 路径遍历漏洞

The Ultimate Mathematical & AI Toolkit is a mathematical and AI toolkit developed by rUv. It supports sub-linear algorithms and consciousness exploration. Version 1.5.0 of the Ultimate Mathematical & AI Toolkit contains a path traversal vulnerability. This vulnerability stems from the exportstate...

6.9CVSS6.6AI score0.00089EPSS

Exploits0References2

UbuntuCve•added 2026/04/23 4:16 p.m.•1 views

CVE-2026-41239

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

6.8CVSS5.6AI score0.00059EPSS

Exploits0References2

Debian CVE•added 2026/04/23 2:54 p.m.•2 views

CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

6.1CVSS4.9AI score0.00013EPSS

Exploits1

Debian CVE•added 2026/04/23 2:47 p.m.•2 views

CVE-2026-41239

6.8CVSS4.8AI score0.00059EPSS

Exploits0

Packet Storm News•added 2026/02/19 12:0 a.m.•0 views

Comparison of Security Mechanisms of Mathematical Cipher, Wyner Scheme, QKD, and Quantum Stream Cipher

A new generation of global communications technology has been emerging. These systems, which utilize established device technologies and quantum effect devices, require ultra-high speeds, low cost, and strong security. In recent years, global communication systems have faced various practical...

5.9AI score

Exploits0

Packet Storm News•added 2026/01/28 12:0 a.m.•2 views

A High-Performance Fractal Encryption Framework and Modern Innovations for Secure Image Transmission

The current digital era, driven by growing threats to data security, requires a robust image encryption technique. Classical encryption algorithms suffer from a trade-off among security, image fidelity, and computational efficiency. This paper aims to enhance the performance and efficiency of ima...

5.9AI score

Exploits0

RedhatCVE•added 2026/01/09 12:36 p.m.•5 views

CVE-2023-49316

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service...

7.5CVSS6.7AI score0.00149EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:37 a.m.•4 views

CVE-2019-7295

typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula...

6.1CVSS7.2AI score0.00906EPSS

Exploits1References1

Packet Storm News•added 2025/12/30 12:0 a.m.•2 views

Correctness of Extended RSA Public Key Cryptosystem

This paper proposes an alternative approach to formally establishing the correctness of the RSA public key cryptosystem. The methodology presented herein deviates slightly from conventional proofs found in existing literature. Specifically, this study explores the conditions under which the choic...

6.8AI score

Exploits0

Positive Technologies•added 2025/12/08 12:0 a.m.•3 views

PT-2025-49588

A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction...

7AI score0.00021EPSS

Exploits0References4

Snyk•added 2025/12/02 1:20 a.m.•7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete sanitization of certain SVG and MathML attributes, including xlink:href, math|href, as well as the attributeName attribute of SVG animation elements when it is bound to href or xlink:href. An...

8.7CVSS5.3AI score0.00027EPSS

Exploits1References2

Github Security Blog•added 2025/12/02 1:20 a.m.•12 views

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7.1AI score0.00027EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2025/12/01 10:35 p.m.•5 views

CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS5.2AI score0.00027EPSS

Exploits1References2