Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-8950

Malware in sbrugna...

6.1CVSS6.3AI score0.0142EPSS
Exploits1References5
Fedora
Fedora
added 2025/07/18 1:8 a.m.8 views

[SECURITY] Fedora 42 Update: python-asteval-1.0.6-1.fc42

ASTEVAL is a safeish evaluator of Python expressions and statements, using Python's ast module. The idea is to provide a simple, safe, and robust miniature mathematical language that can handle user-input. The emphasis here is on mathematical expressions, and so many functions from numpy are...

8.4CVSS7.3AI score0.00229EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-28245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

6.3CVSS6.4AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2025/01/17 9:25 p.m.12 views

CVE-2025-23207 \htmlData does not validate attribute names in KaTeX

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

6.3CVSS6.4AI score0.00381EPSS
Exploits0References4
CVE
CVE
added 2024/03/25 7:53 p.m.73 views

CVE-2024-28245

CVE-2024-28245 affects KaTeX, a JavaScript library for TeX rendering. The issue arises when rendering untrusted inputs via the \includegraphics pathway, potentially enabling arbitrary JavaScript execution or invalid HTML due to insufficient escaping. The root cause described in the linked advisor...

6.3CVSS6.2AI score0.00406EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/25 7:53 p.m.16 views

CVE-2024-28245 KaTeX's \includegraphics does not escape filename

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \includegraphics that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability...

6.3CVSS6.5AI score0.00406EPSS
Exploits0References2
CVE
CVE
added 2024/03/25 7:45 p.m.94 views

CVE-2024-28244

KaTeX, a JavaScript library for web TeX rendering, has a vulnerability where Unicode subscript/superscript characters create separate Parser instances that do not inherit the parent macro-execution limit, bypassing maxExpand and allowing near-infinite loops. This affects inputs rendering untruste...

6.5CVSS6.5AI score0.02155EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/25 7:40 p.m.20 views

CVE-2024-28243 KaTeX's maxExpand bypassed by \edef

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.5AI score0.01414EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/03/25 7:40 p.m.19 views

CVE-2024-28243

KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \edef that causes a near-infinite loop, despite setting maxExpand to avoid such loops. This can be used as an availability attack, where...

6.5CVSS6.3AI score0.01414EPSS
Exploits0
NVD
NVD
added 2019/09/16 5:15 p.m.20 views

CVE-2019-15722

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources...

7.5CVSS7.3AI score0.01871EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/09/16 4:45 p.m.19 views

CVE-2019-15722

Removed by vendor...

7.5CVSS7.1AI score0.01871EPSS
Exploits0
Rows per page
Query Builder