Lucene search
K

159 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-4046

Malware in sbrugna...

10CVSS9AI score0.04988EPSS
Exploits1References61
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3092

Malicious code in bioql PyPI...

9.8CVSS8.5AI score0.01176EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16521

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00417EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3049

Malicious code in bioql PyPI...

10CVSS8AI score0.01093EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52166

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00566EPSS
Exploits1References4
RustSec
RustSec
added 2025/09/21 12:0 p.m.8 views

Incorrect handling of embedded SVG and MathML leads to mutation XSS after removal

Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...

6.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-26870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a...

6.1CVSS6.7AI score0.04522EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2013-2268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X,...

7.5CVSS5.5AI score0.00859EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-38193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a...

6.1CVSS6.4AI score0.00702EPSS
Exploits1References2
OSV
OSV
added 2025/08/19 8:16 p.m.2 views

GHSA-7RQQ-PRVP-X9JH Mermaid improperly sanitizes sequence diagram labels leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Details Sequence diagram node labels with KaTeX delimiters are passed through calculateMathMLDimensions. This method pass...

5.3CVSS5.9AI score0.0071EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/19 8:16 p.m.6 views

Mermaid improperly sanitizes sequence diagram labels leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Details Sequence diagram node labels with KaTeX delimiters are passed through calculateMathMLDimensions. This method pass...

5.3CVSS6.1AI score0.0071EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/08/19 8:16 p.m.3 views

Cross-site Scripting (XSS)

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker can execute...

6.1CVSS5.5AI score0.0071EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/29 5:27 p.m.28 views

PHPOffice Math allows XXE when processing an XML file in the MathML format

Product: Math Version: 0.2.0 CWE-ID: CWE-611: Improper Restriction of XML External Entity Reference CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Description: An attacker can create a special XML file, duri...

8.7CVSS7AI score0.00417EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/22 12:54 p.m.29 views

Security Bulletin: BM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-47875)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify as a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolera...

10CVSS9AI score0.01093EPSS
Exploits2Affected Software1
NVD
NVD
added 2024/10/31 3:15 p.m.14 views

CVE-2024-48910

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2...

9.8CVSS0.01176EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/10/11 2:59 p.m.35 views

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

10CVSS0.01093EPSS
Exploits2References4
NVD
NVD
added 2024/09/16 7:16 p.m.42 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
OSV
OSV
added 2024/09/16 6:25 p.m.23 views

CVE-2024-45801 Tampering by prototype polution in DOMPurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS6.8AI score0.00844EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/09/16 6:25 p.m.28 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS6.6AI score0.00844EPSS
Exploits0
CVE
CVE
added 2024/09/16 6:25 p.m.635 views

CVE-2024-45801

CVE-2024-45801 – DOMPurify prototype pollution/XSS issue : DOMPurify can bypass depth checks via special nesting and, separately, through prototype pollution weakening depth validation. The GHSA advisory details a prototype-pollution chain where Object.prototype.tagNameCheck and Object.prototype....

7.3CVSS6.7AI score0.00844EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder