20 matches found
EUVD-2026-36431
jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...
CVE-2026-54133
Technical details (affected versions, impact specifics, and remediation) are not publicly available in the provided documents. Monitor for updates.
PT-2026-48883
Name of the Vulnerable Software and Affected Versions jmespath.php versions prior to 2.9.1 Description Insufficient escaping of parsed JMESPath function names into generated PHP source allows for the generation and execution of attacker-controlled PHP code. This occurs when JmesPathCompilerRuntim...
Improper Neutralization of Special Elements Used in a Template Engine
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine when processing untrusted template expressions. An attacker can execute arbitrary code on the server by injecting specially crafted template payloads. Remediation...
CVE-2022-31100
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...
CVE-2022-31099
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is ...
EUVD-2022-6000
Malicious code in bioql PyPI...
EUVD-2022-6161
Malicious code in bioql PyPI...
EUVD-2024-0906
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
KateX is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input. When users render untrusted mathematical expressions using renderToString, malicious input containing \htmlData can bypass validation, allowing for the execution of arbitrary JavaScrip...
Denial Of Service (DoS)
katex is vulnerable to a Denial of Service DoS attack. The vulnerability is due to the inadequate handling of untrusted mathematical expressions containing \def or \newcommand, which leads to a near-infinite loop despite efforts to mitigate it with mechanisms like maxExpand...
PT-2024-22360
Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.10 Description: KaTeX is a JavaScript library for TeX math rendering on the web. Users who render untrusted mathematical expressions could encounter malicious input using includegraphics that runs arbitrary...
KaTeX 安全漏洞
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. A security vulnerability existed prior to the KaTeX v0.16.10 release, which stemmed from the fact that KaTeX users rendering untrusted mathematical expressions could encounter malicious input using edef, potentiall...
JXPath: untrusted XPath expressions may lead to RCE attack
A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...
CVE-2022-41852
A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...
rulex denial of service vulnerability
rulex is a new, portable regular expression language. A denial of service vulnerability exists in rulex versions prior to 0.4.3, which stems from a failure to properly parse untrusted rulex expressions and can be exploited by an attacker to cause a denial of service attack...
CVE-2022-31100 Reachable Assertion in rulex
rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...
rulex 安全漏洞
rulex is a new, portable regular expression language. A denial of service vulnerability exists in rulex versions prior to 0.4.3, which stems from a failure to properly parse untrusted rulex expressions and can be exploited by an attacker to cause a denial of service attack...
rulex 安全漏洞
rulex is a new, portable regular expression language open-sourced by rulex. A security vulnerability exists in rulex versions prior to 0.4.3, which stems from a possible stack overflow when parsing untrusted rulex expressions, potentially leading to a denial of service attack...
RUSTSEC-2022-0031 Panic due to improper UTF-8 indexing
When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...