Lucene search
K

20 matches found

EUVD
EUVD
added 2026/06/12 1:56 p.m.9 views

EUVD-2026-36431

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 1:56 p.m.101 views

CVE-2026-54133

Technical details (affected versions, impact specifics, and remediation) are not publicly available in the provided documents. Monitor for updates.

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48883

Name of the Vulnerable Software and Affected Versions jmespath.php versions prior to 2.9.1 Description Insufficient escaping of parsed JMESPath function names into generated PHP source allows for the generation and execution of attacker-controlled PHP code. This occurs when JmesPathCompilerRuntim...

9.8CVSS5.6AI score0.0032EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/20 3:44 p.m.2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine when processing untrusted template expressions. An attacker can execute arbitrary code on the server by injecting specially crafted template payloads. Remediation...

9.8CVSS6.3AI score0.00504EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.7 views

CVE-2022-31100

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...

6.5CVSS7AI score0.00796EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.8 views

CVE-2022-31099

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is ...

6.5CVSS6.8AI score0.00879EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6000

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00796EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2022-6161

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00879EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0906

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.02155EPSS
Exploits0References4
Veracode
Veracode
added 2025/01/24 4:33 a.m.13 views

Cross-Site Scripting (XSS)

KateX is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input. When users render untrusted mathematical expressions using renderToString, malicious input containing \htmlData can bypass validation, allowing for the execution of arbitrary JavaScrip...

7.2CVSS6.4AI score0.00381EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/03/28 10:10 a.m.18 views

Denial Of Service (DoS)

katex is vulnerable to a Denial of Service DoS attack. The vulnerability is due to the inadequate handling of untrusted mathematical expressions containing \def or \newcommand, which leads to a near-infinite loop despite efforts to mitigate it with mechanisms like maxExpand...

6.5CVSS6.7AI score0.02155EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.5 views

PT-2024-22360

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.10 Description: KaTeX is a JavaScript library for TeX math rendering on the web. Users who render untrusted mathematical expressions could encounter malicious input using includegraphics that runs arbitrary...

6.5CVSS6.3AI score0.01414EPSS
Exploits0References28
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.4 views

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. A security vulnerability existed prior to the KaTeX v0.16.10 release, which stemmed from the fact that KaTeX users rendering untrusted mathematical expressions could encounter malicious input using edef, potentiall...

6.5CVSS6.4AI score0.01414EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/03 2:5 p.m.9 views

JXPath: untrusted XPath expressions may lead to RCE attack

A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...

6.2AI score
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/10/19 12:17 p.m.56 views

CVE-2022-41852

A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...

9.8CVSS4.7AI score
Exploits1References3
CNVD
CNVD
added 2022/06/30 12:0 a.m.15 views

rulex denial of service vulnerability

rulex is a new, portable regular expression language. A denial of service vulnerability exists in rulex versions prior to 0.4.3, which stems from a failure to properly parse untrusted rulex expressions and can be exploited by an attacker to cause a denial of service attack...

6.5CVSS6.2AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2022/06/27 10:10 p.m.30 views

CVE-2022-31100 Reachable Assertion in rulex

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...

6.5CVSS6.8AI score0.00796EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.4 views

rulex 安全漏洞

rulex is a new, portable regular expression language. A denial of service vulnerability exists in rulex versions prior to 0.4.3, which stems from a failure to properly parse untrusted rulex expressions and can be exploited by an attacker to cause a denial of service attack...

6.5CVSS5.6AI score0.00796EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.42 views

rulex 安全漏洞

rulex is a new, portable regular expression language open-sourced by rulex. A security vulnerability exists in rulex versions prior to 0.4.3, which stems from a possible stack overflow when parsing untrusted rulex expressions, potentially leading to a denial of service attack...

6.5CVSS6.5AI score0.00879EPSS
Exploits0References3
OSV
OSV
added 2022/05/21 12:0 p.m.54 views

RUSTSEC-2022-0031 Panic due to improper UTF-8 indexing

When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...

6.5CVSS6.4AI score0.00796EPSS
Exploits0References3
Rows per page
Query Builder