38 matches found
CVE-2025-11919 Unprotected temporary directories in Wolfram Cloud may result in privilege escalation
The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...
CVE-2025-11919
CVE-2025-11919 affects Wolfram Cloud (multi-tenant environment) where the default JVM can access temporary resources under /tmp, including other users’ TemporaryDirectory. A race during JVM startup allows an attacker with access to shared /tmp to create/replace .jar files via the -init file, caus...
CVE-2009-4812
Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message...
PT-2025-46876
Name of the Vulnerable Software and Affected Versions Wolfram Cloud affected versions not specified Description The default Java Virtual Machine JVM can access files and directories within /tmp/, including the $TemporaryDirectory of other users on the same cloud instance located at...
Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation
Overview Wolfram Cloud version 14.2 allows Java Virtual Machine JVM unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary...
EUVD-2009-4775
Malware in sbrugna...
demonstrations.wolfram.com Cross Site Scripting vulnerability OBB-3807589
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
wolfram.com Cross Site Scripting vulnerability OBB-3586274
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
support.wolfram.com Cross Site Scripting vulnerability OBB-2676221
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
reference.wolfram.com Cross Site Scripting vulnerability OBB-2623865
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
wolfram.com Cross Site Scripting vulnerability OBB-2023897
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| wolfram.com ---|--- Open Bug Bounty...
wolfram.com Cross Site Scripting vulnerability OBB-1330915
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
reference.wolfram.com XSS vulnerability
Open Bug Bounty ID: OBB-635964 Description| Value ---|--- Affected Website:| reference.wolfram.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
demonstrations.wolfram.com XSS vulnerability
Open Bug Bounty ID: OBB-573319 Description| Value ---|--- Affected Website:| demonstrations.wolfram.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
community.wolfram.com XSS vulnerability
Open Bug Bounty ID: OBB-563772 Description| Value ---|--- Affected Website:| community.wolfram.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
wolfram.com XSS vulnerability
Vulnerable URL: http://wolfram.com/broadcast//video.php?sx==1325=wordcloud Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3444 VIP website status:| Yes Coordinated Disclosure...
wolframalpha.com XSS vulnerability
Vulnerable URL:...
wolfram.com XSS vulnerability
Vulnerable URL: http://wolfram.com/broadcast/video.php?sx=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSSPOSED%2F%29%3E=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 02.08.2017 Vulnerability type:| XSS Vulnerability status:|...
devices.wolfram.com XSS vulnerability
Open Bug Bounty ID: OBB-248904 Description| Value ---|--- Affected Website:| devices.wolfram.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
reference.wolfram.com XSS vulnerability
Vulnerable URL: https://reference.wolfram.com/language/ref/N.html?q="'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...