CVE-2026-40897 - Math.js: Unsafe object property setter in mathjs
CVE ID :CVE-2026-40897 Published : April 24, 2026, 5:16 p.m. | 40 minutes ago Description :Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affec
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Ransomware groups are using "post-quantum" hype to intimidate victims
- [CYBER] CVE-2026-41433 - OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
- [CYBER] CVE-2026-41427 - Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients
- [CYBER] CVE-2026-41429 - Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption
- [CYBER] CVE-2026-41428 - Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
- [CYBER] CVE-2026-41907 - uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided