Latexdraw
Monthly
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.