CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

NPM: Mermaid: Improper sanitization of configuration leads to CSS injection

NPM: Mermaid: Improper sanitization of configuration leads to CSS injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

GHSA-26GQ-GRMH-6XM6 Gogs vulnerable to Stored XSS via Mermaid diagrams

Summary Stored XSS via mermaid diagrams due to usage of vulnerable renderer library Details Gogs introduced support for rendering mermaid diagrams in version 0.13.0. Currently used version of the library mermaid 11.9.0 is vulnerable to at least two XSS scenarios with publicly available payloads...

EUVD-2014-4323

Malware in sbrugna...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect due to a failure to validate the redirectto parameter. An attacker can exfiltrate user cookies by tricking a user into authenticating with their SAML provider using a crafted link that redirects them to an...

Keyboard Input Fails in Citrix Session from Receiver for Mac with OSX 10.9.5

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. In a Citrix session, keyboard is unresponsive from Receiver for Mac with OSX 10.9.5...

Mac OS X 10.9.x < 10.9.5 / 10.10.x < 10.10.5 / 10.11.x < 10.11.1 Multiple Vulnerabilities

Binary data 9437.prm...

Apple Mac OS X Multiple Vulnerabilities-03 (Oct 2015)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mac OS X 10.9.5 / 10.10.5 rsh/libmalloc Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation', 'Description' = %q This module writes to the sudoers file without...

Apple Mac OSX 10.9.5/10.10.5 - &#039;rsh/libmalloc&#039; Local Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation', 'Description' = %q This module writes to the sudoers file without...

OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference

No description provided by source...

Mac OS X rootpipe Local Privilege Escalation Exploit

Mac OS X rootpipe local proof of concept privilege escalation exploit. PoC exploit code for rootpipe CVE-2015-1130 Created by Emil Kvarnhammar, TrueSec Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 import os import sys import platform import re import ctypes import objc import sys from Cocoa...

OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference

Exploit for iOS platform in category local exploits // clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024; strcpycmd, "nm -g...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' = %q A heap overflow in...

Apple Mac OSX - IOKit Keyboard Driver Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' = %q A heap overflow in...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation Exploit

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has be...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was...

Null pointer dereference

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via an application that provides crafted API arguments...

CVE-2014-4390

Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application...