NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer vulnerability discovered by ? in WordPress Npm marked versions = 18.0.0, = 18.0.1...

CVE-2026-41680

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

EUVD-2026-25585

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

CVE-2026-41680

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

PT-2026-35040

Name of the Vulnerable Software and Affected Versions Marked versions 18.0.0 through 18.0.1 Description A Denial of Service DoS issue exists in the markdown parser and compiler. An unauthenticated attacker can trigger an infinite recursion loop during parsing by providing a specific 3-byte input...

marked 资源管理错误漏洞

marked is a Markdown parser and compiler written by Christopher Jeffrey in the United States. Version 18.0.0 to 18.0.1 of marked contains a resource management vulnerability. This vulnerability arises from triggering an infinite recursive loop when parsing certain 3-byte input sequences, leading ...

PT-2025-45490

Name of the Vulnerable Software and Affected Versions CKeditor version 46.1.0 Angular version 18.0.0 Description A reflected cross-site scripting XSS issue exists that allows attackers to execute arbitrary code within a user’s browser. This is achieved by injecting a crafted payload. The...

CVE-2025-61261

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

CVE-2025-61261

CVE-2025-61261 is a reflected XSS vulnerability affecting CKEditor 46.1.0 (CKEditor 5) when used with Angular 18.0.0. The issue enables an attacker-supplied payload to execute in the user’s browser context (impact: partial in some documents; CVSS 3.1 base score 5.4). Affected component is CKEdito...

CVE-2025-61261

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

EUVD-2019-2577

Malware in sbrugna...

EUVD-2024-2129

Malicious code in bioql PyPI...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition versions prior to 18.0 through 18.0.4 and 18.1 through 18.1.2, which stems from an authentication maintainer potentially bypassing...

PT-2025-5685 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 22.0.2 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

CVE-2024-31897 IBM Cloud Pak for Business Automation server-side request forgery

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the...

PT-2024-27629 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 23.0.2 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

CVE-2024-37158

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...

CVE-2024-37159 Evmos is missing create validator check

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0...

CVE-2024-37159 Evmos is missing create validator check

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0...

CVE-2024-37159

CVE-2024-37159 affects Evmos, the EVM Hub on the Cosmos Network. The vulnerability allows a user to create a validator by depositing self-bond using vested tokens, exposing a flaw in validator creation logic. Public references consistently describe Evmos core checks around validator creation and ...