Security Bulletin: There is a vulnerability in marked-14.0.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-****-*****)

Summary There is a vulnerability in marked-14.0.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41680 DESCRIPTION: Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exis...

CVE-2026-41680

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

CVE-2026-41680

creationtimestamp| type| source ---|---|--- 2026-04-23 01:54:48+00:00| published-proof-of-concept| https://github.com/markedjs/marked/security/advisories/GHSA-6v9c-7cg6-27q7 2026-04-24 19:23:03+00:00| published-proof-of-concept| Telegram/KzwiN8QhKmj3TuqYtGeX9siiyoqjfAY8f7zipbEz0Wiqhk 2026-04-30...

CVE-2023-41680

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.1, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all...

CVE-2023-41680

creationtimestamp| type| source ---|---|--- 2023-10-13 18:29:03+00:00| seen| https://t.me/cibsecurity/72251...

CVE-2023-41680

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.1, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all...

CVE-2023-41680

Fortinet FortiSandbox has a cross-site scripting vulnerability (CVE-2023-41680) due to improper input neutralization during web page generation. AFFECTED: FortiSandbox versions 2.4.1, 2.5.x, 3.0.x–3.2.x, 4.0.x–4.3.x, and 4.4.0–4.4.1 (per multiple sources). RISK: remote attacker can execute unauth...

Forma LMS <= 3.1.0 Multiple Vulnerabilities

Forma LMS is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation...

CVE-2022-41680

creationtimestamp| type| source ---|---|--- 2022-10-31 23:13:39+00:00| seen| https://t.me/cibsecurity/52329 2025-05-06 20:21:26+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15221...

CVE-2022-41680

Forma LMS (versions 3.1.0 and earlier) is affected by a SQL injection in the search[value] parameter of appLms/ajax.server.php?r=mycertificate/getMyCertificates. An authenticated attacker with the role of student could exploit this to dump the entire database. The vulnerability is documented acro...

CVE-2022-41680 SQL Injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

LJCMS is vulnerable to XSS (CNVD-2019-41680)

LJCMS is a free and open source content management system. LJCMS suffers from an XSS vulnerability that can be exploited by attackers to inject arbitrary web script or HTML...