Lucene search
K

89 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-26272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then pre...

6.5CVSS6.7AI score0.02223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/27 4:0 a.m.6 views

CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

5.3CVSS4.8AI score0.00323EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/03/27 4:0 a.m.31 views

CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

5.3CVSS0.00323EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.5 views

OneBlog 代码问题漏洞

OneBlog is a beautiful and powerful Java blog by yadong.zhang individual developer. A security vulnerability exists in OneBlog 2.3.9 and earlier versions, which stems from an incorrect operation of the autoLink function that can lead to server-side request forgery...

5.3CVSS4.8AI score0.00323EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-39209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity...

7.5CVSS6.2AI score0.01641EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/08 8:41 a.m.4 views

Malicious code in autolink-jira-issue (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/11/08 8:41 a.m.9 views

MAL-2024-10553 Malicious code in autolink-jira-issue (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Snyk
Snyk
added 2024/06/12 2:43 p.m.3 views

Cross-site Scripting (XSS)

Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization of autolinks. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

6.1CVSS5.3AI score0.00656EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.13 views

Fedora 39 : ghostwriter (2023-d1e9e62a92)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d1e9e62a92 advisory. Automatic update for ghostwriter-23.03.90-2.fc39. Changelog Sat Apr 1 2023 Vitaly Zaitsev - 23.03.90-2 - Switched to Ninja. - Explicitly set Release...

7.5CVSS6.7AI score0.01641EPSS
Exploits0References2
OSV
OSV
added 2023/10/06 5:0 a.m.60 views

RSEC-2023-7 Denial of Service (DoS) and Arbitrary Code Execution (ACE) vulnerabilities

cmark-gfm, GitHub's extended CommonMark library, has multiple vulnerabilities. Versions prior to 0.29.0.gfm.6 suffer from a polynomial time complexity issue in the autolink extension, causing denial of service. Also, versions before 0.29.0.gfm.3 and 0.28.3.gfm.21 contain an integer overflow in...

9.8CVSS8.3AI score0.04192EPSS
Exploits3References3
OSV
OSV
added 2023/08/02 12:15 a.m.9 views

UBUNTU-CVE-2023-3364

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...

7.5CVSS5.7AI score0.44675EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.3 views

PT-2023-24426 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.14 through 16.0.7 GitLab CE/EE versions 16.1 through 16.1.2 GitLab CE/EE versions 16.2 through 16.2.1 Description: A Regular Expression Denial of Service issue was discovered, allowing attackers to send crafted payload...

7.5CVSS6.9AI score0.44675EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.4 views

PT-2023-25977 · Cmark-Gfm +1 · Cmark-Gfm +1

Name of the Vulnerable Software and Affected Versions: cmark-gfm versions prior to 0.29.0.gfm.12 Description: cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-g...

7.5CVSS6.2AI score0.01108EPSS
Exploits8References27
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.4 views

SUSE CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References3
Veracode
Veracode
added 2023/02/15 2:2 a.m.16 views

Regular Expression Denial Of Service (ReDoS)

simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the match attribute in the autolink object in simple-markdown.js, which allows an attacker to crash the application by providing a maliciously crafted...

7.5CVSS7.1AI score0.01097EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2023/01/24 12:19 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the validateprotocol function in extensions/autolink.c, which exposes malloc metadata. NOTE: The maintainers believe this is harmless. PoC sh echo "to:[email protected]" | ./src/cmark-gfm -e autolink Remediation...

5.3CVSS7AI score0.00723EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.30 views

Fedora 35 : ghc-cmark-gfm (2022-f1aed93db8)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f1aed93db8 advisory. updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209 Tenable has extracted the preceding description block directly from the Fedora...

7.5CVSS6.8AI score0.01641EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/09/28 6:8 p.m.32 views

CVE-2022-39209

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the...

6.5CVSS3AI score0.01641EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/21 6:18 p.m.23 views

Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker...

0.7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/21 6:18 p.m.15 views

GHSA-4QW4-JPP4-8GVP Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Patches This vulnerability has been patched in the following CommonMarker...

7AI score
Exploits0References4
Rows per page
Query Builder