83 matches found
CVE-2026-49493
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
CVE-2026-49493
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
EUVD-2026-34869
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
CVE-2026-49493
Markdown Preview Enhanced prior to 0.8.28 runs Bitfield fenced code blocks containing interpretJS(), which evaluates code via vm.runInNewContext(), enabling arbitrary server-side code execution when rendering or exporting a document. The issue’s root cause is that Bitfield definitions were treate...
CVE-2026-49493
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
PT-2026-47024
Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions prior to 0.8.28 Description The software parses Bitfield fenced code blocks using the interpretJS function, which evaluates the block content as code via vm.runInNewContext. This allows for arbitrary code...
Markdown Preview Enhanced 代码注入漏洞
Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained a code injection vulnerability. This vulnerability stemmed from the use of interpretJS to parse Bitfield and execute code, potentially allowing...
SUSE CVE-2026-43484
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
EUVD-2026-30020
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
CVE-2026-43484
A flaw was found in the Linux kernel's MultiMediaCard MMC core. Concurrent updates to bitfield flags, specifically 'claimed' and 'retunenow', can lead to unintended overwrites of other bits in asynchronous contexts. This can trigger spurious warnings and result in system instability or unexpected...
CVE-2026-43484
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
CVE-2026-43484
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
UBUNTU-CVE-2026-43484
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
CVE-2026-43484
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
CVE-2026-43484 mmc: core: Avoid bitfield RMW for claim/retune flags
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
CVE-2026-43484
The CVE-2026-43484 entry concerns the Linux kernel MMC core. The vulnerability stems from a shared word between host->claimed and retune flags in the MMC host data, where writes to claimed (in __mmc_claim_host()) or retune_now (in mmc_mq_queue_rq()) could overwrite adjacent bits during concurr...
PT-2026-40691
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mmc core where the host-claimed bit shares a word with retune flags. This configuration leads to Read-Modify-Write RMW side effects in asynchronous contexts...
Linux Distros Unpatched Vulnerability : CVE-2026-43484
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in...