Linux Distros Unpatched Vulnerability : CVE-2020-10814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. CVE-2020-10814 Note that Nessus...

OESA-2025-1843 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: CPP-HTTPLIB is a C++11 single file header that only cross-platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using transfer code:...

CVE-2021-30074

docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

PYSEC-2025-40

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

CVE-2024-9107

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

PYSEC-2025-95

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

PT-2024-20683 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile versions prior to 2.13.0 Description: The issue is related to uncontrolled resource consumption, where the syntax highlighter fails to limit the size of the code block it processes. This allows an attacker to send a very lar...

DRUPAL-CONTRIB-2023-043

Provides highlight.php integration to Drupal, allowing blocks to be automatically highlighted with the correct language. The module's Twig function doesn't sufficiently filter user-entered data...

SUSE CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's...

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...

PT-2022-21966 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions 1.2 to 1.5.3 Description: The issue allows remote code execution due to the theme permitting site editors to include executable code blocks in website content. This is exacerbated by a missing...

Docsify vulnerable to cross-site scripting due to mishandled encoding

docsify versions 4.12.1 and earlier are vulnerable to cross-site scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...

Cross site scripting

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service DoS conditions, information leaks and remote code execution RCE in various web applications, researchers are warning. The bugs were found in third-party web...

[SECURITY] Fedora 35 Update: python-markdown2-2.4.2-1.fc35

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

Description of the security update for SharePoint Server 2019: August 10, 2021 (KB5002000)

Description of the security update for SharePoint Server 2019: August 10, 2021 KB5002000 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see the Microsoft Common Vulnerabilities and Exposures CVE-2021-36940. Note: ...

[SECURITY] Fedora 34 Update: python-markdown2-2.4.0-1.fc34

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

CVE-2021-30074

docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...

CVE-2021-30074

docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...