22 matches found
CVE-2026-41150
A flaw was found in Mermaid, a JavaScript tool used for creating diagrams and charts. This vulnerability allows a remote attacker to trigger a denial-of-service DoS condition. The attack occurs when a specially crafted gantt chart, which uses the excludes attribute to exclude all dates, is...
Linux Distros Unpatched Vulnerability : CVE-2026-41150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-servic...
DEBIAN-CVE-2026-41150
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...
CVE-2026-41150
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...
UBUNTU-CVE-2026-41150
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...
CVE-2026-41150
CVE-2026-41150 affects Mermaid (JavaScript) where rendering a Gantt chart with the excludes attribute to exclude all dates can cause a denial-of-service through an infinite loop. The issue occurs in versions prior to 10.9.6 and 11.15.0; mermaid.parse remains unaffected unless ganttDb.getTasks() i...
CVE-2026-41150
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...
CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...
CVE-2026-41150
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...
Mermaid 安全漏洞
Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 have security vulnerabilities. These vulnerabilities arise from the use of the excludes property when rendering Gantt charts; i...
NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...
Infinite loop
Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Infinite loop in the rendering process of Gantt charts when the excludes attribute is set to exclude all dates. An...
Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. Example: gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d mermaid.parse is unaffected,...
Infinite loop
Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Infinite loop in the rendering process of Gantt charts when the excludes attribute is set to exclude all dates. An attacker can...
PT-2026-39887
Name of the Vulnerable Software and Affected Versions Mermaid versions 11.14.0 and earlier Mermaid versions prior to 10.9.6 Description A denial-of-service issue occurs when rendering gantt charts if the excludes attribute is used to exclude all dates. While mermaid.parse is not affected, the iss...
CVE-2023-49860
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...
CVE-2023-49860 WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...
CVE-2023-49860 WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...
Gantt-Chart For Jira 5.5.3 Missing Privilege Check
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-029 Product: Jira module "Gantt-Chart for Jira" Manufacturer: Frank Polscheit - Solutions & IT-Consulting Affected Versions: =5.5.3 Tested Versions: 5.5.3 Vulnerability Type: Improper Privilege Management CWE-269 Risk Level:...
dotproject <= 2.1.6 - Remote File Inclusion Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-13 dotProject = 2.1.6 Remote File Inclusion Vulnerability Script: PHP web-based project...