Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/06/08 2:59 p.m.10 views

CVE-2026-41150

A flaw was found in Mermaid, a JavaScript tool used for creating diagrams and charts. This vulnerability allows a remote attacker to trigger a denial-of-service DoS condition. The attack occurs when a specially crafted gantt chart, which uses the excludes attribute to exclude all dates, is...

6.5CVSS5.1AI score0.00384EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-41150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-servic...

5.3CVSS5.5AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 3:16 p.m.7 views

DEBIAN-CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 3:16 p.m.16 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS0.00384EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 3:16 p.m.7 views

UBUNTU-CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References9
CVE
CVE
added 2026/05/29 1:54 p.m.31 views

CVE-2026-41150

CVE-2026-41150 affects Mermaid (JavaScript) where rendering a Gantt chart with the excludes attribute to exclude all dates can cause a denial-of-service through an infinite loop. The issue occurs in versions prior to 10.9.6 and 11.15.0; mermaid.parse remains unaffected unless ganttDb.getTasks() i...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:54 p.m.9 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 1:54 p.m.15 views

CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/29 1:54 p.m.12 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Mermaid 安全漏洞

Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 have security vulnerabilities. These vulnerabilities arise from the use of the excludes property when rendering Gantt charts; i...

5.3CVSS5.9AI score0.00384EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/11 7:36 p.m.9 views

NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

NPM: Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...

5.8AI score0.00384EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/11 7:36 p.m.12 views

Infinite loop

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Infinite loop in the rendering process of Gantt charts when the excludes attribute is set to exclude all dates. An...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 7:36 p.m.17 views

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. Example: gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d mermaid.parse is unaffected,...

5.3CVSS5.7AI score0.00384EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/05/11 7:36 p.m.16 views

Infinite loop

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Infinite loop in the rendering process of Gantt charts when the excludes attribute is set to exclude all dates. An attacker can...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39887

Name of the Vulnerable Software and Affected Versions Mermaid versions 11.14.0 and earlier Mermaid versions prior to 10.9.6 Description A denial-of-service issue occurs when rendering gantt charts if the excludes attribute is used to exclude all dates. While mermaid.parse is not affected, the iss...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References9
NVD
NVD
added 2023/12/14 5:15 p.m.14 views

CVE-2023-49860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

6.5CVSS0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/14 4:18 p.m.17 views

CVE-2023-49860 WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

6.5CVSS6.7AI score0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/14 4:18 p.m.31 views

CVE-2023-49860 WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

6.5CVSS6.6AI score0.00385EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2020/08/04 12:0 a.m.185 views

Gantt-Chart For Jira 5.5.3 Missing Privilege Check

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-029 Product: Jira module "Gantt-Chart for Jira" Manufacturer: Frank Polscheit - Solutions & IT-Consulting Affected Versions: =5.5.3 Tested Versions: 5.5.3 Vulnerability Type: Improper Privilege Management CWE-269 Risk Level:...

0.4AI score0.01834EPSS
Exploits3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

dotproject <= 2.1.6 - Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-13 dotProject = 2.1.6 Remote File Inclusion Vulnerability Script: PHP web-based project...

7.1AI score
Exploits0
Rows per page
Query Builder