135 matches found
EUVD-2021-25572
Malware in sbrugna...
EUVD-2021-16082
Malware in sbrugna...
EUVD-2023-42303
Malicious code in bioql PyPI...
EUVD-2021-8640
Malicious code in bioql PyPI...
EUVD-2024-41431
Malicious code in bioql PyPI...
EUVD-2022-29622
Malicious code in bioql PyPI...
EUVD-2025-10682
Malicious code in bioql PyPI...
CVE-2024-45308
HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by t...
CVE-2022-24837
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
CVE-2021-29474
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...
CVE-2021-29503
HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...
CVE-2021-29475
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...
CVE-2025-32391
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...
CVE-2025-32391
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...
CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...
CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...
CVE-2025-32391
HedgeDoc has a vulnerability (CVE-2025-32391) up to version 1.10.2 where uploading a malicious SVG can trigger cross-site scripting when the file is opened in a new tab, via the GitHub Gist JSONP embedding feature. The issue affects instances using the local filesystem upload backend or configura...
CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...
PT-2025-15983 · Github +1 · Github Gist +1
Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.10.3 Description: The issue arises when a malicious SVG file is uploaded to HedgeDoc, potentially leading to cross-site scripting XSS when the file is opened in a new tab. This is possible due to the exploitation ...
HedgeDoc 跨站脚本漏洞
HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A cross-site scripting vulnerability exists in HedgeDoc versions prior to 1.10.3, which stems from a malicious SVG file that could lead to a cross-site scripting attack...