Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

CVE
CVEadded 2026/06/05 5:49 p.m.23 views

CVE-2026-49493

Markdown Preview Enhanced prior to 0.8.28 runs Bitfield fenced code blocks containing interpretJS(), which evaluates code via vm.runInNewContext(), enabling arbitrary server-side code execution when rendering or exporting a document. The issue’s root cause is that Bitfield definitions were treate...

8.8CVSS5.9AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/05 5:49 p.m.7 views

CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()

Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...

8.8CVSS5.9AI score0.00327EPSS
Exploits0References2
Microsoft CVE
Microsoft CVEadded 2024/09/11 7:0 a.m.4 views

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation

...

8.8CVSS7AI score0.09304EPSS
Exploits1
BDU FSTEC
BDU FSTECadded 2023/11/15 12:0 a.m.3 views

The vulnerability of the parse method in the json5 package manager library in NPM allows a hacker to trigger a service failure.

The vulnerability of the parse method in the json5 package manager library from NPM is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to cause service failures...

9CVSS6.4AI score0.09304EPSS
Exploits1References6Affected Software9
Positive Technologies
Positive Technologiesadded 2022/12/23 12:0 a.m.5 views

PT-2022-7147

Name of the Vulnerable Software and Affected Versions json5 versions 1.0.1 and earlier json5 versions 2.2.1 and earlier Description The parse method of the json5 library does not restrict parsing of keys named proto , allowing specially crafted strings to pollute the prototype of the resulting...

9CVSS6.8AI score0.09304EPSS
Exploits1References38
Rows per page
Query Builder