CVE-2026-40565

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

EUVD-2026-24141

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

UBUNTU-CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

CVE-2026-2327

The CVE-2026-2327 case concerns the markdown-it package. Affected versions: 13.0.0 through 14.1.0 (and up to 14.1.1 as fixed) are vulnerable to a Regular Expression Denial of Service in the linkify function due to the regex /*$/ used for links; an attacker can provide a long sequence of * follow...

Markdown-It 安全漏洞

Markdown-It is an open-source Markdown parser. Versions of Markdown-It prior to 14.1.1 contained a security vulnerability. This vulnerability stemmed from the use of regular expressions in the linkify function, which could lead to a denial-of-service attack due to the regular expressions...

EUVD-2025-22758

Malicious code in bioql PyPI...

CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...

CVE-2025-8101 Linkify 4.3.1 - Prototype Pollution & HTML Attribute Injection (XSS)

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a...

Regular Expression Denial of Service (ReDoS)

Overview markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching...