Lucene search
+L

110 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.5 views

CVE-2026-44111

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38244

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An arbitrary file read issue exists in the QMD backend memory get function. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths,...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/05 2:20 a.m.7 views

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/01 9:30 a.m.7 views

Cross-site Scripting (XSS)

Overview @diplodoc/search-extension is a Lunr based offline search extension for Diplodoc platform Affected versions of this package are vulnerable to Cross-site Scripting XSS in the title field of Markdown files. An attacker can execute arbitrary scripts in the context of the user's browser by...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/01 8:36 a.m.35 views

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

5.4CVSS0.00241EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/01 8:36 a.m.6 views

EUVD-2026-26484

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References3
Fedora
Fedora
added 2026/05/01 3:6 a.m.8 views

[SECURITY] Fedora 43 Update: glow-2.1.2-1.fc43

Glow is a terminal based markdown reader designed from the ground up to bring out the beauty=E2=80=94and power=E2=80=94of the CLI. Use it to discover mark down files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository...

7.5CVSS5.3AI score0.00626EPSS
Exploits0
Fedora
Fedora
added 2026/05/01 1:27 a.m.9 views

[SECURITY] Fedora 42 Update: glow-2.1.2-1.fc42

Glow is a terminal based markdown reader designed from the ground up to bring out the beauty=E2=80=94and power=E2=80=94of the CLI. Use it to discover mark down files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository...

7.5CVSS7.2AI score0.00626EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/17 10:33 p.m.9 views

OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths

Summary The QMD backend memoryget read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set. Impact When the QMD backend was enabled, a caller with access to memoryget could read arbitrary .md files...

5.9AI score
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/16 12:0 a.m.5 views

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

6.1AI score0.00639EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.14 views

PT-2026-8028

Name of the Vulnerable Software and Affected Versions Windows Notepad versions prior to 11.x patch Description A remote code execution issue exists in the modern Windows 11 Notepad application distributed through the Microsoft Store. A malicious Markdown .md file can trigger command injection,...

6.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2026-1456

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.15 views

PT-2026-7516

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An unauthenticated user could cause a denial of service through CPU exhaustion by submitting specially crafted markdown files. These files trigger...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/16 9:31 p.m.5 views

CVE-2021-47839

A flaw was found in Marky. This persistent cross-site scripting XSS vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute,...

7.2CVSS6.4AI score0.00423EPSS
Exploits0References7
NVD
NVD
added 2026/01/16 7:16 p.m.13 views

CVE-2021-47842

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code...

7.2CVSS0.00409EPSS
Exploits0References4
OSV
OSV
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47839

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

5.1CVSS6AI score
Exploits0References4
NVD
NVD
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47840

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...

7.2CVSS0.00409EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 7:16 p.m.6 views

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS0.00409EPSS
Exploits0References4
OSV
OSV
added 2026/01/16 7:16 p.m.5 views

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

5.1CVSS6AI score0.00409EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 7:16 p.m.7 views

CVE-2021-47839

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

7.2CVSS0.00423EPSS
Exploits0References7
Rows per page
Query Builder