110 matches found
EUVD-2021-16082
Malware in sbrugna...
EUVD-2023-35510
Malicious code in bioql PyPI...
EUVD-2023-33631
Malicious code in bioql PyPI...
EUVD-2025-20216
Malicious code in bioql PyPI...
EUVD-2022-5772
Malicious code in bioql PyPI...
EUVD-2022-43572
Malicious code in bioql PyPI...
EUVD-2022-38834
Malicious code in bioql PyPI...
EUVD-2023-34415
Malicious code in bioql PyPI...
EUVD-2025-26415
Malicious code in bioql PyPI...
PT-2025-35585
Name of the Vulnerable Software and Affected Versions: Many Notes version 0.10.1 Description: Many Notes version 0.10.1 is susceptible to Cross Site Scripting XSS. This allows malicious Markdown files to execute JavaScript when viewed. Recommendations: At the moment, there is no information about...
CVE-2025-55474
Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS) via Markdown rendering, allowing JavaScript execution when viewed. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (base 6.1, MEDIUM). Connected sources reference a potential fix in v0.10.2, but explicit remediation details are n...
CVE-2025-55474
Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...
CVE-2025-55474
Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
CVE-2019-15726
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server...
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in improper code generation, allowing attackers to execute arbitrary code.
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted .md files...
CVE-2024-33300
Typora v1.0.0 through v1.7 version below Markdown editor has a cross-site scripting XSS vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files...
VulnerabilityResearch
Vulnerability Research Repository Overview Welcome to my...
Typora Cross-Site Scripting Vulnerability
Typora is an editor. A security vulnerability exists in Typora v1.6.7, which stems from the presence of a cross-site scripting XSS vulnerability that allows attackers to execute arbitrary code by uploading specially crafted Markdown files...
PT-2023-21093 · Diagon · Diagon
Name of the Vulnerable Software and Affected Versions: Diagon version 1.0.139 Description: A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality. This issue can be triggered by a specially crafted markdown file or network request, potentially leading to arbitra...