Lucene search
K

52 matches found

CVE
CVE
added 4 days ago8 views

CVE-2026-54888

The CVE-2026-54888 issue is a denial-of-service in mdex/mdex_native caused by uncontrolled recursion when converting Markdown to an AST across a NIF boundary. The root cause is missing maximum nesting depth in two mutual Rust functions (ex_document_to_comrak_ast and comrak_ast_to_ex_document), al...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 2:16 a.m.8 views

CVE-2026-8661

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS0.00254EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 4:52 p.m.4 views

GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...

8.7CVSS6AI score0.00481EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/21 1:2 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

8.8CVSS5.8AI score0.00522EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/21 1:2 a.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

8.8CVSS5.8AI score0.00522EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.8 views

CVE-2025-42873

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

5.9CVSS7AI score0.0032EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/04 10:3 p.m.3 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the downloadPdf function for Notes feature. An attacker can execute arbitrary JavaScript code and steal session tokens by importing a specially crafted Markdown file containing...

8.7CVSS5.3AI score0.00193EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 6:6 a.m.14 views

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

8.1CVSS7.7AI score0.26049EPSS
Exploits4Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/08 12:13 a.m.14 views

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

6.2AI score0.00261EPSS
Exploits1References1
NVD
NVD
added 2025/10/07 4:15 p.m.6 views

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

6.1CVSS0.00261EPSS
Exploits1References2
OSV
OSV
added 2025/10/07 4:15 p.m.6 views

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

6.1CVSS6AI score0.00261EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-15844

Malware in sbrugna...

5.4CVSS5.5AI score0.00506EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-1586

Malware in sbrugna...

6.1CVSS6.3AI score0.00836EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0163

Malware in sbrugna...

5.4CVSS5.4AI score0.00537EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:0 a.m.7 views

EUVD-2025-32717

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

5.7AI score0.00261EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/07 12:0 a.m.3 views

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

5.8AI score0.00261EPSS
Exploits1References2
CVE
CVE
added 2025/10/07 12:0 a.m.11 views

CVE-2025-60312

CVE-2025-60312 affects Sourcecodester Markdown to HTML Converter v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the "Markdown Input" field that allows a remote attacker to inject arbitrary HTML/JavaScript code, executed in the victim’s browser when the user clicks the "Convert to...

6.1CVSS5.8AI score0.00261EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.6 views

SourceCodester Markdown to HTML Converter 安全漏洞

SourceCodester Markdown to HTML Converter is an open source markdown to html converter from SourceCodester. A security vulnerability exists in SourceCodester Markdown to HTML Converter v1.0, which stems from the Markdown Input field being vulnerable to cross-site scripting attacks that could lead...

6.1CVSS6.3AI score0.00261EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.4 views

PT-2025-41135

Name of the Vulnerable Software and Affected Versions Sourcecodester Markdown to HTML Converter version 1.0 Description The software is susceptible to a Cross-Site Scripting XSS issue in the "Markdown Input" field. A remote attacker can inject arbitrary HTML/JavaScript code that will execute in t...

6.1CVSS6.2AI score0.00261EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-44243

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00504EPSS
Exploits0References1
Rows per page
Query Builder