52 matches found
CVE-2026-54888
The CVE-2026-54888 issue is a denial-of-service in mdex/mdex_native caused by uncontrolled recursion when converting Markdown to an AST across a NIF boundary. The root cause is missing maximum nesting depth in two mutual Rust functions (ex_document_to_comrak_ast and comrak_ast_to_ex_document), al...
CVE-2026-8661
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...
GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...
CVE-2025-42873
SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the downloadPdf function for Notes feature. An attacker can execute arbitrary JavaScript code and steal session tokens by importing a specially crafted Markdown file containing...
Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...
CVE-2025-60312
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...
CVE-2025-60312
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...
CVE-2025-60312
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...
EUVD-2019-15844
Malware in sbrugna...
EUVD-2017-1586
Malware in sbrugna...
EUVD-2018-0163
Malware in sbrugna...
EUVD-2025-32717
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...
CVE-2025-60312
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...
CVE-2025-60312
CVE-2025-60312 affects Sourcecodester Markdown to HTML Converter v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the "Markdown Input" field that allows a remote attacker to inject arbitrary HTML/JavaScript code, executed in the victim’s browser when the user clicks the "Convert to...
SourceCodester Markdown to HTML Converter 安全漏洞
SourceCodester Markdown to HTML Converter is an open source markdown to html converter from SourceCodester. A security vulnerability exists in SourceCodester Markdown to HTML Converter v1.0, which stems from the Markdown Input field being vulnerable to cross-site scripting attacks that could lead...
PT-2025-41135
Name of the Vulnerable Software and Affected Versions Sourcecodester Markdown to HTML Converter version 1.0 Description The software is susceptible to a Cross-Site Scripting XSS issue in the "Markdown Input" field. A remote attacker can inject arbitrary HTML/JavaScript code that will execute in t...
EUVD-2023-44243
Malicious code in bioql PyPI...