Lucene search
K

98 matches found

NVD
NVD
added 2026/07/05 5:16 a.m.10 views

CVE-2026-14702

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS0.00108EPSS
Exploits0References7
NVD
NVD
added 2026/07/05 5:16 a.m.10 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS0.00137EPSS
Exploits0References7
CVE
CVE
added 2026/07/05 4:0 a.m.22 views

CVE-2026-14702

Technical details are not publicly available in the provided documents. Monitor for updates to the CVE entry and connected sources for further information.

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:0 a.m.8 views

CVE-2026-14702

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/07/05 4:0 a.m.34 views

CVE-2026-14702 zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS0.00108EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 4:0 a.m.12 views

EUVD-2026-41721

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 3:15 a.m.8 views

EUVD-2026-41724

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
CVE
CVE
added 2026/07/05 3:15 a.m.20 views

CVE-2026-14699

CVE-2026-14699 affects zcaceres/markdownify-mcp prior to 1.1.0. The vulnerability is in assertPathAllowed (src/Markdownify.ts) and can be triggered by local manipulation, potentially causing symlink following. Exploitation is limited to local access. A fix is pending in a pull request and not yet...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 3:15 a.m.28 views

CVE-2026-14699 zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS0.00137EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:15 a.m.9 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/01/16 7:16 p.m.6 views

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS0.00409EPSS
Exploits0References4
OSV
OSV
added 2026/01/16 7:16 p.m.4 views

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

5.1CVSS6AI score0.00409EPSS
Exploits0References4
CVE
CVE
added 2026/01/16 7:9 p.m.13 views

CVE-2021-47837

Markdownify 1.2.0 is affected by a persistent cross-site scripting (XSS) vulnerability that allows attackers to store malicious payloads in Markdown files. When a crafted Markdown file is uploaded and opened, embedded scripts can execute in the client context, with potential remote code execution...

7.2CVSS7.1AI score0.00409EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/16 7:9 p.m.5 views

CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS7.1AI score0.00409EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.26 views

CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS0.00409EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.5 views

CVE-2021-47837

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS5.6AI score0.00409EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.7 views

PT-2026-3292

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS7.4AI score0.00409EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Markdownify security vulnerabilities

Markdownify is a minimal Markdown editor desktop application built using Electron by Amit Merchant as a personal development project. Version 1.2.0 of Markdownify contains a security vulnerability; this vulnerability stems from stored cross-site scripting in markdown files, which could lead to...

7.2CVSS6AI score0.00409EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.9 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS6.9AI score0.00459EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2025-202627

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

6.4AI score0.00459EPSS
Exploits1References3
Rows per page
Query Builder