Security Bulletin: There is a vulnerability in marked-14.0.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-****-*****)

Summary There is a vulnerability in marked-14.0.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41680 DESCRIPTION: Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exis...

Astra Linux - уязвимость в node-marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch might cause catastrophic backtracking for certain strings, leading to a denial of service DoS attack. Any user who runs untrusted markdown using a vulnerable version of Marked, without...

GHSA-6V9C-7CG6-27Q7 Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer vulnerability discovered by ? in WordPress Npm marked versions = 18.0.0, = 18.0.1...

Allocation of Resources Without Limits or Throttling

Overview marked is a low-level compiler for parsing markdown without caching or blocking for long periods of time. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Tokenizer. An attacker can cause the application to exhaust system...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:marked is a low-level compiler for parsing markdown without caching or blocking for long periods of time. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Tokenizer. An attacker can cause the application to...

CVE-2026-41680

CVE-2026-41680 affects the Marked markdown parser/compiler. From versions 18.0.0 through 18.0.1, an unauthenticated attacker can trigger an infinite recursion in the tokenizer by sending the 3-byte sequence: tab, vertical tab, newline (\x09\x0b\n). This leads to unbounded memory allocation and ca...

CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

marked 资源管理错误漏洞

marked is a Markdown parser and compiler written by Christopher Jeffrey in the United States. Version 18.0.0 to 18.0.1 of marked contains a resource management vulnerability. This vulnerability arises from triggering an infinite recursive loop when parsing certain 3-byte input sequences, leading ...

EUVD-2018-0154

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-10531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it'...

@applitools/bongo (>=5.1.2 <=5.10.0), @arakoodev/edgechains.js (>=0.25.0 <=0.30.1) +831 more potentially affected by CVE-2018-25110 via marked (>=0.0.1 <=0.3.16)

marked NPM version =0.0.1, =5.1.2, =0.25.0, =0.1.12-alpha.0, =0.0.1, =0.1.0, =1.0.0, =2.5.2, =2.5.4 and more Source cves: CVE-2018-25110 Source advisory: OSV:GHSA-P9WX-2529-FP83...

marked 安全漏洞

marked is a Markdown parser and compiler written in JavaScript by Christopher Jeffrey, an individual developer in the United States. A security vulnerability exists in marked prior to version 0.3.17, which stems from catastrophic backtracking of regular expressions parsing HTML tags and markdown...

08cms (=1.0.0), 0ad-tools (=0.0.1) +31195 more potentially affected by CVE-2022-21681 via marked (>=0.0.1 <=4.0.0)

marked NPM version =0.0.1, =5.0.3, =0.0.1, =1.1.5, =1.0.0, =0.0.1, =0.3.96, =1.0.0, =0.1.0, =1.5.46 and more Source cves: CVE-2022-21681 Source advisory: OSV:GHSA-5V2H-R2CX-5XGJ...

08cms (=1.0.0), 0ad-tools (=0.0.1) +31195 more potentially affected by CVE-2022-21680 via marked (>=0.0.1 <=4.0.0)

marked NPM version =0.0.1, =5.0.3, =0.0.1, =1.1.5, =1.0.0, =0.0.1, =0.3.96, =1.0.0, =0.1.0, =1.5.46 and more Source cves: CVE-2022-21680 Source advisory: OSV:GHSA-RRRM-QJM4-V8HF...

DEBIAN-CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

PT-2022-7077 · Marked +1 · Marked +1

Name of the Vulnerable Software and Affected Versions: Marked versions prior to 4.0.10 Description: The issue is related to a denial of service caused by the regular expression inline.reflinkSearch potentially leading to catastrophic backtracking against some strings. This can affect anyone who...

GHSA-8WP3-CP9V-44FM Cross-Site Scripting in marked

Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity...

marked 资源管理错误漏洞

marked is the United States Christopher Jeffrey personal developer of a Markdown parser and compiler written in JavaScript . A resource management error vulnerability exists in Marked versions 1.1.1 and prior to 2.0.0, which can affect any user who runs user-generated code through Marked. No...

1min (>=0.0.1 <=1.3.0), 20190403-utils (=1.0.0) +2475 more potentially affected by unknown CVE via marked (>=0.4.0 <=0.6.3)

marked NPM version =0.4.0, =0.0.1, =0.1.0, =1.0.0, =4.13.7-rc4, =0.0.1, =0.1.0, =1.0.0, =0.1.0, =4.0.0, =4.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CH52-VGQ2-943F...