CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/06/05 7:36 p.m.•9 views

CVE-2026-41149

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious HTML through the classDef directive in Mermaid state diagrams. This allows for Document Object Model DOM injection, which escapes the Scalable...

5.4CVSS5.4AI score0.00401EPSS

Exploits0References6

SUSE CVE•added 2026/05/30 2:7 a.m.•12 views

SUSE CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS

Exploits0References3

Tenable Nessus•added 2026/05/30 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-41150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-servic...

5.3CVSS5.5AI score0.00384EPSS

Exploits0References3

NVD•added 2026/05/29 3:16 p.m.•10 views

CVE-2026-41159

5.3CVSS0.00398EPSS

Exploits0References4

NVD•added 2026/05/29 3:16 p.m.•13 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS0.00384EPSS

Exploits0References5

OSV•added 2026/05/29 3:16 p.m.•6 views

UBUNTU-CVE-2026-41159

5.3CVSS5.8AI score0.00398EPSS

Exploits0References8

ATTACKERKB•added 2026/05/29 1:54 p.m.•8 views

CVE-2026-41150

5.3CVSS5.8AI score0.00384EPSS

Exploits0References6Affected Software1

Debian CVE•added 2026/05/29 1:54 p.m.•10 views

CVE-2026-41150

5.3CVSS5.8AI score0.00384EPSS

Exploits0

Cvelist•added 2026/05/29 1:53 p.m.•33 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

5.3CVSS0.00398EPSS

Exploits0References4

ATTACKERKB•added 2026/05/29 1:53 p.m.•7 views

CVE-2026-41159

5.3CVSS5.8AI score0.00398EPSS

Exploits0References5Affected Software1

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Mermaid 代码注入漏洞

Mermaid is an open-source application software developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 contain a code injection vulnerability. This vulnerability stems from the default configuration, which allows CSS to b...

5.3CVSS5.9AI score0.00398EPSS

Exploits0References5

NVD•added 2026/05/22 11:16 p.m.•21 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS

Exploits0References6

OSV•added 2026/05/22 11:16 p.m.•8 views

DEBIAN-CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.6AI score0.00401EPSS

Exploits0References1

EUVD•added 2026/05/22 10:34 p.m.•10 views

EUVD-2026-31520

5.3CVSS5.6AI score0.00401EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-0654

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00912EPSS

Exploits0References5

Tenable Nessus•added 2025/08/31 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-54880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. I...

6.1CVSS4.6AI score0.00342EPSS

Exploits1References2

SUSE CVE•added 2025/08/19 11:21 p.m.•4 views

SUSE CVE-2025-54880

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

6.1CVSS6.1AI score0.00342EPSS

Exploits1References3

NVD•added 2025/08/19 5:15 p.m.•6 views

CVE-2025-54880

6.1CVSS0.00342EPSS

Exploits1References3

Vulnrichment•added 2025/08/19 5:4 p.m.•4 views

CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS7.1AI score0.0071EPSS

Exploits0References3

Cvelist•added 2025/08/19 5:4 p.m.•9 views

CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS0.0071EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by