CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

SUSE CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00044EPSS

Exploits0References3

Tenable Nessus•added 5 days ago•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-servic...

5.3CVSS5.8AI score0.00042EPSS

Exploits0References2

NVD•added 6 days ago•7 views

CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS0.00042EPSS

Exploits0References5

NVD•added 6 days ago•7 views

CVE-2026-41159

5.3CVSS0.00044EPSS

Exploits0References4

OSV•added 6 days ago•3 views

UBUNTU-CVE-2026-41159

5.3CVSS5.8AI score0.00044EPSS

Exploits0References8

ATTACKERKB•added 6 days ago•5 views

CVE-2026-41150

5.3CVSS5.8AI score0.00042EPSS

Exploits0References6Affected Software1

Debian CVE•added 6 days ago•8 views

CVE-2026-41150

5.3CVSS5.8AI score0.00042EPSS

Exploits0

Cvelist•added 6 days ago•27 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

5.3CVSS0.00044EPSS

Exploits0References4

ATTACKERKB•added 6 days ago•4 views

CVE-2026-41159

5.3CVSS5.8AI score0.00044EPSS

Exploits0References5Affected Software1

CNNVD•added 6 days ago•4 views

Mermaid 代码注入漏洞

Mermaid is an open-source application software developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 contain a code injection vulnerability. This vulnerability stems from the default configuration, which allows CSS to b...

5.3CVSS5.9AI score0.00044EPSS

Exploits0References5

OSV•added 2026/05/22 11:16 p.m.•3 views

DEBIAN-CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.6AI score0.00059EPSS

Exploits0References1

NVD•added 2026/05/22 11:16 p.m.•8 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00074EPSS

Exploits0References6

EUVD•added 2026/05/22 10:34 p.m.•5 views

EUVD-2026-31520

5.3CVSS5.6AI score0.00059EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-0654

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00493EPSS

Exploits0References5

Tenable Nessus•added 2025/08/31 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-54880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. I...

6.1CVSS4.6AI score0.00015EPSS

Exploits1References2

SUSE CVE•added 2025/08/19 11:21 p.m.•1 views

SUSE CVE-2025-54880

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

6.1CVSS6.1AI score0.00015EPSS

Exploits1References3

NVD•added 2025/08/19 5:15 p.m.•2 views

CVE-2025-54880

6.1CVSS0.00015EPSS

Exploits1References3

Cvelist•added 2025/08/19 5:4 p.m.•7 views

CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS0.00027EPSS

Exploits0References3

OSV•added 2025/08/19 5:4 p.m.•2 views

CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS6.4AI score0.00027EPSS

Exploits0References5

Vulnrichment•added 2025/08/19 5:4 p.m.•2 views

CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS7.1AI score0.00027EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by