Lucene search
+L

585 matches found

vulnersOsv
vulnersOsv
added 2026/04/24 8:41 p.m.8 views

@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @alkemio/excalidraw (>=0.17.1-alkemio-5 <=0.19.0-alkemio-1) +99 more potentially affected by unknown CVE via @excalidraw/mermaid-to-excalidraw (>=0.3.0 <=1.1.2)

@excalidraw/mermaid-to-excalidraw NPM version =0.3.0, =0.18.0-beta.0, =0.17.1-alkemio-5, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.5.0-00d79ee, =0.17.1, =18.0.3, =0.18.0-patch.1, =0.17.1-1d71f84, =0.0.1, =0.0.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-39H7-PWV7-RC3X...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/24 8:41 p.m.22 views

Excalidraw vulnerable to XSS via Mermaid sequence diagram labels (KaTeX rendering)

Impact @excalidraw/[email protected] depends on a Mermaid conversion package version that resolves to a Mermaid release affected by CVE-2025-54881 / GHSA-7rqq-prvp-x9jh. User-supplied Mermaid sequence diagram labels could trigger XSS through Mermaid’s KaTeX label rendering path. This is patched i...

5.3CVSS5.2AI score0.0071EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/04/24 9:10 a.m.6 views

BIT-GITLAB-2026-3254 Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.4AI score0.00152EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.3 views

FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...

8.1CVSS5.4AI score0.00407EPSS
Exploits0References13
EUVD
EUVD
added 2026/04/22 6:31 p.m.3 views

EUVD-2026-24961

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.8AI score0.00152EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 5:16 p.m.5 views

CVE-2026-3254

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 4:29 p.m.32 views

CVE-2026-3254 Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:29 p.m.3 views

CVE-2026-3254

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.8AI score0.00152EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:29 p.m.5 views

CVE-2026-3254 Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.8AI score0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:29 p.m.146 views

CVE-2026-3254

GitLab CVE-2026-3254 affects GitLab CE/EE versions 18.11 and earlier, remediated in 18.11.1. Root cause: improper input validation in the Mermaid sandbox that could allow an authenticated user to load unauthorized content into another user’s browser. Impact limited to potential exposure of unauth...

3.5CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.1 contained a security...

3.5CVSS5.8AI score0.00152EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/04/22 12:0 a.m.14 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab Improper Resolution of Path Equivalence issue in Web IDE asset impacts GitLab CE/EE Cross-site Scripting issue in Storybook impacts GitLab CE/EE Denial of Service issue in discussions endpoint impacts GitL...

5.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34522

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.11 through 18.11.0 Description Improper input validation in the Mermaid sandbox could allow an authenticated user to load unauthorized content into another user's browser. Recommendations Update to version 18.11.1...

3.5CVSS5.1AI score0.00152EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

GitLab 18.11 < 18.11.1 (CVE-2026-3254)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into...

3.5CVSS5.5AI score0.00152EPSS
Exploits0References4
NVD
NVD
added 2026/04/16 11:16 p.m.4 views

CVE-2026-40322

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS0.00306EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 11:0 p.m.17 views

CVE-2026-40322

SiYuan (open-source PIM) versions 3.6.3 and earlier render Mermaid diagrams with securityLevel=loose, injecting the SVG via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid blocks to survive into output, and on desktop builds with Electron, windows created with nodeIntegrati...

9CVSS6.4AI score0.00306EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/16 11:0 p.m.20 views

CVE-2026-40322 SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS0.00306EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/16 11:0 p.m.5 views

EUVD-2026-23330

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS6.4AI score0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 11:0 p.m.4 views

CVE-2026-40322 SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS6.3AI score0.00306EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:0 p.m.3 views

CVE-2026-40322

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS6.4AI score0.00306EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder