Lucene search
K

244 matches found

NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.26 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:10 p.m.7 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/29 7:10 p.m.15 views

CVE-2026-54889

Summary: CVE-2026-54889 security issue in Elixir.MDEx.mdex Delta conversion path allows XSS via unsanitized URL schemes in Quill Delta output. The vulnerability arises when Elixir.MDEx.DeltaConverter.default_convert_node/3 copies the URL from link, wikilink, or image nodes into the Delta attribut...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 7:10 p.m.4 views

EEF-CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to\delta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':default\convert\node/3...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53687

Name of the Vulnerable Software and Affected Versions leandrocp mdex versions 0.8.3 through 0.13.1 Description Improper neutralization of input during web page generation allows cross-site scripting XSS via unsanitized URL schemes in Quill Delta output. The function to delta/2 converts Markdown...

5.1CVSS5.9AI score0.0031EPSS
Exploits0References7
Opera Security Advisories
Opera Security Advisories
added 2026/04/17 12:0 a.m.12 views

How Opera’s Security team helps make the web safer through responsible disclosure

Security How Opera’s Security team helps make the web safer through responsible disclosure Share April 17th, 2026 Hi everyone! At Opera, we have 30 years of experience in building safe and secure browsers. Our seasoned Security team collaborates internally as well as with external researchers to...

8.8CVSS7.7AI score0.01654EPSS
Exploits4References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.7 views

SUSE CVE-2026-31959

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS6AI score0.00097EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS5.9AI score0.00088EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 8:57 p.m.4 views

GO-2026-4675 Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing in github.com/anchore/quill

Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing in github.com/anchore/quill...

5.5CVSS5.8AI score0.001EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 8:57 p.m.4 views

GO-2026-4671 Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill...

5.3CVSS5.8AI score0.00097EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 8:57 p.m.3 views

GO-2026-4672 Quill has DoS via unbounded read of HTTP response body during notarization in github.com/anchore/quill

Quill has DoS via unbounded read of HTTP response body during notarization in github.com/anchore/quill...

5.3CVSS5.8AI score0.00088EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 8:16 p.m.10 views

CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS0.001EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 8:16 p.m.9 views

CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS0.00088EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 7:32 p.m.8 views

CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS5.9AI score0.001EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 7:32 p.m.5 views

CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 7:32 p.m.45 views

CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 7:31 p.m.2 views

CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS5.8AI score0.00088EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:31 p.m.3 views

CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS5.8AI score0.00088EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 7:31 p.m.34 views

CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS0.00088EPSS
Exploits0References1
Rows per page
Query Builder