59 matches found
CVE-2026-48822
Shaarli (versions ≤ 0.16.1) contains a stored XSS in the Bookmark Description field when a malicious javascript: URI is injected via Markdown reference links. The root cause is in BookmarkMarkdownFormatter.php: filterProtocols uses a regex that catches inline links but does not inspect Markdown r...
PT-2026-50535
Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...
CLEANSTART-2026-NT30039 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34986, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-41889, CVE-2026-42499, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-4659, CVE-2026-46595, CVE-2026-46597, ghsa-273p-m2cw-6833, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-846p-jg2w-w324, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-whqx-f9j3-ch6m, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.3-r0, 1.14.1-r0, 1.14.1-r1, 1.14.1-r2, 1.14.5-r0, 1.14.5-r1
Multiple security vulnerabilities affect the spire-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-HJPH-F4MC-WX4C Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...
Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...
PT-2026-38261
Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description A Denial-of-Service DoS issue exists in the Mistune Markdown parser. Processing specially crafted reference links can cause excessive backtracking and parsing loops within the parse link title functi...
CVE_REQUESTS_references
CVEREQUESTSr...
SUSE: Security Advisory (SUSE-SU-2025:02120-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-22968
creationtimestamp| type| source ---|---|--- 2025-01-15 16:18:11+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfs652sxsa2e 2025-01-15 17:38:06+00:00| seen| https://t.me/cvedetector/15471 2025-01-16 15:56:07+00:00| published-proof-of-concept|...
Fedora: Security Advisory (FEDORA-2024-075f626765)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the GLPI system’s request and incident handling process, related to improper elimination of input data during the generation of web pages, allows a perpetrator to store arbitrary codes in the reference links.
The vulnerability of the GLPI system for handling requests and incidents is related to the improper elimination of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to insert arbitrary codes into the reference documents...
GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries
Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...
Adobe Acrobat DC Continuous Security Update (APSB23-54) - Windows
Adobe Acrobat DC Continuous is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft Windows Multiple Vulnerabilities (KB5030219)
This host is missing an important security update according to Microsoft KB5030219 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Windows Multiple Vulnerabilities (KB5030214)
This host is missing an important security update according to Microsoft KB5030214 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft Windows Multiple Vulnerabilities (KB5021255)
This host is missing an important security update according to Microsoft KB5021255 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Apple Mac OS X Security Update (HT213759)
Apple Mac OS X is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...
Microsoft Windows Multiple Vulnerabilities (KB5022286)
This host is missing an important security update according to Microsoft KB5022286 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Buffer overflow
Buffer overflow in firmware leweicam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links http://thiscomputer.com/...