Lucene search
K

112 matches found

Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.9 views

PT-2026-5480

Name of the Vulnerable Software and Affected Versions Code Blocks version 17.12 Description Code Blocks 17.12 contains a local buffer overflow that allows attackers to execute arbitrary code. This is achieved by crafting a malicious file name with Unicode characters. Attackers can trigger the iss...

8.4CVSS6AI score0.00188EPSS
Exploits0References6
CVE
CVE
added 2026/01/07 8:21 a.m.10 views

CVE-2025-12958

CVE-2025-12958 affects Rankology SEO and Analytics Tool for WordPress. Wordfence reports an insecure capability check on the rankology_code_block page that allows authenticated attackers with Editor-level access and above to modify data by adding header/footer code blocks. The issue is tied to Ra...

2.7CVSS5.4AI score0.0021EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 6:3 p.m.21 views

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

8.9CVSS0.00445EPSS
Exploits0References3
OSV
OSV
added 2025/12/02 1:25 a.m.3 views

GHSA-4FH9-H7WG-Q85M mdast-util-to-hast has unsanitized class attribute

Impact Multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. The following markdown: markdown jsxss Would create If your page then applied .xss classes or...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-3220

Malware in sbrugna...

5.5CVSS5.5AI score0.01989EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-10814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. CVE-2020-10814 Note that Nessus...

5.5CVSS6.6AI score0.01989EPSS
Exploits1References2
OSV
OSV
added 2025/07/18 2:48 p.m.5 views

OESA-2025-1843 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: CPP-HTTPLIB is a C++11 single file header that only cross-platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using transfer code:...

7.5CVSS6.8AI score0.00505EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:30 p.m.5 views

CVE-2021-30074

docsify 4.12.1 is affected by Cross Site Scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...

6.1CVSS6.2AI score0.00785EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:21 a.m.8 views

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

8.1CVSS7.2AI score0.01469EPSS
Exploits1References1
PyPA
PyPA
added 2025/05/19 12:15 p.m.9 views

PYSEC-2025-40

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

7.5CVSS7.1AI score0.00507EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2025/03/20 10:15 a.m.12 views

PYSEC-2025-95

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

6.8CVSS6.8AI score0.00505EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-9107

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

5.4CVSS5.9AI score0.00505EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.4 views

PT-2024-20683 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile versions prior to 2.13.0 Description: The issue is related to uncontrolled resource consumption, where the syntax highlighter fails to limit the size of the code block it processes. This allows an attacker to send a very lar...

6.5CVSS7.2AI score0.00406EPSS
Exploits0References8
OSV
OSV
added 2023/09/06 3:23 p.m.4 views

DRUPAL-CONTRIB-2023-043

Provides highlight.php integration to Drupal, allowing blocks to be automatically highlighted with the correct language. The module's Twig function doesn't sufficiently filter user-entered data...

6.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.3 views

SUSE CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's...

6.1CVSS6AI score0.01715EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/10/28 6:12 p.m.20 views

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...

8.8CVSS7.7AI score0.01556EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.2 views

PT-2022-21966 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions 1.2 to 1.5.3 Description: The issue allows remote code execution due to the theme permitting site editors to include executable code blocks in website content. This is exacerbated by a missing...

8.8CVSS8.8AI score0.01556EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:46 p.m.23 views

Docsify vulnerable to cross-site scripting due to mishandled encoding

docsify versions 4.12.1 and earlier are vulnerable to cross-site scripting XSS because the search component does not appropriately encode Code Blocks and mishandles the " character...

6.1CVSS6.1AI score0.00785EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2022/02/18 3:15 p.m.51 views

Cross site scripting

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

4.3CVSS6.4AI score0.01456EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2022/01/10 5:55 p.m.59 views

URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service DoS conditions, information leaks and remote code execution RCE in various web applications, researchers are warning. The bugs were found in third-party web...

7.6CVSS7.9AI score0.06053EPSS
Exploits3References17
Rows per page
Query Builder