1060837 matches found
CVE-2026-50733
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), enabling arbitrary JavaScript execution across render paths (live preview, presentation mode, and HTML export via WaveDrom.ProcessAll()/eva()). Attack vector includes a crafted m...
EUVD-2026-34869
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
CVE-2026-49493
Markdown Preview Enhanced prior to 0.8.28 runs Bitfield fenced code blocks containing interpretJS(), which evaluates code via vm.runInNewContext(), enabling arbitrary server-side code execution when rendering or exporting a document. The issue’s root cause is that Bitfield definitions were treate...
CVE-2026-49493
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...
Updated cockpit packages fix security vulnerabilities
CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...
MGASA-2026-0175 Updated cockpit packages fix security vulnerabilities
CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...
MAL-2026-5271 Malicious code in goodoldtoulas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 24dbb5643933ff305b2eab164e820476f645ef2b59ad7c7cdfdeb2c3c3bfb98f During installation, package attempts to download and run an executable imitating malicious activity. --- Category: PROBABLYPENTEST - Packages looking like...
CVE-2026-11344
CVE-2026-11344 affects the code-projects Vehicle Management System 1.0, specifically the New Driver Registration Form’s file handling in newdriver.php. The vulnerability arises from manipulating the argument photo, leading to an unrestricted upload condition. The flaw is exploitable remotely and ...
CVE-2026-11344 code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely...
MINI-32VH-R7JG-HJQ7
Bulletin has no description...
MINI-XGR3-W64F-4Q43
Bulletin has no description...
MINI-JXC2-5593-W7F8
Bulletin has no description...
MINI-WHC6-53W4-MQJV
Bulletin has no description...
MINI-527F-3MG2-J88F
Bulletin has no description...
MINI-MCPF-JC6F-77G5
Bulletin has no description...
MINI-RXQV-PC8J-C72X
Bulletin has no description...
MINI-P96P-63X9-V3VQ
Bulletin has no description...
MINI-FHP2-JXFH-G4HR
Bulletin has no description...
MINI-H8Q8-R2MJ-RV4X
Bulletin has no description...