Lucene search
K

149 matches found

CVE
CVE
added 2026/03/07 4:0 p.m.20 views

CVE-2026-30838

CVE-2026-30838 affects league/commonmark, a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting ASCII whitespace between a disallowed HTML tag name and the closing >, e.g., , enabling a cross-site scripting (XSS) vector for applications tha...

6.1CVSS5.7AI score0.00217EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/07 4:0 p.m.32 views

CVE-2026-30838 league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...

5.1CVSS0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/03/07 4:0 p.m.4 views

CVE-2026-30838 league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...

5.1CVSS5.6AI score0.00217EPSS
Exploits0References3
Veracode
Veracode
added 2026/03/07 5:5 a.m.7 views

Cross-site Scripting (XSS)

league/commonmark is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper filtering of disallowed HTML tags that can be bypassed using whitespace characters, which allows an attacker to inject and execute malicious scripts...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.6 views

commonmark 跨站脚本漏洞

Commonmark is a highly scalable PHP Markdown parser developed by The League of Extraordinary Packages. It fully supports the CommonMark and GFM specifications. Versions of Commonmark prior to 2.8.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the DisallowedRawHtml...

6.1CVSS5.6AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 11:27 p.m.2 views

GHSA-4V6X-C7XX-HW9F CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names

Impact The DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a valid HTML tag by browsers. This is a cross-site scripting X...

5.1CVSS5.6AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.4 views

PT-2026-23795

Name of the Vulnerable Software and Affected Versions league/commonmark versions prior to 2.8.1 Description The DisallowedRawHtml extension in league/commonmark can be bypassed by inserting ASCII whitespace characters between a disallowed HTML tag name and the closing ''. For example, would pass...

5.1CVSS5.7AI score0.00217EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-41361

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00591EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-26633

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01108EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.57 views

EUVD-2025-13411

Malicious code in bioql PyPI...

6.4CVSS6.3AI score0.00287EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-5057

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.01597EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28874

Malicious code in bioql PyPI...

6.9CVSS5.4AI score0.00461EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-9670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing...

6.9CVSS6AI score0.00461EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/31 7:10 p.m.4 views

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

6.9CVSS6.9AI score0.00461EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/29 7:42 p.m.1 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:turndown is an A library that converts HTML to Markdown Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the replacement function in commonmark-rules.js. An attacker can cause excessive resource consumption. PoC js const...

6.9CVSS5.3AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/29 7:42 p.m.1 views

Regular Expression Denial of Service (ReDoS)

Overview turndown is an A library that converts HTML to Markdown Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the replacement function in commonmark-rules.js. An attacker can cause excessive resource consumption. PoC js const attackString =...

6.9CVSS6.7AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 2025/08/29 7:15 p.m.4 views

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

6.9CVSS0.00461EPSS
Exploits0References5
OSV
OSV
added 2025/08/29 7:15 p.m.4 views

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

6.9CVSS7AI score
Exploits0References5
OSV
OSV
added 2025/08/29 7:15 p.m.3 views

UBUNTU-CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

6.9CVSS5.6AI score0.00461EPSS
Exploits0References7
CVE
CVE
added 2025/08/29 7:2 p.m.30 views

CVE-2025-9670

CVE-2025-9670 concerns mixmark-io turndown up to 7.2.1, with a vulnerability in src/commonmark-rules.js that leads to inefficient regular-expression handling. IBM Security SOAR versions 51.0.7.x and earlier are affected; IBM recommends upgrading to v51.0.8.0 to address the issue. The vulnerabilit...

6.9CVSS5.5AI score0.00461EPSS
Exploits0References5
Rows per page
Query Builder