Denial Of Service (DoS)

markdown-it is vulnerable to Denial of Service DoS. The vulnerability is due to quadratic-time processing in the smartquotes rule when typographer: true is enabled, which allows an attacker to supply specially crafted markdown containing consecutive quotation marks and consume excessive CPU...

CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

EUVD-2026-28388

Weblate vulnerable to XSS via crafted Markdown...

Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...

GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...

PT-2026-38088

Name of the Vulnerable Software and Affected Versions Mistune versions 3.0.0a1 through 3.2.0 Description A Regular Expression Denial of Service ReDoS exists in the LINK TITLE RE regular expression. An attacker can provide specially crafted Markdown for parsing that triggers catastrophic...

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

BIT-GITLAB-2026-1456 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

CVE-2025-65716

CVE-2025-65716 affects Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18. The issue allows attackers to execute arbitrary JavaScript code by uploading a crafted Markdown (.md) file, enabling local port enumeration and data exfiltration to a control domain. The vulnerability is tied ...

PT-2026-8355

Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved b...

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

GitLab 16.9 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-12983)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a...

Linux Distros Unpatched Vulnerability : CVE-2026-1456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated...

CVE-2026-1456

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

CVE-2026-1456

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

CVE-2026-1456 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

CVE-2026-1456 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Both GitLab Enterprise Edition EE and GitLab Community Edition CE...

PT-2026-7516

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An unauthenticated user could cause a denial of service through CPU exhaustion by submitting specially crafted markdown files. These files trigger...