12 matches found
CVE-2025-65716
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...
PT-2026-8355
Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved b...
CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
EUVD-2023-30944
Malicious code in bioql PyPI...
CVE-2023-39703
A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...
CVE-2023-44141
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file...
CVE-2023-44141
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file...
CVE-2023-39703
A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...
CVE-2022-42967
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...
Caret 跨站脚本漏洞
Caret is a software package for drawing classification and regression models. A security vulnerability exists in Caret, which stems from the fact that when it is enabled in preview mode, an attacker can implement cross-site scripting using a carefully crafted Markdown file to enable code executio...
CVE-2022-46603
An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file...