Lucene search
+L

228 matches found

NVD
NVD
added 2026/07/10 3:16 p.m.10 views

CVE-2026-59791

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 2:18 p.m.30 views

CVE-2026-59791

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 2:18 p.m.34 views

CVE-2026-59791

The CVE-2026-59791 affects JetBrains YouTrack prior to version 2026.2.17012, where CSS injection was possible through Mermaid diagram rendering. According to the available sources, the vulnerability is tied to the Mermaid diagram rendering component and could impact user interface rendering, with...

3.5CVSS6.1AI score0.00135EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/09 8:16 a.m.7 views

CVE-2026-31981

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 7:22 a.m.7 views

EUVD-2026-42531

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS6AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 7:22 a.m.35 views

CVE-2026-31981 HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 7:22 a.m.9 views

CVE-2026-31981

A stored HTML injection vulnerability affects the Diagram tab and Graph view of Guardian/CMC (N2OS) prior to 26.2.0. An authenticated administrator can inject HTML into configuration data via multiple input vectors; when viewed by others, the HTML may render and enable phishing or open redirects....

5.9CVSS6AI score0.00142EPSS
Exploits0References1Affected Software2
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.6 views

HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

Summary A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. Impact An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data throug...

5.9CVSS5.9AI score0.00142EPSS
Exploits0Affected Software2
CVE
CVE
added 2026/06/30 9:6 p.m.21 views

CVE-2026-58448

CVE-2026-58448 affects yudao-cloud (BPM module) prior to 2026.06. A broken access control flaw allows any authenticated user to read arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected GET endpoint that lacks the @PreAuthorize annotati...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50483

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The application renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel:...

8.7CVSS5.8AI score0.002EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/06/08 2:59 p.m.11 views

CVE-2026-41159

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious Cascading Style Sheets CSS through specific configuration options, such as fontFamily, themeCSS, and altFontFamily. This injected CSS can bypa...

5.4CVSS6.1AI score0.00398EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-49492

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS5.7AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 6:17 p.m.14 views

CVE-2026-49492

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS0.0034EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:49 p.m.7 views

CVE-2026-49492

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS5.7AI score0.0034EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-41159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 3:16 p.m.13 views

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS0.00398EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 11:16 p.m.23 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS
Exploits0References6
OSV
OSV
added 2026/05/22 11:16 p.m.13 views

UBUNTU-CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.6AI score0.00401EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 10:3 p.m.59 views

CVE-2026-41148

CVE-2026-41148 affects Mermaid diagrams up to v10.9.5 and v11.0.0-alpha.1 to v11.12.0, where improper sanitization of classDef values in state diagrams allows CSS injection via addStyleClass() into create CssStyles(), ending with style.innerHTML and enabling page defacement, url()-based tracking,...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/22 10:3 p.m.9 views

EUVD-2026-31515

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References6
Rows per page
Query Builder