CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/03/09 1:59 p.m.•3 views

CVE-2026-30838

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...

6.1CVSS5.7AI score0.00016EPSS

Exploits0References1

Snyk•added 2026/03/07 6:44 p.m.•2 views

Cross-site Scripting (XSS)

Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DisallowedRawHtml extension when a newline, tab, or...

6.1CVSS5.7AI score0.00016EPSS

Exploits0References2

OSV•added 2026/03/07 4:15 p.m.•2 views

DEBIAN-CVE-2026-30838

6.1CVSS5AI score0.00016EPSS

Exploits0References1

NVD•added 2026/03/07 4:15 p.m.•10 views

CVE-2026-30838

6.1CVSS0.00016EPSS

Exploits0References1

UbuntuCve•added 2026/03/07 4:15 p.m.•2 views

CVE-2026-30838

6.1CVSS5.7AI score0.00016EPSS

Exploits0References3

OSV•added 2026/03/07 4:15 p.m.•2 views

UBUNTU-CVE-2026-30838

6.1CVSS5.7AI score0.00016EPSS

Exploits0References4

Debian CVE•added 2026/03/07 4:0 p.m.•4 views

CVE-2026-30838

6.1CVSS5AI score0.00016EPSS

Exploits0

Vulnrichment•added 2026/03/07 4:0 p.m.•3 views

CVE-2026-30838 league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names

5.1CVSS5.7AI score0.00016EPSS

Exploits0References1

ATTACKERKB•added 2026/03/07 4:0 p.m.•2 views

CVE-2026-30838

5.1CVSS5.7AI score0.00016EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/07 4:0 p.m.•30 views

CVE-2026-30838 league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names

5.1CVSS0.00016EPSS

Exploits0References1

CVE•added 2026/03/07 4:0 p.m.•16 views

CVE-2026-30838

CVE-2026-30838 affects league/commonmark, a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting ASCII whitespace between a disallowed HTML tag name and the closing >, e.g., , enabling a cross-site scripting (XSS) vector for applications tha...

6.1CVSS5.7AI score0.00016EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/07 4:0 p.m.•3 views

CVE-2026-30838 league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names

5.1CVSS5.6AI score0.00016EPSS

Exploits0References3

Github Security Blog•added 2026/03/06 11:27 p.m.•7 views

CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names

Impact The DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a valid HTML tag by browsers. This is a cross-site scripting X...

6.1CVSS5.6AI score0.00016EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/03/06 12:0 a.m.•2 views

PT-2026-23795

Name of the Vulnerable Software and Affected Versions league/commonmark versions prior to 2.8.1 Description The DisallowedRawHtml extension in league/commonmark can be bypassed by inserting ASCII whitespace characters between a disallowed HTML tag name and the closing ''. For example, would pass...

5.1CVSS5.7AI score0.00016EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by