Lucene search
K

30 matches found

Vulnrichment
Vulnrichment
added 2026/06/22 9:10 p.m.6 views

CVE-2026-48515 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ruby-kramdown

Before version 2.3.1, Kramdown did not restrict Rouge formatters to the Rouge::Formatters namespace, allowing arbitrary classes to be instantiated...

9.8CVSS8.4AI score0.02805EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016633 advisory. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Tenable has extracted th...

9.8CVSS7.4AI score0.02805EPSS
Exploits1References4
OSV
OSV
added 2026/05/21 9:23 p.m.5 views

GHSA-35WC-CVQG-78FP twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments

Description IntlExtension memoises every \IntlDateFormatter and \NumberFormatter it creates in instance-level arrays keyed on a hash that includes locale, pattern, attrs and other values that are ordinary named arguments of the formatdatetime / formatdate / formattime / formatnumber /...

6.9CVSS5.8AI score0.00056EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/04/28 8:18 p.m.2 views

fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)

nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...

9.8CVSS5.4AI score0.00573EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/22 7:52 p.m.29 views

CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

4.6CVSS0.00193EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/22 7:52 p.m.7 views

CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

4.6CVSS5.9AI score0.00193EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/07 12:48 a.m.2 views

Prototype Pollution

Overview carbone is a Fast, Simple and Powerful report generator. Injects JSON and produces PDF, DOCX, XLSX, ODT, PPTX, ODS, ...! Affected versions of this package are vulnerable to Prototype Pollution via the formatters parameter in lib/input.js. An attacker can modify object prototype attribute...

5CVSS6.4AI score0.00275EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:26 p.m.3 views

Malicious code in Be.Vlaanderen.Bаsisregisters.AspNetCorе.Mvc.Formatters.Json (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 1:26 p.m.4 views

MAL-2024-4097 Malicious code in Be.Vlaanderen.Bаsisregisters.AspNetCorе.Mvc.Formatters.Json (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:25 p.m.10 views

Malicious code in Be.Vlaanԁeren.Basisregisters.AspNetCore.Mvс.Formatters.Csv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:25 p.m.5 views

Malicious code in Be.Vlaanԁerеn.Basisregisters.AsрNetCore.Mvс.Formatters.Csv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 1:25 p.m.6 views

MAL-2024-4208 Malicious code in Be.Vlaanԁerеn.Basisregisters.AsрNetCore.Mvс.Formatters.Csv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:23 p.m.3 views

Malicious code in Bе.Vlaanderen.Bаsisregіsters.AspNetCorе.Mvc.Formatters.Json (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2023/10/10 4:39 a.m.14 views

USN-6424-1 ruby-kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

9.8CVSS5.9AI score0.02805EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.4 views

SUSE CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

9.8CVSS9.3AI score0.02805EPSS
Exploits1References4
Prion
Prion
added 2021/12/30 3:15 p.m.25 views

Cross site scripting

jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting XSS vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code...

2.1CVSS5.5AI score0.01037EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/05/06 11:2 a.m.3 views

OESA-2021-1159 rubygem-kramdown security update

The package is fast yet-another-markdown-parser, pure Ruby, using a strict syntax definition and supporting several common extensions. Security Fixes: Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be...

9.8CVSS7AI score0.02805EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/03/29 4:30 p.m.60 views

Remote code execution in Kramdown

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

9.8CVSS6.7AI score0.02805EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2021/03/29 4:30 p.m.17 views

GHSA-52P9-V744-MWJJ Remote code execution in Kramdown

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

9.8CVSS9.3AI score0.02805EPSS
Exploits1References11
Rows per page
Query Builder