88 matches found
CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
EUVD-2026-44633
The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...
CVE-2026-58486
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load js-yaml v3 via @hedgedoc/meta-marked, which...
CVE-2026-58486 HedgeDoc: Denial-of-service via YAML alias expansion in note frontmatter
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load js-yaml v3 via @hedgedoc/meta-marked, which...
CVE-2026-58486
CVE-2026-58486: HedgeDoc prior to 1.11.0 is vulnerable to a YAML alias bomb in note frontmatter. HedgeDoc parses frontmatter with js-yaml.load (js-yaml v3) via @hedgedoc/meta-marked, resolving YAML anchors and potentially expanding a malicious payload into a huge object, consuming CPU on each req...
PT-2026-57919
Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description Unsafe processing of note frontmatter allows a YAML alias bomb, where a compact malicious payload expands into a massive object structure. This occurs because the application uses js-yaml.load...
CVE-2026-15505
A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...
CVE-2026-15505 vnotex vnote YAML Frontmatter markdownit.js cross site scripting
A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...
EUVD-2026-43246
A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...
CVE-2026-15505
The CVE concerns vnotex vnote (up to version 3.20.1) where the YAML Frontmatter component exposes cross-site scripting via the file /src/data/extra/web/js/markdownit.js. The issue arises from manipulation of the argument p_metaData in the YAML Frontmatter code, which can potentially be exploited ...
CVE-2026-59711
A flaw was found in showdown. This cross-site scripting XSS vulnerability occurs in the metadata title handling when the completeHTMLDocument option is enabled. An attacker can exploit this by injecting unescaped less-than and greater-than characters into markdown frontmatter metadata. This allow...
CVE-2026-59711
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
CVE-2026-59711
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
CVE-2026-59711
CVE-2026-59711 affects the showdown library. A cross-site scripting vulnerability exists in metadata title handling when the completeHTMLDocument option is enabled; unescaped characters in markdown frontmatter metadata are placed into HTML title tags, allowing script execution in the rendered pa...
EUVD-2026-41948
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
PT-2026-56013
Name of the Vulnerable Software and Affected Versions showdown affected versions not specified Description An issue exists in metadata title handling that allows the injection of arbitrary HTML and JavaScript. When the completeHTMLDocument option is enabled, unescaped less-than and greater-than...
GHSA-XW4P-PW82-HQR7 OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
Overview In affected versions, OpenClaw’s sandbox skill mirroring used the skill’s frontmatter name as part of the destination path when copying skills into the sandbox workspace. A crafted skill name containing traversal segments for example ../ or an absolute path could cause the copy to write...