Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-16082

Malware in sbrugna...

5.8CVSS5.9AI score0.01599EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-16099

Malware in sbrugna...

8.1CVSS6.3AI score0.01037EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42303

Malicious code in bioql PyPI...

8.2CVSS8.2AI score0.00664EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.6 views

CVE-2022-24837

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS6.6AI score0.01082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.10 views

CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

8.1CVSS6AI score0.01037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/12 2:3 p.m.33 views

CVE-2025-32391

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/10 1:11 p.m.17 views

CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS0.00263EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/10 1:11 p.m.9 views

CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS6.1AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2025/04/10 1:11 p.m.9 views

CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS6AI score0.00263EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/06 3:56 a.m.9 views

CVE-2021-39175

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

8.1CVSS7AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:37 p.m.7 views

CVE-2020-26287

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but www.google-analytics.com is...

8.7CVSS7.4AI score0.01446EPSS
Exploits1
Rows per page
Query Builder