Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/06/17 2:14 p.m.10 views

Open WebUI: Stored XSS in Mermaid Markdown Preview

Summary Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel: 'loose', attacker-controlled Mermaid content can be rendered unsafely in this flow. A working paylo...

8.7CVSS5.6AI score0.002EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/26 10:16 p.m.1 views

CVE-2026-33664

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS0.00255EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/18 8:19 p.m.4 views

JustHTML has a Sanitizer Bypass (in Markdown)

Summary tomarkdown does not sufficiently escape text content that looks like HTML. As a result, untrusted input that is safe in tohtml can become raw HTML in Markdown output. This is not specific to tokenizer raw-text states like , , or , although those states can trigger the behavior. The root...

5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/25 3:48 a.m.10 views

CVE-2026-27627

Summary: CVE-2026-27627 affects Karakeep’s Reddit metascraper path. In version 0.30.0, the HTML returned as readableContentHtml by the Reddit plugin is consumed directly by the HTML parsing subprocess without DOMPurify sanitization, while other content sources go through Readability + DOMPurify. ...

8.2CVSS5.3AI score0.00319EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:12 p.m.4 views

CVE-2026-25516

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54240

Malicious code in bioql PyPI...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1
Rows per page
Query Builder