CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/21 3:52 p.m.•7 views

CVE-2026-40565

FreeScout vulnerability CVE-2026-40565 affects versions prior to 1.8.213. The issue occurs in linkify() (app/Misc/Helper.php): plain-text URLs in email bodies are converted to HTML anchor tags without escaping double-quote (") characters, and because HTMLPurifier runs first via getCleanBody(), th...

Exploits0References3Affected Software1

Cvelist•added 2026/04/21 3:52 p.m.•30 views

CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

6.1CVSS0.00199EPSS

ATTACKERKB•added 2026/04/21 3:52 p.m.•0 views

CVE-2026-40565

Exploits0References4Affected Software1

Vulnrichment•added 2026/04/21 3:52 p.m.•3 views

CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

EUVD•added 2026/04/21 3:52 p.m.•3 views

EUVD-2026-24141

CNNVD•added 2026/04/21 12:0 a.m.•8 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the linkify function in app/Misc/Helper.php, which...

Positive Technologies•added 2026/04/21 12:0 a.m.•5 views

Exploits0References1

PT-2026-33996

OSV•added 2026/02/12 6:30 a.m.•9 views

GHSA-38C4-R59V-3VQW markdown-it is has a Regular Expression Denial of Service (ReDoS)

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

6.9CVSS5.9AI score0.00503EPSS

Exploits0References6

Github Security Blog•added 2026/02/12 6:30 a.m.•7 views

markdown-it is has a Regular Expression Denial of Service (ReDoS)

7.5CVSS5.5AI score0.00503EPSS

Exploits0References6Affected Software1

NVD•added 2026/02/12 6:16 a.m.•4 views

CVE-2026-2327

7.5CVSS0.00503EPSS

OSV•added 2026/02/12 6:16 a.m.•7 views

CVE-2026-2327

7.5CVSS5.6AI score

UbuntuCve•added 2026/02/12 6:16 a.m.•7 views

CVE-2026-2327

7.5CVSS5.9AI score0.00503EPSS

Exploits0References5

OSV•added 2026/02/12 6:16 a.m.•2 views

UBUNTU-CVE-2026-2327

7.5CVSS5.8AI score0.00503EPSS

Exploits0References6

CVE•added 2026/02/12 5:0 a.m.•26 views

CVE-2026-2327

The CVE-2026-2327 case concerns the markdown-it package. Affected versions: 13.0.0 through 14.1.0 (and up to 14.1.1 as fixed) are vulnerable to a Regular Expression Denial of Service in the linkify function due to the regex /*$/ used for links; an attacker can provide a long sequence of * follow...

7.5CVSS5.5AI score0.00503EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/02/12 5:0 a.m.•5 views

CVE-2026-2327

6.9CVSS5.5AI score0.00503EPSS

Exploits0References5

Vulnrichment•added 2026/02/12 5:0 a.m.•3 views

CVE-2026-2327

6.9CVSS5.5AI score0.00503EPSS

Cvelist•added 2026/02/12 5:0 a.m.•33 views

CVE-2026-2327

6.9CVSS0.00503EPSS

Positive Technologies•added 2026/02/12 12:0 a.m.•9 views

PT-2026-7818

Name of the Vulnerable Software and Affected Versions markdown-it versions 13.0.0 through 14.1.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition. This occurs due to the use of the regular expression /+$/ within the linkify function. An attacker ca...

7.5CVSS5.2AI score0.00503EPSS

Exploits0References147

CNNVD•added 2026/02/12 12:0 a.m.•5 views

Markdown-It 安全漏洞

Markdown-It is an open-source Markdown parser. Versions of Markdown-It prior to 14.1.1 contained a security vulnerability. This vulnerability stemmed from the use of regular expressions in the linkify function, which could lead to a denial-of-service attack due to the regular expressions...

7.5CVSS7.1AI score0.00503EPSS