Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/05 5:49 p.m.31 views

CVE-2026-49492 Markdown Preview Enhanced OS Command Injection in External File and Link Opening

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS0.0034EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 5:49 p.m.11 views

EUVD-2026-34868

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS5.6AI score0.0034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47023

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions prior to 0.8.28 Description On Windows, the software opens external files and links from the preview through a shell without validating untrusted inputs from the markdown document. This allows for the injecti...

8.8CVSS5.5AI score0.0034EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.7 views

PT-2024-20452 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and earlier Description: The bounds check for slices in Vyper does not account for the ability for start + length to overflow when the values aren't literals. This issue can be used to do out-of-bounds OOB access to...

9.8CVSS9.5AI score0.00902EPSS
Exploits1References14
Rows per page
Query Builder