10 matches found
CVE-2026-11422
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
EUVD-2026-34916
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
CVE-2026-11422
CVE-2026-11422 : A code injection vulnerability exists in Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28, within the WaveDrom rendering pipeline. The vulnerability arises from unsanitized WaveDrom block content being passed to window.eval() in the VS Code webview context, enabling a...
CVE-2025-10918
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...
Linux Distros Unpatched Vulnerability : CVE-2015-1197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...
The vulnerability of the App Connect Enterprise Certified Container management tool, related to unlimited resource distribution, allows a attacker to cause a service failure.
The vulnerability of the App Connect Enterprise Certified Container management tool is related to the unlimited distribution of resources during the process of writing files to the local file system. Exploiting this vulnerability can allow a attacker to cause service failures...
buildah: Crafted input tar file may lead to local file overwrite during image build process
A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...
buildah: Crafted input tar file may lead to local file overwrite during image build process
A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...
CVE-2017-13681
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the...
CVE-2016-10330
Directory traversal vulnerability in synophotodsmuser, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors...