Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.12 views

CVE-2026-11422

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 8:16 p.m.15 views

EUVD-2026-34916

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score0.00159EPSS
Exploits0References4
CVE
CVE
added 2026/06/05 8:16 p.m.30 views

CVE-2026-11422

CVE-2026-11422 : A code injection vulnerability exists in Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28, within the WaveDrom rendering pipeline. The vulnerability arises from unsanitized WaveDrom block content being passed to window.eval() in the VS Code webview context, enabling a...

8.4CVSS6AI score0.00159EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/11 3:31 p.m.4 views

CVE-2025-10918

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...

7.1CVSS6.3AI score0.0022EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2015-1197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

1.9CVSS6.6AI score0.02906EPSS
Exploits4References2
BDU FSTEC
BDU FSTEC
added 2025/01/14 12:0 a.m.8 views

The vulnerability of the App Connect Enterprise Certified Container management tool, related to unlimited resource distribution, allows a attacker to cause a service failure.

The vulnerability of the App Connect Enterprise Certified Container management tool is related to the unlimited distribution of resources during the process of writing files to the local file system. Exploiting this vulnerability can allow a attacker to cause service failures...

5.5CVSS5.4AI score0.0016EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2020/05/12 7:52 p.m.2 views

buildah: Crafted input tar file may lead to local file overwrite during image build process

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS7.3AI score0.02603EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/05/12 7:52 p.m.4 views

buildah: Crafted input tar file may lead to local file overwrite during image build process

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

9.3CVSS7.3AI score0.02603EPSS
Exploits1References4
OSV
OSV
added 2017/11/06 11:29 p.m.3 views

CVE-2017-13681

Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the...

7.8CVSS5.8AI score0.00429EPSS
Exploits0References3
OSV
OSV
added 2017/05/12 8:29 p.m.5 views

CVE-2016-10330

Directory traversal vulnerability in synophotodsmuser, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors...

7.1CVSS5.9AI score0.00693EPSS
Exploits1References4
Rows per page
Query Builder