Lucene search
+L

31 matches found

Cvelist
Cvelist
added yesterday17 views

CVE-2026-8075 Posting a malicious markdown image crashes the Mattermost Desktop App

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:16 p.m.11 views

CVE-2021-47963

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS0.00469EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 6:36 p.m.20 views

CVE-2021-47963

CVE-2021-47963 affects Anote 1.0 and describes a persistent cross-site scripting vulnerability in which attackers can inject malicious payloads into markdown files stored by the application. When a crafted markdown file containing embedded JavaScript is opened, it can execute system commands on t...

7.2CVSS6.5AI score0.00469EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/01 9:30 a.m.7 views

Cross-site Scripting (XSS)

Overview @diplodoc/search-extension is a Lunr based offline search extension for Diplodoc platform Affected versions of this package are vulnerable to Cross-site Scripting XSS in the title field of Markdown files. An attacker can execute arbitrary scripts in the context of the user's browser by...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/05 5:41 p.m.5 views

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.markdown function. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious HTM...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/04 8:46 p.m.3 views

CVE-2025-65959 Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing...

8.7CVSS6.4AI score0.002EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-35510

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00445EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-33631

Malicious code in bioql PyPI...

8.2CVSS7AI score0.00333EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-33820

Malicious code in bioql PyPI...

7.4CVSS7.5AI score0.00569EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-43572

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00434EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7076

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00426EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2022-5772

Malicious code in bioql PyPI...

9.3CVSS7.6AI score0.01205EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/04 12:28 a.m.3 views

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...

6.1CVSS6.8AI score0.0034EPSS
Exploits1References1
OSV
OSV
added 2025/09/02 12:0 a.m.5 views

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...

6.1CVSS6.8AI score0.0034EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.8 views

CVE-2023-2316

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...

7.4CVSS6.8AI score0.00569EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.9 views

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

6.5CVSS6.8AI score0.00446EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/01/22 2:48 a.m.4 views

SUSE CVE-2024-22420

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...

6.1CVSS7AI score0.00568EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.5 views

PT-2024-19411

Name of the Vulnerable Software and Affected Versions JupyterLab versions prior to 4.0.11 Description This issue depends on user interaction by opening a malicious Markdown file using JupyterLab's preview feature. A malicious user can access any data that the attacked user has access to and perfo...

6.5CVSS6.8AI score0.00568EPSS
Exploits0References25
NVD
NVD
added 2023/08/19 6:15 a.m.29 views

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

6.5CVSS6.2AI score0.00446EPSS
Exploits1References1
OSV
OSV
added 2023/08/19 6:15 a.m.6 views

CVE-2023-2317

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

9.6CVSS5.9AI score0.02161EPSS
Exploits1References2
Rows per page
Query Builder