9 matches found
EUVD-2023-33820
Malicious code in bioql PyPI...
CVE-2023-2971
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
CVE-2023-2971
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...
Markdown Editor Cross-Site Scripting Vulnerability
Markdown Editor is an Electron-based Markdown text editor. A security vulnerability exists in Markdown Editor that stems from a cross-site scripting XSS vulnerability in the Rendering Engine. The vulnerability can be exploited by an attacker to execute arbitrary code by designing a payload or...
Markdownify has Files or Directories Accessible to External Parties
Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not...
PT-2022-26038 · Unknown · Markdownify
Name of the Vulnerable Software and Affected Versions: Markdownify version 1.4.1 Description: The issue allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the...
CVE-2022-41709
Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled...
CVE-2022-41709
Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled...
CVE-2022-40277
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before...