CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/05/19 12:0 a.m.•2 views

@agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294), @ant-design/charts (>=2.2.2 <=2.6.7) +78 more potentially affected by unknown CVE via @antv/graphin (=3.0.5)

@antv/graphin NPM version =3.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphin and may be impacted: - @agentscope-ai/chat =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.0, =1.0.1, =1.0.0, =1.0.0,...

5.8AI score

Exploits0

Cvelist•added 2026/05/07 6:43 p.m.•26 views

CVE-2026-41653 BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

7CVSS0.00062EPSS

CVE•added 2026/05/07 6:43 p.m.•5 views

CVE-2026-41653

BentoPDF (self-hosted client-side PDF toolkit) had a cross-site scripting vulnerability in the Markdown to PDF Tool prior to version 2.8.3. An attacker may be able to execute arbitrary JavaScript in certain circumstances. The issue has been patched in version 2.8.3. No exploitation details are pr...

7CVSS5.8AI score0.00062EPSS

OSV•added 2026/05/04 10:11 p.m.•1 views

GHSA-GXXH-8VCJ-W2MH livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler

Impact All versions of mckenziearts/livewire-markdown-editor prior to v1.3 contain a critical arbitrary file upload vulnerability in the MarkdownEditor::updatedAttachments Livewire handler. The handler calls $file-store with no server-side validation of MIME type, extension, or file content. Any...

7.1CVSS6AI score

Snyk•added 2026/05/04 10:11 p.m.•4 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the updatedAttachments process. An attacker can upload arbitrary files by submitting crafted files through the upload interface, which may result in the execution of malicious scripts, phishing page hosting, or...

7.1CVSS6AI score

Github Security Blog•added 2026/05/04 10:11 p.m.•1 views

livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler

6AI score

Exploits0References4Affected Software1

CNNVD•added 2026/03/24 12:0 a.m.•5 views

Proton 安全漏洞

Proton is an independent application developed by Steventhanna’s developer, which uses Electron to quickly preview and edit Markdown files. Versions of Proton prior to 1.6.16 have security vulnerabilities; these vulnerabilities stem from out-of-bound writing, which may lead to issues with the...

10CVSS5.8AI score0.00063EPSS

Exploits0References1

Snyk•added 2026/01/16 7:54 p.m.•3 views

Cross-site Scripting (XSS)

Overview electron-markdownify is a minimalist Markdown Editor Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload. An attacker can execute arbitrary scripts in the context of the application by uploading specially crafted markdown files containing...

7.2CVSS5.5AI score0.00042EPSS

CNNVD•added 2026/01/16 12:0 a.m.•1 views

Marky security vulnerabilities

Marky is a Markdown editor developed by Alessandro Arnodo of Switzerland. Version 0.0.1 of Marky contains a security vulnerability; this vulnerability stems from allowing malicious scripts to be injected into Markdown files, potentially leading to remote code execution...

7.2CVSS6.1AI score0.00042EPSS

CNNVD•added 2026/01/16 12:0 a.m.•1 views

Markdownify security vulnerabilities

Markdownify is a minimal Markdown editor desktop application built using Electron by Amit Merchant as a personal development project. Version 1.2.0 of Markdownify contains a security vulnerability; this vulnerability stems from stored cross-site scripting in markdown files, which could lead to...

7.2CVSS6AI score0.00042EPSS

CNNVD•added 2026/01/16 12:0 a.m.•1 views

Moeditor security vulnerabilities

Moeditor is an open-source Markdown file editor developed by Moeditor. Version 0.2.0 of Moeditor contains a security vulnerability; this vulnerability stems from allowing the storage of malicious payloads in markdown files, which could lead to remote code execution...

7.2CVSS6.1AI score0.00042EPSS

RedhatCVE•added 2026/01/09 9:34 a.m.•5 views

CVE-2024-41481

Typora before 1.9.3 Markdown editor has a cross-site scripting XSS vulnerability via the Mermaid component...

6.1CVSS5.9AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2025/12/19 8:18 p.m.•2 views

CVE-2023-53940

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS7.8AI score0.00018EPSS

Exploits0References1

NVD•added 2025/12/18 8:15 p.m.•2 views

CVE-2023-53940

8.4CVSS0.00018EPSS

OSV•added 2025/12/18 8:15 p.m.•1 views

CVE-2023-53940

8.4CVSS6.2AI score

CVE•added 2025/12/18 7:57 p.m.•5 views

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

8.4CVSS7.5AI score0.00018EPSS

Cvelist•added 2025/12/18 7:57 p.m.•14 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

8.4CVSS0.00018EPSS

Vulnrichment•added 2025/12/18 7:57 p.m.•3 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

8.4CVSS7.5AI score0.00018EPSS