GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createDocWithMd function, where unsanitized input in the markdown parameter is passed to downstream processing functions. An attacker can access arbitrary files on the server or interact with...

CVE-2025-42873

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the downloadPdf function for Notes feature. An attacker can execute arbitrary JavaScript code and steal session tokens by importing a specially crafted Markdown file containing...

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

EUVD-2017-1586

Malware in sbrugna...

EUVD-2018-0163

Malware in sbrugna...

EUVD-2019-15844

Malware in sbrugna...

EUVD-2025-32717

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

PT-2025-41135

Name of the Vulnerable Software and Affected Versions Sourcecodester Markdown to HTML Converter version 1.0 Description The software is susceptible to a Cross-Site Scripting XSS issue in the "Markdown Input" field. A remote attacker can inject arbitrary HTML/JavaScript code that will execute in t...

SourceCodester Markdown to HTML Converter 安全漏洞

SourceCodester Markdown to HTML Converter is an open source markdown to html converter from SourceCodester. A security vulnerability exists in SourceCodester Markdown to HTML Converter v1.0, which stems from the Markdown Input field being vulnerable to cross-site scripting attacks that could lead...

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

CVE-2025-60312

CVE-2025-60312 affects Sourcecodester Markdown to HTML Converter v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the "Markdown Input" field that allows a remote attacker to inject arbitrary HTML/JavaScript code, executed in the victim’s browser when the user clicks the "Convert to...

EUVD-2023-44243

Malicious code in bioql PyPI...

CVE-2025-61599

CVE-2025-61599 affects EMLOG Pro 2.5.21 and earlier. A stored XSS vulnerability exists in the Twitter feature where an authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the server and executes in the browser of any user (including a...

CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...