CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

SUSE CVE-2024-43805

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

PT-2024-30672

Name of the Vulnerable Software and Affected Versions JupyterLab versions prior to 3.6.8 JupyterLab versions prior to 4.2.5 Jupyter Notebook versions prior to 7.2.2 Description This issue depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using...

K-Box 跨站脚本漏洞

K-Box is a web-based application used to manage document, image, video and geographic data. A cross-site scripting vulnerability exists in K-Box, which stems from the fact that the editors of the product's user document summaries and markdown file previews do not securely handle special character...