25 matches found
PT-2026-56517
Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description Mistune is a Python Markdown parser with renderers and plugins. The Include.parse function joins and normalizes user-supplied include paths without verifying that the result remains within the intend...
OSV-2026-816 Heap-buffer-overflow in md_process_all_blocks
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516422428 Crash type: Heap-buffer-overflow READ Crash state: mdprocessallblocks mdparse mdhtml...
PT-2026-47121
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516422428 Crash type: Heap-buffer-overflow READ Crash state: md process all blocks md parse md html...
GHSA-97R8-RF7Q-WMJW Sveltia CMS: Stored XSS in entry summary rendering via entity-decoded HTML
Impact A stored cross-site scripting XSS vulnerability affected entry summary rendering in Sveltia CMS. Entry summaries that allowed limited Markdown were parsed, sanitized, and then HTML entities were decoded. This order allowed specially crafted entity-encoded HTML, such as encoded tags or even...
Sveltia CMS: Stored XSS in entry summary rendering via entity-decoded HTML
Impact A stored cross-site scripting XSS vulnerability affected entry summary rendering in Sveltia CMS. Entry summaries that allowed limited Markdown were parsed, sanitized, and then HTML entities were decoded. This order allowed specially crafted entity-encoded HTML, such as encoded tags or even...
Cross-site Scripting (XSS)
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the attribute process. An attacker can execute arbitrary JavaScript in the context of users who view a page by...
CVE-2026-1090
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...
EUVD-2026-11180
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...
CVE-2026-1090
Removed by vendor...
CVE-2026-28451
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...
CVE-2026-28451 OpenClaw < 2026.2.14 - SSRF via Feishu Extension Media Fetching
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnerabilities in the Feishu extension that allow attackers to fetch attacker-controlled remote URLs without SSRF protections via sendMediaFeishu function and markdown image processing. Attackers can influence tool calls...
GitLab 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2026-1456)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through...
UBUNTU-CVE-2026-1456
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...
EUVD-2021-0511
Malware in sbrugna...
Multiple vulnerabilities in GROWI
Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Stored cross-site scripting vulnerability in the App Settings /admin/app page and the Markdown Settings...
The vulnerability of the compiler for processing Markdown Marked, related to incorrect handling of regular expressions, allows a hacker to trigger a service failure.
The vulnerability of the compiler for processing Markdown marked text is related to incorrect handling of regular expressions. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
Fedora 37 : rubygem-redcarpet (2023-8682a0e17d)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8682a0e17d advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...
Fedora 36 : rubygem-redcarpet (2023-597f13ffb9)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-597f13ffb9 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...
SUSE CVE-2021-26813
markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...
PT-2022-22432 · Md2Roff · Md2Roff
Name of the Vulnerable Software and Affected Versions: md2roff version 1.7 Description: The issue is a stack-based buffer overflow that occurs when processing a Markdown file containing a large number of consecutive characters. It's noted that the vendor's position is that the product is not...