Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

...

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

CVE-2026-40201

The CVE-2026-40201 affects @diplodoc/search-extension from versions 1.0.0 through 3.x prior to 3.0.3, where a stored XSS is possible via the title in a .md file. The issue is caused by input not being properly sanitized before being rendered in titles, enabling an attacker-supplied payload to exe...

PT-2026-36308

Name of the Vulnerable Software and Affected Versions @diplodoc/search-extension versions 1.0.0 through 3.0.2 Description Stored Cross-Site Scripting XSS occurs via the title in a .md file. Stored XSS is a type of vulnerability where a malicious script is permanently stored on the target server,...

Diplodoc search extension 跨站脚本漏洞

The Diplodoc Search Extension is an open-source extension tool for offline searching developed by Diplodoc. Versions of the Diplodoc Search Extension from 1.0.0 to 3.0.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from titles in.md files, which could lead to...

Linux Distros Unpatched Vulnerability : CVE-2024-32875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in...

SUSE CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...