CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

135 matches found

EUVD•added 2026/03/13 8:0 p.m.•2 views

EUVD-2026-11720

OneUptime: Stored XSS via Mermaid Diagram Rendering securityLevel: "loose"...

7.6CVSS5.8AI score0.00053EPSS

Exploits1References2

OSV•added 2026/03/11 4:33 p.m.•2 views

DRUPAL-CONTRIB-2026-028

The module and certain submodules AI Automators, AI Translate, AI API Explorer, AI Content Suggestions provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the...

7.5CVSS5.8AI score0.00067EPSS

Exploits0References1

Vulnrichment•added 2026/03/11 4:6 p.m.•3 views

CVE-2026-30235 Business Logic Error on OpenProject through hyperlinks in markdown using DOM clobbering

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM...

6.5CVSS5.8AI score0.00103EPSS

Exploits0References1

EUVD•added 2026/03/11 4:6 p.m.•2 views

EUVD-2026-11235

6.5CVSS5.8AI score0.00103EPSS

Exploits0References1

ATTACKERKB•added 2026/03/11 4:6 p.m.•4 views

CVE-2026-30235

6.5CVSS5.8AI score0.00103EPSS

Exploits0References2Affected Software1

Drupal•added 2026/03/11 12:0 a.m.•12 views

AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

7.5CVSS5.8AI score0.00067EPSS

Exploits0References1

CNNVD•added 2026/03/11 12:0 a.m.•3 views

OpenProject 跨站脚本漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper Markdown rendering validation in OpenProject, especially in the handling of hyperlinks. It could allow...

6.5CVSS5.6AI score0.00103EPSS

Exploits0References1

NVD•added 2026/03/06 5:16 p.m.•3 views

CVE-2026-29082

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS0.00053EPSS

Exploits1References2

Cvelist•added 2026/03/06 4:33 p.m.•25 views

CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview

7.3CVSS0.00053EPSS

Exploits1References2

ATTACKERKB•added 2026/03/06 4:33 p.m.•3 views

CVE-2026-29082

7.3CVSS5.8AI score0.00053EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/03/06 12:0 a.m.•3 views

kestra 跨站脚本漏洞

Kestra is an open-source workflow automation platform developed by Kestra. Versions of Kestra 1.1.10 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup when rendering Markdown formats provided by users, which could lead to cross-site scriptin...

7.3CVSS5.6AI score0.00053EPSS

Exploits1References3

Positive Technologies•added 2026/03/06 12:0 a.m.•3 views

PT-2026-23727

7.3CVSS5.8AI score0.00053EPSS

Exploits1References3

OSV•added 2026/03/03 10:9 p.m.•2 views

GHSA-R294-2894-92J3 OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering

Summary The exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields. Impact Opening a crafted exported HTML session could execute attacker-controlled JavaScript in the viewer context. This can expose session...

5.3CVSS6.1AI score

Exploits0References3

Tenable Nessus•added 2026/02/13 12:0 a.m.•4 views

n8n Node.js Package < 1.123.9 / 2.x < 2.2.1 Stored XSS (CVE-2026-25054)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.9, or 2.x prior to 2.2.1. It is, therefore, affected by a stored cross-site scripting vulnerability: - A cross-site scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface,...

8.5CVSS5.8AI score0.00016EPSS

Exploits0References2

RedhatCVE•added 2026/02/07 7:31 p.m.•5 views

CVE-2026-25647

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

5.4CVSS5.4AI score0.00016EPSS

Exploits1References1

SUSE CVE•added 2026/02/07 12:24 a.m.•4 views

SUSE CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS5.4AI score0.001EPSS

Exploits1References3

OSV•added 2026/02/06 9:12 p.m.•5 views

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

6.1CVSS5.5AI score0.00025EPSS

Exploits1References4

Cvelist•added 2026/02/06 9:12 p.m.•26 views

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

6.1CVSS0.00025EPSS

Exploits1References2

Vulnrichment•added 2026/02/06 7:3 p.m.•2 views

CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink

4.6CVSS5.5AI score0.00016EPSS

Exploits1References2

OSV•added 2026/02/06 7:3 p.m.•3 views

CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink