Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

CVE-2026-41653

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

CVE-2026-41653

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

CVE-2026-41653

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

EUVD-2026-28404

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

BentoPDF 跨站脚本漏洞

BentoPDF is a privacy-oriented client PDF processing tool developed by Alam. Versions of BentoPDF prior to 2.8.3 contained a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, allowing attackers to execute arbitrary JavaScript within the Markdown to PDF tool...

PT-2026-38546

Name of the Vulnerable Software and Affected Versions BentoPDF versions prior to 2.8.3 Description BentoPDF is a self-hostable client-side PDF toolkit. A cross-site scripting issue exists in the Markdown to PDF Tool, which allows an attacker to execute arbitrary JavaScript under certain...

CVE-2026-27625

Stirling-PDF (local web app) is affected in all versions prior to 2.5.2. The vulnerability resides in the /api/v1/convert/markdown/pdf endpoint, where user-supplied ZIP entries are extracted without path checks, enabling path traversal and arbitrary file write by any authenticated user (stirlingp...

EUVD-2026-13638

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

CVE-2026-27625 Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

PT-2026-26592

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

Arbitrary Code Injection

md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...

CVE-2025-65108

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

CVE-2025-65108 md-to-pdf is vulnerable to arbitrary JavaScript code execution when parsing front matter

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

EUVD-2025-198317

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

CVE-2025-65108

CVE-2025-65108 affects the md-to-pdf CLI (Markdown to PDF) where parsing front matter with a JavaScript delimiter can trigger the gray-matter JS engine to execute arbitrary code during the conversion process, enabling remote code execution. This vulnerability exists in versions prior to 5.2.5 and...

Markdown To Pdf 代码注入漏洞

Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. Used to convert Markdown to pdf. A code injection vulnerability exists in Markdown To Pdf versions prior to 5.2.5, which stems from improper handling of Markdown front-end blocks and could...

md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter

Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...