Lucene search
K

4563 matches found

Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-55971

Name of the Vulnerable Software and Affected Versions OpenAI Codex for macOS affected versions not specified Description The desktop application renders remote images from Markdown within model responses. An attacker can use indirect prompt injection—a technique where malicious instructions are...

6.5CVSS6AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-41721

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
CVE
CVE
added 4 days ago16 views

CVE-2026-14702

Technical details are not publicly available in the provided documents. Monitor for updates to the CVE entry and connected sources for further information.

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 7:1 p.m.3 views

GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.9CVSS6.1AI score0.00028EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 5:16 p.m.9 views

CVE-2026-58173

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS0.00307EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 3:55 p.m.14 views

CVE-2026-58173

Vibe-Trading prior to 0.1.10 is affected by a path traversal vulnerability in which the memory_type value, supplied via the remember tool to the persistent memory store, enables writing files outside the intended memory root. This can allow an attacker to create arbitrary Markdown files at uninte...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 3:55 p.m.5 views

EUVD-2026-40354

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 3:55 p.m.34 views

CVE-2026-58173 Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53924

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description A path traversal issue exists in the remember tool, allowing attackers to write arbitrary Markdown files to unintended locations on the filesystem. This is achieved by supplying a malicious...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 8:17 p.m.7 views

CVE-2026-54888

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS0.00168EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 7:16 p.m.9 views

CVE-2026-53427

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS0.00405EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.25 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 7:10 p.m.10 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:10 p.m.14 views

CVE-2026-54889

Summary: CVE-2026-54889 security issue in Elixir.MDEx.mdex Delta conversion path allows XSS via unsanitized URL schemes in Quill Delta output. The vulnerability arises when Elixir.MDEx.DeltaConverter.default_convert_node/3 copies the URL from link, wikilink, or image nodes into the Delta attribut...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:10 p.m.6 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.24 views

CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS0.00168EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 7:10 p.m.7 views

CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 7:10 p.m.4 views

EEF-CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Summary Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, ex\document\to\comrak\ast and...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 7:10 p.m.10 views

CVE-2026-54888

The CVE-2026-54888 issue is a denial-of-service in mdex/mdex_native caused by uncontrolled recursion when converting Markdown to an AST across a NIF boundary. The root cause is missing maximum nesting depth in two mutual Rust functions (ex_document_to_comrak_ast and comrak_ast_to_ex_document), al...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References4
Rows per page
Query Builder