Lucene search
+L

19 matches found

NVD
NVD
added 2026/07/05 5:16 a.m.11 views

CVE-2026-14702

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS0.00108EPSS
Exploits0References7
NVD
NVD
added 2026/07/05 5:16 a.m.12 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS0.00137EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 4:0 a.m.38 views

CVE-2026-14702 zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS0.00108EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 4:0 a.m.12 views

EUVD-2026-41721

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:0 a.m.9 views

CVE-2026-14702

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/07/05 4:0 a.m.24 views

CVE-2026-14702

Technical details are not publicly available in the provided documents. Monitor for updates to the CVE entry and connected sources for further information.

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 3:15 a.m.30 views

CVE-2026-14699 zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS0.00137EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:15 a.m.9 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/07/05 3:15 a.m.9 views

EUVD-2026-41724

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
CVE
CVE
added 2026/07/05 3:15 a.m.21 views

CVE-2026-14699

CVE-2026-14699 affects zcaceres/markdownify-mcp prior to 1.1.0. The vulnerability is in assertPathAllowed (src/Markdownify.ts) and can be triggered by local manipulation, potentially causing symlink following. Exploitation is limited to local access. A fix is pending in a pull request and not yet...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
OSV
OSV
added 2026/07/05 3:15 a.m.4 views

CVE-2026-14699 zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.10 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS6.9AI score0.00459EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2025-202627

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

6.4AI score0.00459EPSS
Exploits1References3
OSV
OSV
added 2025/12/10 9:16 p.m.6 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS5.8AI score0.00459EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Markdownify MCP Server 安全漏洞

Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server version 0.0.2 and earlier, which stems from a server-side request forger...

7.5CVSS6.6AI score0.00459EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.3 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

6.6AI score0.00459EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.27 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

0.00459EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.10 views

PT-2025-50494

Name of the Vulnerable Software and Affected Versions markdownify-mcp versions prior to 0.0.3 Description A Server-Side Request Forgery SSRF issue exists in the webpage-to-markdown conversion feature. This allows an attacker to circumvent private IP restrictions using hostname-based bypass and HT...

7.5CVSS6.7AI score0.00459EPSS
Exploits1References5
Circl
Circl
added 2025/09/02 3:53 p.m.9 views

CVE-2025-58358

creationtimestamp| type| source ---|---|--- 2025-09-02 15:53:24+00:00| published-proof-of-concept| https://github.com/zcaceres/markdownify-mcp/security/advisories/GHSA-45qj-4xq3-3c45...

7.5CVSS5.8AI score0.0099EPSS
Exploits0References1
Rows per page
Query Builder