12 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-41680
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte...
CVE-2026-41680
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
CVE-2022-21680
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...
CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...
CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
@addaps/doca-addaps-theme (>=1.0.1 <=1.0.6), doca-bootstrap-theme (>=0.0.6 <=1.0.0) +11 more potentially affected by unknown CVE via react-marked-markdown (=1.4.6)
react-marked-markdown NPM version =1.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on react-marked-markdown and may be impacted: - @addaps/doca-addaps-theme =1.0.1, =0.0.6, =0.0.1, =0.2.1, =1.0.0, =0.0.1, =1.0.0, =0.1.1, =0.15.1, =0.1.2, =0.2.1 Sour...
GHSA-M7QM-R2R5-F77Q Cross-Site Scripting in react-marked-markdown
All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from 'react-marked-markdown'...
Christopher Jeffrey marked Access Control Error Vulnerability
marked is the United States Christopher Jeffrey software developers of a Markdown parser and compiler written in JavaScript . An access control error vulnerability exists in marked. The vulnerability arises from a network system or product that does not properly restrict access to resources from...
Cross-Site Scripting
Overview All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from...
Cross-Site Scripting (XSS)
react-marked-markdown is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not sanitize the href values to XSS-free string...
Node.js third-party modules: The react-marked-markdown module allows XSS injection in href values.
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...