Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte...

8.7CVSS5.8AI score0.00342EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.5 views

CVE-2026-41680

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

8.7CVSS5.8AI score0.00342EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/24 5:26 p.m.5 views

CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

8.7CVSS5.4AI score0.00342EPSS
Exploits1References1
NVD
NVD
added 2022/01/14 5:15 p.m.18 views

CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

7.5CVSS0.02828EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/01/14 12:0 a.m.23 views

CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

7.5CVSS7.4AI score0.02828EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/01/14 12:0 a.m.24 views

CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

7.5CVSS7.4AI score0.02743EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2020/09/01 8:43 p.m.6 views

@addaps/doca-addaps-theme (>=1.0.1 <=1.0.6), doca-bootstrap-theme (>=0.0.6 <=1.0.0) +11 more potentially affected by unknown CVE via react-marked-markdown (=1.4.6)

react-marked-markdown NPM version =1.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on react-marked-markdown and may be impacted: - @addaps/doca-addaps-theme =1.0.1, =0.0.6, =0.0.1, =0.2.1, =1.0.0, =0.0.1, =1.0.0, =0.1.1, =0.15.1, =0.1.2, =0.2.1 Sour...

5.8AI score
Exploits0
OSV
OSV
added 2020/09/01 8:43 p.m.11 views

GHSA-M7QM-R2R5-F77Q Cross-Site Scripting in react-marked-markdown

All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from 'react-marked-markdown'...

6.1AI score
Exploits0References4
CNVD
CNVD
added 2019/04/18 12:0 a.m.2 views

Christopher Jeffrey marked Access Control Error Vulnerability

marked is the United States Christopher Jeffrey software developers of a Markdown parser and compiler written in JavaScript . An access control error vulnerability exists in marked. The vulnerability arises from a network system or product that does not properly restrict access to resources from...

6.5CVSS6.8AI score0.00675EPSS
Exploits1References1
Node.js
Node.js
added 2018/05/17 8:43 p.m.559 views

Cross-Site Scripting

Overview All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from...

5.9AI score
Exploits0Affected Software1
Veracode
Veracode
added 2018/05/14 3:4 a.m.13 views

Cross-Site Scripting (XSS)

react-marked-markdown is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not sanitize the href values to XSS-free string...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2018/04/27 7:35 p.m.44 views

Node.js third-party modules: The react-marked-markdown module allows XSS injection in href values.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...

0.5AI score
Exploits0
Rows per page
Query Builder