Lucene search
K

32 matches found

NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-53429

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...

6.9CVSS0.00126EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 8:17 p.m.9 views

CVE-2026-54888

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS0.00168EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 7:16 p.m.13 views

CVE-2026-53428

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS0.00142EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 7:16 p.m.10 views

CVE-2026-53427

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS0.00405EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:11 p.m.18 views

CVE-2026-53426

Summary: CVE-2026-53426 affects the MDEx JSON parser. An attacker-controlled node_type in JSON fed to MDEx.parse_document/2 causes repeated String.to_atom/1 calls via Module.concat/1, creating permanent atoms and eventually exhausting the BEAM atom table. Consequence is unauthenticated denial-of-...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 7:11 p.m.12 views

CVE-2026-53426 Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parsedocument/2 accepts a :json, json source. In lib/mdex.ex, the private jsontonode/1 function passes the attacker-controlled nodetype value to Module.concat/1, which calls...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 7:11 p.m.4 views

EEF-CVE-2026-53426 Atom-table exhaustion denial-of-service via JSON parse_document in MDEx

Summary Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parse\document/2 accepts a :json, json source. In lib/mdex.ex, the private json\to\node/1 function passes the attacker-controlled node\type value to Module.concat/1, whic...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:10 p.m.7 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/29 7:10 p.m.4 views

EEF-CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to\delta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':default\convert\node/3...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:10 p.m.13 views

CVE-2026-54888

The CVE-2026-54888 issue is a denial-of-service in mdex/mdex_native caused by uncontrolled recursion when converting Markdown to an AST across a NIF boundary. The root cause is missing maximum nesting depth in two mutual Rust functions (ex_document_to_comrak_ast and comrak_ast_to_ex_document), al...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:10 p.m.6 views

CVE-2026-54888

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/06/29 7:10 p.m.5 views

EEF-CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Summary Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, ex\document\to\comrak\ast and...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 7:7 p.m.10 views

CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 7:7 p.m.25 views

CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...

6.9CVSS0.00126EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:7 p.m.12 views

CVE-2026-53429

Affected software: mdex (0.11.0–0.12.3) and mdex_native (0.1.0–0.2.3). Root cause: native rendering path leaks memory by Box::leak of literal strings for each MDEx.EscapedTag node, with no cap on literal size or node count, causing unbounded memory growth per render and across renders. Trigger: r...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 7:7 p.m.4 views

EEF-CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

Summary Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex\native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 6:52 p.m.25 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS0.00142EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 6:52 p.m.11 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 6:52 p.m.15 views

CVE-2026-53428

Summary: The CVE describes an unbounded memory allocation in the mdex/native codepath when parsing a user-supplied highlight_lines range in Markdown code blocks, enabling a denial-of-service via memory exhaustion. The affected components are mdex (v0.11.0 before 0.12.3) and mdex_native (v0.1.0 be...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References4
Rows per page
Query Builder