Lucene search
+L

132 matches found

cve
cve
added 2025/12/18 7:57 p.m.13 views

CVE-2023-53940

CVE-2023-53940 affects Codigo Markdown Editor 1.0.1 (Electron). The vulnerability arises from handling of markdown files where an embedded video source with an onerror event can trigger arbitrary shell commands via Node.js child_process, enabling code execution when the file is opened. Public ind...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References3
osv
osv
added 2025/12/18 7:57 p.m.6 views

CVE-2023-53940 Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File

Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...

8.4CVSS6.5AI score0.00166EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/12/18 12:0 a.m.9 views

PT-2025-52319

Name of the Vulnerable Software and Affected Versions Codigo Markdown Editor version 1.0.1 Description The software contains a code execution issue that permits attackers to execute arbitrary system commands by creating a malicious markdown file. An attacker can embed a video source with an onerr...

8.4CVSS7.7AI score0.00166EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/12/16 8:44 p.m.5 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS6.5AI score0.00208EPSS
Exploits1References1
nvd
nvd
added 2025/12/15 9:15 p.m.11 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS0.00208EPSS
Exploits1References3
osv
osv
added 2025/12/15 9:15 p.m.8 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS5.9AI score0.00208EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/12/15 8:28 p.m.5 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.1CVSS6.1AI score0.00208EPSS
Exploits1References3
cvelist
cvelist
added 2025/12/15 8:28 p.m.27 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.1CVSS0.00208EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/12/15 12:0 a.m.7 views

PT-2025-51305

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9 Description The software contains a cross-site scripting issue that permits authenticated users to inject malicious scripts during the creation of new pages. An attacker can leverage crafted malicious image source and onerr...

5.4CVSS6.6AI score0.00208EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-5215

Malware in sbrugna...

5.4CVSS5.5AI score0.00702EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-4529

Malware in sbrugna...

5.4CVSS5.6AI score0.01363EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14491

Malware in sbrugna...

3.3CVSS7AI score0.00402EPSS
Exploits1References9
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-13518

Malware in sbrugna...

6.1CVSS6.3AI score0.03813EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-10262

Malware in sbrugna...

6.1CVSS6.3AI score0.00826EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20258

Malware in sbrugna...

5.4CVSS5.5AI score0.03561EPSS
Exploits4References10
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-19147

Malware in sbrugna...

7.8CVSS7.7AI score0.0415EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25193

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00347EPSS
Exploits0References4
nessus
nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-30349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail...

7.2CVSS5.3AI score0.30164EPSS
Exploits0References3
github
github
added 2025/08/19 3:33 p.m.17 views

Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...

8.7CVSS5.8AI score0.00347EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/08/19 3:33 p.m.4 views

GHSA-HFMV-HHH3-43F2 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...

8.7CVSS6.3AI score0.00347EPSS
Exploits0References5
Rows per page
Query Builder