CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

Arbitrary Code Injection

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and altFontFamily. An...

Arbitrary Code Injection

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and...

Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

Impact Under the default configuration, Mermaid state diagram's classDef allow DOM injection that escapes the SVG, although tags are removed, preventing XSS. Proof-of-concept stateDiagram-v2 classDef xss...

Arbitrary Code Injection

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker can inject...

Arbitrary Code Injection

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker c...

PT-2026-39886

Name of the Vulnerable Software and Affected Versions Mermaid versions prior to 10.9.6 Mermaid versions 11.0.0-alpha.1 through 11.14.0 Description Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Under the default configuration, the classDef...

CVE-2026-43862

A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...

SUSE CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

UBUNTU-CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

EUVD-2026-26900

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-43862

CVE-2026-43862 concerns mutt prior to 2.3.2, where the imap_auth_gss security level is mishandled. Affected software: mutt (before 2.3.2). Root cause: mishandling of the imap_auth_gss security level. Impact (per CVSS): low overall impact (Confidentiality: None, Integrity: Low, Availability: None)...

CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

PT-2026-36775

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description The imap auth gss security level is mishandled. Recommendations Update to version 2.3.2...

Linux Distros Unpatched Vulnerability : CVE-2026-43862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mutt before 2.3.2, the imapauthgss security level is mishandled. CVE-2026-43862 Note that Nessus relies on the presence of the package as reported by the...

CVE-2026-39678

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

EUVD-2026-21148

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering...

CVE-2026-40107

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...