Lucene search
K

30 matches found

CVE
CVE
added 4 days ago16 views

CVE-2026-14702

Technical details are not publicly available in the provided documents. Monitor for updates to the CVE entry and connected sources for further information.

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-41721

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/17 4:42 p.m.19 views

CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS0.00133EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS5.6AI score0.00102EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/01 2:15 p.m.5 views

mahoraga (>=0.5.1 <=0.6.0), pixi-browse (>=0.0.1 <=0.0.13) +2 more potentially affected by CVE-2026-47425 via py-rattler (>=0.22.0 <=0.23.2)

py-rattler PYPI version =0.22.0, =0.5.1, =0.0.1, =0.1.0, =0.8.0 Source cves: CVE-2026-47425 Source advisory: OSV:GHSA-Q53Q-5R4J-5729...

5.7AI score0.00058EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/21 9:27 p.m.17 views

Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

5.8AI score0.0006EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/05/21 9:27 p.m.4 views

GHSA-JV8M-2544-3PG3 Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

5.3CVSS5.8AI score0.0006EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42631

Description Several filters in the twig/ extras packages are registered with is safe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

5.3CVSS5.8AI score0.0006EPSS
Exploits0References6
NVD
NVD
added 2026/05/13 8:16 p.m.46 views

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 7:16 p.m.50 views

CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:16 p.m.7 views

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS6AI score0.00102EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/06 10:31 p.m.15 views

Server-side Request Forgery (SSRF)

Overview misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the htmltomarkdown and qrcode modules when handling remote resource fetching. An attacke...

8.3CVSS5.5AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38308

Name of the Vulnerable Software and Affected Versions MISP Modules versions prior to 3.0.7 Description Unsafe remote resource fetching exists in expansion modules. The html to markdown module accepts arbitrary HTTPS URLs without sufficient validation, enabling Server-Side Request Forgery SSRF—a...

5.8CVSS6AI score0.00102EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/03 7:45 p.m.18 views

CVE-2026-5484 BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

6.9CVSS0.00322EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/24 7:22 p.m.3 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tomarkdown function when serializing attacker-controlled content. An attacker can execute arbitrary HTML or scripts by crafting input containing...

7.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/18 8:19 p.m.10 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tomarkdown function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters...

6.1CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/03/17 12:16 a.m.5 views

CVE-2026-4285

A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such...

5.1CVSS0.00463EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

easegen-admin 路径遍历漏洞

easegen-admin is a digital human course creation platform developed by taoofagi. Easegen-admin has a path traversal vulnerability, which stems from incorrect handling of the parameter fileUrl in the file...

5.1CVSS5.8AI score0.00463EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.9 views

CVE-2025-65512

A Server-Side Request Forgery SSRF vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to...

7.5CVSS6.9AI score0.00442EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18858

Malware in sbrugna...

8.7CVSS6.4AI score0.00389EPSS
Exploits0References3
Rows per page
Query Builder