Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
HackmdCodimd*

3 matches found

CVE
CVEadded 2024/02/21 12:0 a.m.6215 views

CVE-2024-22778

HackMD CodiMD versions before 2.5.2 are vulnerable to Denial of Service. Affected software: HackMD CodiMD prior to 2.5.2. Root cause and impact: DoS vulnerability with CWEs not specified in the documents; CVSSv3.1 base score 7.5 (Network exploitation, Low attack complexity, No privileges, No user...

7.5CVSS6.7AI score0.00588EPSS
CVE
CVEadded 2024/07/10 7:50 p.m.78 views

CVE-2024-38353

CVE-2024-38353 (CodiMD) affects CodiMD prior to 2.5.4, where an unauthenticated attacker can access uploaded image data due to missing authentication and access controls. The underlying issue is insecure filename generation in the Formidable library, enabling an attacker who can guess an image UR...

5.3CVSS5.6AI score0.05317EPSS
CVE
CVEadded 2024/07/10 7:49 p.m.51 views

CVE-2024-38354

CVE-2024-38354 affects CodiMD/HackMD.io notes, where the notebook feature allows rendering of iframe HTML tags with an improperly sanitized name attribute, enabling DOM clobbering-based XSS. The issue, fixed in version 2.5.4, impacts note collaboration environments that render untrusted HTML. No ...

8.1CVSS6.5AI score0.00965EPSS