CVE-2026-11422
- EPSS 0.16%
- Veröffentlicht 05.06.2026 20:16:50
- Zuletzt bearbeitet 08.06.2026 15:16:39
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code blo...
CVE-2026-50733
- EPSS 0.36%
- Veröffentlicht 05.06.2026 17:49:53
- Zuletzt bearbeitet 05.06.2026 20:17:35
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and presentation mode ...
CVE-2026-49492
- EPSS 0.34%
- Veröffentlicht 05.06.2026 17:49:52
- Zuletzt bearbeitet 05.06.2026 18:59:54
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latex_engin...
CVE-2026-49493
- EPSS 0.33%
- Veröffentlicht 05.06.2026 17:49:52
- Zuletzt bearbeitet 05.06.2026 18:59:54
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A crafted markdown document containing a malicious b...
CVE-2025-65716
- EPSS 0.64%
- Veröffentlicht 16.02.2026 00:00:00
- Zuletzt bearbeitet 25.02.2026 18:46:08
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.