nyxragon/Vulnerability-Research

Releases0

This repository contains reports and proof of concepts (PoCs) for the CVEs I have discovered.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-7738 ↗	Aug 13, 2024Tuesday, 13 August 2024, 19:15	3.3 LOW	1.7 LOW
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2024-7739 ↗	Aug 13, 2024Tuesday, 13 August 2024, 19:15	4.3 MEDIUM	5 MEDIUM
A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.