CVE-2026-50733 – Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()

CVE ID :CVE-2026-50733

Published : June 5, 2026, 6:17 p.m. | 15 minutes ago

Description :Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path – the live preview (window.eval) and presentation mode plus HTML export (the bundled WaveDrom.ProcessAll()/eva() helpers) – and can also be triggered through a 

نوشته های مشابه

CVE-2026-9134 – Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel

CVE-2026-9109 – GPTranslate

CVE-2026-9062 – Agile Store Locator < 1.6.9 – Admin+ Arbitrary File Read via Path Traversal

CVE-2026-9061 – Agile Store Locator < 1.6.9 – Admin+ Stored XSS via logo_name