Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Markus — Vulnerabilities & Security Advisories 8

All 8 CVE vulnerabilities found in Markus, with AI-generated Chinese analysis, references, and POCs.

Vendor: MarkUsProject

CVE IDTitleCVSSSeverityPublished
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS CWE-409 6.5 Medium2026-03-06
CVE-2026-27807 MarkUs: YAML alias (‘billion laughs’) DoS in config upload CWE-776 4.9 Medium2026-03-06
CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions CWE-79 8.0 High2026-03-05
CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE CWE-23 9.1 Critical2026-02-09
CVE-2026-24900 MarkUs has a submission-view IDOR exposes all student submissions CWE-639 6.5 Medium2026-02-09
CVE-2024-51743 Arbitrary File Write leading up to remote code execution (instructor accounts) CWE-434 8.8AIHighAI2024-11-18
CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts) CWE-434 8.8AIHighAI2024-11-18
CVE-2024-47820 MarkUs vulnerable to Path Traversal CWE-22 5.7 Medium2024-11-18

All 8 known CVE vulnerabilities affecting Markus with full Chinese analysis, references, and POCs where available.