English
全部
搜索
图片
视频
地图
资讯
Copilot
更多
购物
航班
旅游
笔记本
Top stories
Sports
U.S.
Local
World
Science
Technology
Entertainment
Business
More
Politics
时间不限
过去 1 小时
过去 24 小时
过去 7 天
过去 30 天
最佳匹配
最新
腾讯网
18 天
高危Markdown转PDF漏洞可通过Markdown前置元数据实现JS注入攻击(CVSS 10.0)
2025年11月24日,广受欢迎的npm包md-to-pdf(每周下载量超47,000次的命令行工具)曝出高危漏洞(CVE-2025-65108)。该漏洞获得CVSS满分10分评级,攻击者可通过恶意前置元数据解析执行任意JavaScript代码。任何使用该包处理不可信Markdown内容的应用程序、构建系统或云服务均面临严重风险。
当前正在显示可能无法访问的结果。
隐藏无法访问的结果
今日热点
IN Senate rejects map
Announces new ChatGPT model
Reveals cancer diagnosis
2 supervisory officers testify
To end SK On partnership
DOJ fails to re-indict
Oklahoma BLM leader indicted
Federal judge orders release
T.J. Watt hospitalized
Healthcare bills fail
Judge faces ethics complaint
US, Japan hold joint drills
WH abruptly cancels meeting
Incurable lung disease in MA
Signs AI protection bills
Machado appears in public
Announces bid for WI gov.
Airlifted after crash
Myanmar military air strike
Settles antitrust case
Nasal spray recalled
Tennessee executes Nichols
Names Person of the Year
'Ben 10' voice actor dies
Bulgaria’s govt. resigns
Signs order over state AI laws
LA County sues oil companies
Jackpot rises to $1B
Wants old House seat back
To co-chair next Met Gala
Bolivia detains ex-president
Mike Lindell enters MN race
反馈
反馈