Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20815 matches found

OSV
OSVadded 2026/03/05 8:16 p.m.3 views

UBUNTU-CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/03/05 7:49 p.m.3 views

CVE-2026-28348 lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/05 7:49 p.m.4 views

CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/05 7:49 p.m.17 views

CVE-2026-28348

CVE-2026-28348 affects the python-lxml_html_clean package. Before 0.4.4, the _has_sneaky_javascript() path strips backslashes before checking dangerous CSS keywords, allowing CSS Unicode escapes to bypass @import and expression() filters, enabling external CSS loading or XSS in older browsers. Th...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/03/05 7:49 p.m.31 views

CVE-2026-28348 lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS0.00228EPSS
Exploits1References2
OSV
OSVadded 2026/03/05 7:49 p.m.1 views

CVE-2026-28348 lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/03/05 7:49 p.m.4 views

CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.1AI score0.00228EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/03/05 6:56 p.m.5 views

CVE-2025-69534

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References6
Snyk
Snykadded 2026/03/05 3:30 p.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the HTMLParser component. An attacker can cause application crashes or potentially disclose information by submitting specially crafted, malformed HTML-like sequences in Markdown input. PoC python import markdown...

8.2CVSS5.8AI score0.00465EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/05 3:30 p.m.4 views

EUVD-2025-208312

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

6AI score0.00465EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/03/05 3:30 p.m.13 views

Python-Markdown has an Uncaught Exception

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS6AI score0.00465EPSS
Exploits1References8Affected Software1
OSV
OSVadded 2026/03/05 3:30 p.m.2 views

GHSA-5WMX-573V-2QWQ Python-Markdown has an Uncaught Exception

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS5.9AI score0.00465EPSS
Exploits1References7
OSV
OSVadded 2026/03/05 3:16 p.m.3 views

PYSEC-2026-89

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS7.3AI score0.00465EPSS
Exploits1References5
PyPA
PyPAadded 2026/03/05 3:16 p.m.7 views

PYSEC-2026-89

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS7.3AI score0.00465EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/03/05 3:16 p.m.7 views

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS0.00465EPSS
Exploits1References4
OSV
OSVadded 2026/03/05 3:16 p.m.4 views

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS5.8AI score
Exploits0References4
OSV
OSVadded 2026/03/05 3:16 p.m.3 views

DEBIAN-CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS8.4AI score0.00465EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/03/05 3:16 p.m.7 views

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS5.9AI score0.00465EPSS
Exploits1References8
OSV
OSVadded 2026/03/05 3:16 p.m.3 views

UBUNTU-CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS5.8AI score0.00465EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/03/05 1:40 p.m.3 views

CVE-2026-2355

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template attribute of the mycalendarupcoming shortcode in all versions up to, and including, 3.7.3. This is due to the use of stripcslashes on user-supplied shortcode attribute...

6.4CVSS6AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder