Linux Distros Unpatched Vulnerability : CVE-2026-44899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a reg...

CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

Astra Linux - уязвимость в python-django

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with appropriately crafted file names...

CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...

CVE-2026-34977

Aperi'Solve is an open-source steganalysis web platform. Prior to version 3.2.1, uploading a JPEG with an optional password leads the password to be passed into an expect command and then into a bash -c command without sanitization. An unauthenticated attacker can achieve root-level RCE inside th...

SCEditor 跨站脚本漏洞

SCEditor is a visual editor developed by Sam Personal Developer. Versions of SCEditor prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleanup of configuration options passed to sceditor.create, which could lead to cross-site scripting...

CVE-2025-66532 WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through 3.2.1...

EUVD-2025-31085

Malicious code in bioql PyPI...

CVE-2025-10449

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1...

CVE-2025-10449 Path Traversal in Saysis Computer Systems' Saysis Web Portal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1...

CVE-2025-10449 Path Traversal in Saysis Computer Systems' Saysis Web Portal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1...

Saysis Web Portal 路径遍历漏洞

Saysis Web Portal is a web portal product from Saysis, Turkey. A path traversal vulnerability exists in Saysis Web Portal version 3.1.9 and versions 3.2.0 through prior to 3.2.1, which stems from an improperly restricted pathname and could lead to a path traversal attack...

Linux Distros Unpatched Vulnerability : CVE-2024-38441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuflen to '\0' in FPMapName in afpmapname in...

CVE-2025-48923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Toc.Js allows Cross-Site Scripting XSS.This issue affects Toc.Js: from 0.0.0 before 3.2.1...

iTop 安全漏洞

iTop is a simple, web-based IT service management tool from Combodo Open Source. A security vulnerability exists in iTop versions prior to 3.2.1 that stems from a regular expression denial of service that may affect the server...

CVE-2025-26898 WordPress Traveler theme < 3.2.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

PT-2025-6729 · Unknown · Perfex Crm

Name of the Vulnerable Software and Affected Versions: Perfex Crm versions prior to 3.2.1 Description: The issue allows an authenticated attacker to send a crafted HTTP POST request to the "upload sales file" endpoint. By providing malicious input in the rel id parameter, combined with improper...

Drupal SpamSpan filter module < 3.2.1 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module SpamSpan filter versions 3.2.1...