Lucene search
K

6 matches found

nvd
nvd
added 2026/05/26 9:16 p.m.15 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS0.00228EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/05/26 8:36 p.m.12 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References2
nessus
nessus
added 2026/03/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the...

6.9CVSS6.2AI score0.00485EPSS
Exploits0References3
patchstack
patchstack
added 2025/09/09 5:7 p.m.5 views

WordPress ShopLentor Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Denver Jackson in WordPress Plugin ShopLentor versions = 3.2.0...

6.5CVSS6AI score0.00157EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2025/08/30 12:2 a.m.4 views

WordPress TablePress plugin <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via shortcodedebug Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TablePress versions = 3.2...

6.4CVSS5.5AI score0.00223EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/03 12:0 a.m.8 views

WordPress User Registration Plugin <= 3.2.0.1 is vulnerable to Broken Access Control

Software User Registration Type Plugin Vulnerable versions = 3.2.0.1 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4958 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID 2a769906d907 Credits Thanh Nam Tran Required privileg...

7.1CVSS6.6AI score0.00334EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder