6 matches found
CVE-2026-44897
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...
Linux Distros Unpatched Vulnerability : CVE-2026-31988
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the...
WordPress ShopLentor Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Denver Jackson in WordPress Plugin ShopLentor versions = 3.2.0...
WordPress TablePress plugin <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via shortcodedebug Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TablePress versions = 3.2...
WordPress User Registration Plugin <= 3.2.0.1 is vulnerable to Broken Access Control
Software User Registration Type Plugin Vulnerable versions = 3.2.0.1 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4958 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID 2a769906d907 Credits Thanh Nam Tran Required privileg...