Lucene search
K

4 matches found

OSV
OSV
added 2026/07/08 4:16 p.m.3 views

CVE-2026-59926 Mistune: XSS via unescaped class option in Admonition directive

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS6AI score0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 4:16 p.m.2 views

CVE-2026-34977

Aperi'Solve is an open-source steganalysis web platform. In versions 3.1.3 through 3.2.0, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command,...

9.8CVSS5.9AI score0.00775EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2026/03/11 11:16 p.m.4 views

CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

6.9CVSS0.00485EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/04 12:0 a.m.12 views

WordPress Advanced Classifieds & Directory Pro Plugin <= 3.1.3 is vulnerable to Local File Inclusion

Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-37501 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 09c35e44898b Credits João Pedro S Alcântar...

8.5CVSS6.9AI score0.00513EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder