Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59930

A flaw was found in Mistune, a Python Markdown parser. The table of contents toc plugin and TableOfContents directive generate heading identifiers IDs as predictable values e.g., tocN without properly processing the heading text. This allows an attacker to control content with a colliding ID, whi...

4.3CVSS6AI score0.00128EPSS
Exploits1References6
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS0.00128EPSS
Exploits1References3
CVE
CVE
added 6 days ago12 views

CVE-2026-59930

Mistune (Python Markdown parser) prior to 3.3.0 has a vulnerability in the toc/TableOfContents directive: heading IDs are generated as predictable toc_N values without slugifying the heading text. This can allow attacker-controlled id="toc_N" content to collide with generated anchors, potentially...

4.3CVSS6AI score0.00128EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 8:41 p.m.9 views

CVE-2026-44898 Mistune TOC Anchor Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/26 8:41 p.m.20 views

EUVD-2026-31995

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References2
Rows per page
Query Builder