Lucene search
+L

20 matches found

osv
osv
added yesterday3 views

MGASA-2026-0254 Updated python-mistune package fixes security vulnerabilities

The updated python-mistune package fixes two security vulnerablities: Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python...

8.7CVSS6.2AI score0.0035EPSS
Exploits1References4
euvd
euvd
added last week10 views

EUVD-2026-39007

Mistune: Potential DoS via quadratic-time parsing in parselinktext...

8.7CVSS7.1AI score0.0035EPSS
Exploits0References5
osv
osv
added 2026/06/29 3:9 a.m.2 views

SUSE-SU-2026:22495-1 Security update for python-mistune

This update for python-mistune fixes the following issue - CVE-2026-49851: potential DoS via quadratic-time parsing in parselinktext bsc1269091...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References3
osv
osv
added 2026/06/29 3:9 a.m.3 views

OPENSUSE-SU-2026:21191-1 Security update for python-mistune

This update for python-mistune fixes the following issue - CVE-2026-49851: potential DoS via quadratic-time parsing in parselinktext bsc1269091...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References2
nessus
nessus
added 2026/06/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately O...

8.7CVSS7.1AI score0.0035EPSS
Exploits0References3
snyk
snyk
added 2026/06/24 7:16 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parselinktext function of mistune/inlineparser.py, which performs a regex search inside a loop that advances one character at a time when parsing fails, producing On² behavior...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References2
nvd
nvd
added 2026/06/24 6:17 p.m.19 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/24 5:5 p.m.7 views

CVE-2026-49851 Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References1
cve
cve
added 2026/06/24 5:5 p.m.20 views

CVE-2026-49851

Mistune (Python Markdown parser) prior to 3.3.0 is vulnerable to CPU exhaustion DoS due to quadratic-time behavior in parse_link_text when parsing many consecutive '[' characters. The code repeatedly scans input with a regex inside a loop, yielding O(n^2) runtime on affected inputs and enabling a...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/24 5:5 p.m.30 views

CVE-2026-49851 Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References1
osv
osv
added 2026/06/24 5:5 p.m.3 views

CVE-2026-49851 Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS7.1AI score0.0035EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.11 views

PT-2026-52033

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description A CPU exhaustion Denial of Service DoS occurs due to superlinear approximately On² behavior in the parse link text function. When processing Markdown containing numerous consecutive characters, the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References25
cve
cve
added 2026/01/13 10:52 p.m.21 views

CVE-2022-50937

Ametys CMS v4.4.1 contains a persistent cross-site scripting (XSS) vulnerability in the link directory’s input fields for external links. An attacker can inject script into link text and descriptions, enabling persistent attacks that can compromise user sessions and manipulate application modules...

6.1CVSS6.1AI score0.00262EPSS
Exploits1References4Affected Software1
redhatcve
redhatcve
added 2025/05/22 3:2 a.m.5 views

CVE-2014-7980

Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...

3.5CVSS5.9AI score0.00946EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/11/22 12:0 a.m.4 views

WordPress plugin SimpLy Gallery Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.5CVSS7.6AI score0.00364EPSS
Exploits0References2
osv
osv
added 2024/04/03 7:0 p.m.4 views

CVE-2024-3180 Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this...

3.1CVSS6AI score0.00359EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/04/03 12:0 a.m.4 views

PT-2024-24209 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.7 Concrete CMS versions 8.5.15 and earlier Description: The issue is related to Stored XSS in blocks of type file, which could be caused by a rogue administrator adding malicious code to the link-text...

4.8CVSS6AI score0.00359EPSS
Exploits0References11
osv
osv
added 2021/11/29 9:15 a.m.4 views

CVE-2021-24883

The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00778EPSS
Exploits0References3
atlassian
atlassian
added 2013/12/10 1:42 p.m.18 views

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

0.3AI score
Exploits0Affected Software1
atlassian
atlassian
added 2013/12/10 1:42 p.m.19 views

Link Text of a Space Changed for User without Space View Permission

Link Text name of a Space changes into the Space key if viewed by a user without Space view permission for that specific Space. h6. Steps to reproduce Create a Space e.g.: Space name "TEST 1 - 3" with Space key "TES" with a Homepage that has the same name as the Space name In other public Space,...

0.3AI score
Exploits0Affected Software1
Rows per page
Query Builder