Lucene search
K

4578 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-59926

A flaw was found in Mistune, a Python Markdown parser. The renderadmonition function in the Admonition directive concatenates user-controlled input into the HTML class attribute without proper escaping. This vulnerability allows for attribute injection and Cross-Site Scripting XSS attacks, even...

6.1CVSS6.3AI score
Exploits0References6
Nuclei
Nuclei
added yesterday85 views

Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

9.8CVSS6AI score0.01865EPSS
Exploits1References2
NVD
NVD
added 2 days ago9 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS
Exploits1References3
NVD
NVD
added 2 days ago7 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS
Exploits1References3
NVD
NVD
added 2 days ago8 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS
Exploits1References3
NVD
NVD
added 2 days ago7 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS
Exploits1References3
NVD
NVD
added 2 days ago7 views

CVE-2026-59923

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS
Exploits1References3
Debian CVE
Debian CVE
added 2 days ago5 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6AI score
Exploits1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42339

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6AI score
Exploits1References3
Debian CVE
Debian CVE
added 2 days ago5 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS6AI score
Exploits1
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score
Exploits1
EUVD
EUVD
added 2 days ago3 views

EUVD-2026-42337

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-59929

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...

6.1CVSS6AI score
Exploits1
Debian CVE
Debian CVE
added 2 days ago5 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score
Exploits1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

6.1CVSS5.8AI score
Exploits0
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42334

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-59923

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS6AI score
Exploits1
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-59930

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS6AI score
Exploits1
Rows per page
Query Builder