Lucene search
K

190 matches found

NVD
NVD
added yesterday4 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-42337

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score
Exploits0References4Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42334

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 6:37 p.m.5 views

CVE-2026-49851

A flaw was found in Mistune, a Python Markdown parser. A remote attacker can exploit this vulnerability by providing a specially crafted Markdown input containing many consecutive bracket characters. This can lead to excessive CPU usage, causing a denial-of-service DoS condition on the affected...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 6:17 p.m.16 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 6:17 p.m.4 views

UBUNTU-CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in node-marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking in certain cases, leading to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown using a vulnerable version of Marked, without usi...

7.5CVSS6.6AI score0.02828EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 10:52 p.m.50 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026

Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands...

9.1CVSS8.7AI score0.00967EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

UBUNTU-CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/26 8:41 p.m.18 views

EUVD-2026-31995

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/26 8:41 p.m.8 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/05/26 8:39 p.m.9 views

CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/14 8:27 p.m.11 views

Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/06 4:56 p.m.6 views

GHSA-HJPH-F4MC-WX4C Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...

8.7CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 8:58 a.m.11 views

CVE-2026-41680

A flaw was found in marked, a markdown parser and compiler. An unauthenticated attacker can exploit this Denial of Service DoS vulnerability by providing a specific 3-byte input sequence a tab, a vertical tab, and a newline. This input triggers an infinite recursion loop during parsing, leading t...

8.7CVSS5.8AI score0.00342EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte...

8.7CVSS5.8AI score0.00342EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/24 5:26 p.m.5 views

CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

8.7CVSS5.4AI score0.00342EPSS
Exploits1References1
Rows per page
Query Builder