Lucene search
K

300 matches found

RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-59929

A flaw was found in Mistune, a Python Markdown parser. The safeurl filter, intended to prevent malicious Uniform Resource Locators URLs, did not adequately block all potentially harmful schemes. This oversight allows an attacker to embed specially crafted URLs using legacy or chained schemes with...

6.1CVSS6.3AI score0.00198EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-59923

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows an attacker to bypass URL protections by using specially crafted Markdown links or images containing percent-encoded javascript URIs. This can lead to the execution of arbitrary scripts in the rendered HTML,...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59930

A flaw was found in Mistune, a Python Markdown parser. The table of contents toc plugin and TableOfContents directive generate heading identifiers IDs as predictable values e.g., tocN without properly processing the heading text. This allows an attacker to control content with a colliding ID, whi...

4.3CVSS6AI score0.00128EPSS
Exploits1References6
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-39007

Mistune: Potential DoS via quadratic-time parsing in parselinktext...

8.7CVSS7.1AI score0.0035EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-59926

A flaw was found in Mistune, a Python Markdown parser. The renderadmonition function in the Admonition directive concatenates user-controlled input into the HTML class attribute without proper escaping. This vulnerability allows for attribute injection and Cross-Site Scripting XSS attacks, even...

6.1CVSS6.3AI score0.00191EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59925

A flaw was found in Mistune, a Python Markdown parser. An attacker can exploit this vulnerability by providing specially crafted Markdown input containing long sequences of emphasis pairs. This can cause the parser to perform excessive computational work, leading to a denial of service DoS...

7.5CVSS5.8AI score0.00358EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59928

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing a specially crafted Markdown document containing numerous repeated or distinct reference-link definitions. This can lead to excessive processing, causing CPU exhaustion and a...

7.5CVSS6AI score0.00366EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59927

A flaw was found in Mistune, a Python Markdown parser. The Include directive in Mistune's src/mistune/directives/include.py does not properly detect indirect cycles when two Markdown files include each other. This oversight allows for unbounded recursion, which can lead to a RecursionError and...

5.3CVSS5.9AI score0.00307EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the...

6.1CVSS6.1AI score0.00191EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:,...

6.1CVSS6.2AI score0.00198EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying...

5.9CVSS6.1AI score0.0034EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable...

4.3CVSS6.1AI score0.00128EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct...

5.3CVSS6.1AI score0.00307EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well- formed double-asterisk or triple-asterisk emphasis pairs...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
Snyk
Snyk
added 6 days ago5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the toc process. An attacker can interfere with same-page navigation, CSS selectors, or JavaScript handlers by creating content with predictable id attributes that collide with...

5.3CVSS6.1AI score0.00128EPSS
Exploits1References2
NVD
NVD
added 6 days ago9 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

6.1CVSS0.00191EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS0.00307EPSS
Exploits1References3
Rows per page
Query Builder