CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

CVE-2026-44899

CVE-2026-44899 – Mistune Image Directive CSS Injection exploits a prefix-only regex in the Image directive’s width/height validation. Before 3.2.1, values starting with digits (e.g., 100vw;…) pass _num_re.match() and are written into style="width:...;" or style="height:...;" without escaping, ena...

CVE-2025-66532

Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through 3.2.1...

Drupal Toc.Js 安全漏洞

Drupal Toc.js is a directory generation plugin for the Drupal community. A security vulnerability exists in Drupal Toc.Js versions prior to 3.2.1 that stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2025-31687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting XSS.This issue affects SpamSpan filter: from 0.0.0 before 3.2.1...

CVE-2020-7591

A vulnerability has been identified in SIPORT MP All versions 3.2.1. Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform potentially administrative actions on behalf of those users if the single sign-on feature "Allow logon...

PT-2020-19739 · Dot-Notes · Dot-Notes

Name of the Vulnerable Software and Affected Versions: dot-notes versions prior to 3.2.1 Description: The issue concerns Prototype Pollution via the create function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 3.2.1, update to version 3.2.1 ...