Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59928

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing a specially crafted Markdown document containing numerous repeated or distinct reference-link definitions. This can lead to excessive processing, causing CPU exhaustion and a...

7.5CVSS6AI score0.00366EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
NVD
NVD
added 6 days ago8 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS0.0034EPSS
Exploits1References3
NVD
NVD
added 6 days ago10 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS0.00307EPSS
Exploits1References3
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-59929

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...

6.1CVSS6AI score0.00198EPSS
Exploits1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42334

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score0.00191EPSS
Exploits0References3
Debian CVE
Debian CVE
added 6 days ago3 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

6.1CVSS5.8AI score0.00191EPSS
Exploits0
NVD
NVD
added 2026/06/24 6:17 p.m.17 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 9:16 p.m.7 views

UBUNTU-CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/05/26 8:41 p.m.8 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1
EUVD
EUVD
added 2026/05/26 8:41 p.m.21 views

EUVD-2026-31995

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References2
Rows per page
Query Builder