CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

259 matches found

Tenable Nessus•added 2026/05/28 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-44898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuple...

6.1CVSS6AI score0.00031EPSS

Exploits1References3

NVD•added 2026/05/26 9:16 p.m.•6 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS0.00031EPSS

Exploits1References2

OSV•added 2026/05/26 9:16 p.m.•3 views

DEBIAN-CVE-2026-44898

6.1CVSS5.9AI score0.00031EPSS

Exploits1References1

OSV•added 2026/05/26 9:16 p.m.•1 views

UBUNTU-CVE-2026-44898

6.1CVSS5.9AI score0.00031EPSS

Exploits1References4

UbuntuCve•added 2026/05/26 9:16 p.m.•3 views

CVE-2026-44898

6.1CVSS5.9AI score0.00031EPSS

Exploits1References3

Debian CVE•added 2026/05/26 8:41 p.m.•5 views

CVE-2026-44898

6.1CVSS5.9AI score0.00031EPSS

Exploits1

EUVD•added 2026/05/26 8:41 p.m.•6 views

EUVD-2026-31995

6.1CVSS5.9AI score0.00031EPSS

Exploits1References2

ATTACKERKB•added 2026/05/26 8:41 p.m.•4 views

CVE-2026-44898

6.1CVSS5.9AI score0.00031EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/05/26 8:41 p.m.•26 views

CVE-2026-44898 Mistune TOC Anchor Injection XSS

6.1CVSS0.00031EPSS

Exploits1References2

CVE•added 2026/05/26 8:41 p.m.•12 views

CVE-2026-44898

Mistune (Python Markdown parser) contains a TOC rendering flaw in render_toc_ul() prior to version 3.2.1: it inserts the heading ID (k) and text directly into an and the visible label without escaping, enabling an attacker to craft a heading whose text breaks out of the href context and injects ...

6.1CVSS5.9AI score0.00031EPSS

Exploits1References2Affected Software1

NVD•added 2026/05/21 5:16 a.m.•10 views

CVE-2026-6279

The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...

9.8CVSS0.00138EPSS

Exploits2References12

OSV•added 2026/05/14 4:36 p.m.•1 views

GHSA-6269-CQXG-MHHV Mistune TOC Anchor Injection XSS

Summary rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs...

6.1CVSS6AI score0.00031EPSS

Exploits1References4

Github Security Blog•added 2026/05/14 4:36 p.m.•5 views

Mistune TOC Anchor Injection XSS

6.1CVSS6AI score0.00031EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/05/14 12:0 a.m.•5 views

PT-2026-41146

Summary render toc ul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading ID...

6.1CVSS6AI score0.00031EPSS

Exploits1References6

EUVD•added 2026/05/11 9:31 p.m.•1 views

EUVD-2026-29201

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...

6.9CVSS5.7AI score0.00055EPSS

Exploits0References6

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39732

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc transformer of the file pageindex/page index.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop...

6.9CVSS5.7AI score0.00055EPSS

Exploits0References6

CNNVD•added 2026/05/11 12:0 a.m.•2 views

PageIndex 安全漏洞

PageIndex is an open-source inference-based retrieval-enhanced generation tool developed by Vectify AI. There are security vulnerabilities in PageIndex f50e52975313c6716c02b20a119577a1929decba and previous versions of it. These vulnerabilities stem from the toctransformer function in the PDF Tabl...

6.9CVSS6AI score0.00055EPSS

Exploits0References1

EUVD•added 2026/04/22 9:31 a.m.•0 views

EUVD-2026-24696

The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rendering script reading heading text via innerText and inserting it into the page using innerHTML...

6.4CVSS5.9AI score0.00012EPSS

Exploits0References4

NVD•added 2026/04/22 9:16 a.m.•0 views

CVE-2026-5820

6.4CVSS0.00012EPSS

Exploits0References3

CVE•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-5820

The CVE-2026-5820 entry concerns the WordPress plugin Zypento Blocks (versions ≤ 1.0.6). The issue is a Stored Cross-Site Scripting (Stored XSS) in the Table of Contents block due to a front-end rendering script that reads heading text with innerText and injects it via innerHTML without proper sa...

6.4CVSS5.9AI score0.00012EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by