Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 8:36 p.m.12 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Python-Django

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with appropriately crafted file names...

7.5CVSS7.4AI score0.05291EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.10 views

CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1

CVE-2026-44897 affecting package python-mistune for versions less than 3.2.1-1. A patched version of the package is available...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
Patchstack
Patchstack
added 2025/02/12 12:0 a.m.5 views

Drupal SpamSpan filter module < 3.2.1 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module SpamSpan filter versions 3.2.1...

6.1CVSS6.1AI score0.00242EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.4 views

Bna Informatics PosPratik 安全漏洞

Bna Informatics PosPratik is an application from Bna Informatics, Inc. A security vulnerability exists in Bna Informatics PosPratik versions prior to v3.2.1, which stems from improper neutralization of script-related HTML tags in web pages, allowing cross-site scripting attacks via HTTP query...

6.9CVSS6AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/06 12:0 a.m.5 views

PT-2023-20696 · WordPress · Jeff Starr Dashboard Widgets Suite

Name of the Vulnerable Software and Affected Versions: Jeff Starr Dashboard Widgets Suite plugin versions prior to 3.2.1 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts...

5.9CVSS5.2AI score0.00369EPSS
Exploits0References4
PyPA
PyPA
added 2022/01/25 2:15 p.m.9 views

PYSEC-2022-16

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

7.1CVSS6.8AI score0.01096EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder