Lucene search
K

437 matches found

Debian CVE
Debian CVE
added 2026/05/26 8:36 p.m.11 views

CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/26 8:36 p.m.33 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Image directive plugin using regular expressions that only matched prefixes to validate the wid...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
OSV
OSV
added 2026/05/25 8:16 p.m.11 views

DEBIAN-CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 8:16 p.m.10 views

UBUNTU-CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/25 7:27 p.m.8 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:27 p.m.7 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/25 7:27 p.m.23 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS0.00388EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:27 p.m.10 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0
CVE
CVE
added 2026/05/25 7:27 p.m.45 views

CVE-2026-48848

CVE-2026-48848 affects Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1). Root cause is insufficient HTML sanitization that enables CSS injection via an SVG document containing an animate element with the attributeName attribute, potentially impacting confidentiality/integrity (per...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.22 views

Linux Distros Unpatched Vulnerability : CVE-2026-41148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43111

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x prior to 1.7 Description Insufficient HTML sanitization allows for Cascading Style Sheets CSS injection. This occurs when an SVG document contains an animate...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References16
OSV
OSV
added 2026/05/22 11:16 p.m.6 views

DEBIAN-CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 11:16 p.m.8 views

UBUNTU-CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/22 11:16 p.m.18 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References7
CVE
CVE
added 2026/05/22 10:3 p.m.58 views

CVE-2026-41148

CVE-2026-41148 affects Mermaid diagrams up to v10.9.5 and v11.0.0-alpha.1 to v11.12.0, where improper sanitization of classDef values in state diagrams allows CSS injection via addStyleClass() into create CssStyles(), ending with style.innerHTML and enabling page defacement, url()-based tracking,...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/22 10:3 p.m.8 views

CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:3 p.m.6 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2026/05/22 10:3 p.m.7 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Mermaid 代码注入漏洞

Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Mermaid versions 10.9.5 and earlier, as well as versions 11.0.0-alpha.1 through 11.12.0, have a code injection vulnerability. This vulnerability stems from improper cleanup...

5.3CVSS5.9AI score0.00338EPSS
Exploits0References6
Rows per page
Query Builder