1470 matches found
CVE-2026-59926
A flaw was found in Mistune, a Python Markdown parser. The renderadmonition function in the Admonition directive concatenates user-controlled input into the HTML class attribute without proper escaping. This vulnerability allows for attribute injection and Cross-Site Scripting XSS attacks, even...
CVE-2026-59927
A flaw was found in Mistune, a Python Markdown parser. The Include directive in Mistune's src/mistune/directives/include.py does not properly detect indirect cycles when two Markdown files include each other. This oversight allows for unbounded recursion, which can lead to a RecursionError and...
Linux Distros Unpatched Vulnerability : CVE-2026-59927
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct...
CVE-2026-59927
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...
EUVD-2026-42339
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...
CVE-2026-59927
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...
CVE-2026-59924
Mistune (Python Markdown parser) prior to v3.3.0 contains a path traversal flaw in Include.parse() where include paths are joined/normalized without ensuring the result stays inside the markdown directory. When processing markdown files via md.read(), crafted include paths could read files outsid...
CVE-2026-59924 Mistune: Arbitrary File Read via Include directive path traversal
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...
CVE-2026-59926 Mistune: XSS via unescaped class option in Admonition directive
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...
EUVD-2026-42334
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...
CVE-2026-57958
Summary: Mixpost
EUVD-2026-40143
Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...
CVE-2026-13751 Snowflake CLI Server-Side Request Forgery via Arbitrary URL Fetch in !source/!load
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...
PYSEC-2026-366 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...
CVE-2026-50146
Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...
CVE-2026-50146 Astro: Reflected XSS via unescaped slot name
Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...
CVE-2026-50146
Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...
CVE-2026-50146
CVE-2026-50146 affects the Astro web framework prior to 6.3.3. When a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without escaping the slot name, allowing an attacker to break out of the attribute context and inject arbitrary HTML, re...
EUVD-2026-37792
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...
Improper Neutralization of Equivalent Special Elements
Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements via the NGINX configuration generator component. An attacker can inject arbitrary NGINX configuration directives by supplying crafted values to the serverTokens or extraAuthArgs...