Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59925

A flaw was found in Mistune, a Python Markdown parser. An attacker can exploit this vulnerability by providing specially crafted Markdown input containing long sequences of emphasis pairs. This can cause the parser to perform excessive computational work, leading to a denial of service DoS...

7.5CVSS5.8AI score0.00358EPSS
Exploits1References6
NVD
NVD
added 6 days ago9 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS0.00358EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-59925 inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS0.00358EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score0.00358EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42335

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score0.00358EPSS
Exploits1References3
CVE
CVE
added 6 days ago11 views

CVE-2026-59925

The CVE-2026-59925 affects Mistune, a Python Markdown parser. Before version 3.3.0, long sequences of well-formed emphasis markers (/x / or /x * around a character) trigger quadratic work in src/mistune/inline_parser.py by scanning for matching close markers from each opening run, enabling denial...

7.5CVSS6AI score0.00358EPSS
Exploits1References3Affected Software1
Fedora
Fedora
added 2026/07/06 2:55 p.m.20 views

[SECURITY] Fedora 44 Update: mir-2.26.0-2.fc44

Mir is a Wayland display server toolkit for Linux systems, with a focus on efficiency, robust operation, and a well-defined driver model...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.8 views

mistune: catastrophic backtracking

A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...

7.5CVSS7.4AI score0.01215EPSS
Exploits0References5
Fedora
Fedora
added 2026/01/10 1:39 a.m.7 views

[SECURITY] Fedora 43 Update: libsodium-1.0.21-2.fc43

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of t...

4.5CVSS7.1AI score0.00166EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

TED-LaST: Towards Robust Backdoor Defense against Adaptive Attacks

Deep Neural Networks DNNs are vulnerable to backdoor attacks, where attackers implant hidden triggers during training to maliciously control model behavior. Topological Evolution Dynamics TED has recently emerged as a powerful tool for detecting backdoor attacks in DNNs. However, TED can be...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/12/18 4:0 p.m.16 views

We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead

By Caitlin Condon, Senior Manager, Vulnerability Research at Rapid7, and Christiaan Beek, Senior Director, Threat Analytics at Rapid7 It’s that time of year again — time for the annual tradition of cybersecurity predictions. Here at Rapid7 we’ve seen a whole lot of threats and exploited...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2023/12/11 10:42 p.m.31 views

CVE-2023-49803 @koa/cors has overly permissive origin policy

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...

8.6CVSS8.7AI score0.00279EPSS
Exploits0References2
Fedora
Fedora
added 2021/12/13 5:12 p.m.20 views

[SECURITY] Fedora 35 Update: python-markdown2-2.4.2-1.fc35

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

1.6AI score
Exploits0
Fedora
Fedora
added 2021/05/10 1:7 a.m.30 views

[SECURITY] Fedora 34 Update: python-markdown2-2.4.0-1.fc34

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

7.5CVSS1.6AI score0.02384EPSS
Exploits1
Fedora
Fedora
added 2019/04/17 4:5 p.m.12 views

[SECURITY] Fedora 30 Update: bijiben-3.32.1-2.fc30

Simple note editor which emphasis on visuals : quickly write notes, quickly find it back...

2.1AI score
Exploits0
MSRC
MSRC
added 2017/04/20 7:0 a.m.11 views

Bountycraft at Nullcon 2017

Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2011/01/19 4:41 a.m.6 views

OECD said Cyber attacks could create 'perfect strom' !!

Attacks on computer systems now have the potential to cause global catastrophe, but only in combination with another disaster, the Organisation for Economic Cooperation and Development OECD said in a report on Monday. The study, part of a wider OECD project examining possible "Future Global Shock...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2010/11/10 4:38 p.m.13 views

NSA: Our Development Methods Are in the Open Now

WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...

7.1AI score
Exploits0References2
Rows per page
Query Builder