18 matches found
CVE-2026-59925
A flaw was found in Mistune, a Python Markdown parser. An attacker can exploit this vulnerability by providing specially crafted Markdown input containing long sequences of emphasis pairs. This can cause the parser to perform excessive computational work, leading to a denial of service DoS...
CVE-2026-59925
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...
CVE-2026-59925 inline_parser: quadratic-time parsing on long runs of `**x**` and `***x***` emphasis pairs
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...
CVE-2026-59925
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...
EUVD-2026-42335
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...
CVE-2026-59925
The CVE-2026-59925 affects Mistune, a Python Markdown parser. Before version 3.3.0, long sequences of well-formed emphasis markers (/x / or /x * around a character) trigger quadratic work in src/mistune/inline_parser.py by scanning for matching close markers from each opening run, enabling denial...
[SECURITY] Fedora 44 Update: mir-2.26.0-2.fc44
Mir is a Wayland display server toolkit for Linux systems, with a focus on efficiency, robust operation, and a well-defined driver model...
mistune: catastrophic backtracking
A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...
[SECURITY] Fedora 43 Update: libsodium-1.0.21-2.fc43
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of t...
TED-LaST: Towards Robust Backdoor Defense against Adaptive Attacks
Deep Neural Networks DNNs are vulnerable to backdoor attacks, where attackers implant hidden triggers during training to maliciously control model behavior. Topological Evolution Dynamics TED has recently emerged as a powerful tool for detecting backdoor attacks in DNNs. However, TED can be...
We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead
By Caitlin Condon, Senior Manager, Vulnerability Research at Rapid7, and Christiaan Beek, Senior Director, Threat Analytics at Rapid7 It’s that time of year again — time for the annual tradition of cybersecurity predictions. Here at Rapid7 we’ve seen a whole lot of threats and exploited...
CVE-2023-49803 @koa/cors has overly permissive origin policy
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
[SECURITY] Fedora 35 Update: python-markdown2-2.4.2-1.fc35
Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...
[SECURITY] Fedora 34 Update: python-markdown2-2.4.0-1.fc34
Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...
[SECURITY] Fedora 30 Update: bijiben-3.32.1-2.fc30
Simple note editor which emphasis on visuals : quickly write notes, quickly find it back...
Bountycraft at Nullcon 2017
Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...
OECD said Cyber attacks could create 'perfect strom' !!
Attacks on computer systems now have the potential to cause global catastrophe, but only in combination with another disaster, the Organisation for Economic Cooperation and Development OECD said in a report on Monday. The study, part of a wider OECD project examining possible "Future Global Shock...
NSA: Our Development Methods Are in the Open Now
WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...