Lucene search
K

168 matches found

CVE
CVE
added yesterday8 views

CVE-2026-8351

CVE-2026-8351 concerns the RTMKit plugin for WordPress, vulnerable up to version 2.0.7. The flaw is a Stored Cross-Site Scripting in the Advanced Heading widget via the 'Background Text' parameter. The render() function concatenates the value directly into an HTML attribute without applying esc_a...

6.4CVSS6.1AI score
Exploits0References9
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-8351

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS6.1AI score
Exploits0References10
EUVD
EUVD
added yesterday4 views

EUVD-2026-41512

The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'backgroundtextheading' setting in the render function, which...

6.4CVSS6.1AI score
Exploits0References9
NVD
NVD
added 2026/06/21 2:16 p.m.12 views

CVE-2026-56383

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS0.00177EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.13 views

CVE-2026-56383

CVE-2026-56383 : Craft CMS contains a stored XSS in the editableTable.twig component via the Row Heading column type. The vulnerability arises from unsanitized input in row heading default values, enabling an attacker with an administrator account (when allowAdminChanges is enabled) to inject arb...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/21 1:26 p.m.6 views

EUVD-2026-38177

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.32 views

CVE-2026-56383 Craft CMS - Stored XSS in Table Field via Row Heading Column Type

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.2 views

CVE-2026-56383

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-44898

A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...

6.1CVSS6.5AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-44897

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing specially crafted input to the HTMLRenderer.heading function. This input, containing a double-quote character in the HTML heading's ID attribute, is not properly sanitized,...

6.1CVSS5.1AI score0.00228EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 12:8 p.m.10 views

SUSE-SU-2026:21858-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

8.7CVSS5.8AI score0.00481EPSS
Exploits4References15
OSV
OSV
added 2026/05/28 12:7 p.m.4 views

OPENSUSE-SU-2026:20827-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

8.7CVSS5.8AI score0.00481EPSS
Exploits4References14
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id...

6.1CVSS6AI score0.00228EPSS
Exploits1References3
NVD
NVD
added 2026/05/26 9:16 p.m.14 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS0.00228EPSS
Exploits1References2
NVD
NVD
added 2026/05/26 9:16 p.m.11 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS0.00228EPSS
Exploits1References2
OSV
OSV
added 2026/05/26 9:16 p.m.7 views

DEBIAN-CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

DEBIAN-CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/26 9:16 p.m.15 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References3
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

UBUNTU-CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/05/26 9:16 p.m.8 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References3
Rows per page
Query Builder