Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59927

A flaw was found in Mistune, a Python Markdown parser. The Include directive in Mistune's src/mistune/directives/include.py does not properly detect indirect cycles when two Markdown files include each other. This oversight allows for unbounded recursion, which can lead to a RecursionError and...

5.3CVSS5.9AI score0.00307EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct...

5.3CVSS6.1AI score0.00307EPSS
Exploits1References3
NVD
NVD
added last week10 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS0.00307EPSS
Exploits1References3
OSV
OSV
added last week4 views

CVE-2026-59927 Mistune directives/include: mutual `.. include::` recursion crashes the renderer with `RecursionError`, denial of service via two attacker-controlled markdown files

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6.1AI score0.00307EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6AI score0.00307EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added last week6 views

EUVD-2026-42339

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6AI score0.00307EPSS
Exploits1References3
Cvelist
Cvelist
added last week36 views

CVE-2026-59924 Mistune: Arbitrary File Read via Include directive path traversal

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS0.0034EPSS
Exploits1References3
CVE
CVE
added last week12 views

CVE-2026-59924

Mistune (Python Markdown parser) prior to v3.3.0 contains a path traversal flaw in Include.parse() where include paths are joined/normalized without ensuring the result stays inside the markdown directory. When processing markdown files via md.read(), crafted include paths could read files outsid...

5.9CVSS6AI score0.0034EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47736

Name of the Vulnerable Software and Affected Versions awxkit affected versions not specified Description A path traversal issue exists in the CLI tool for AWX. The YAML !include directive fails to sanitize file paths, which allows an attacker to create a malicious YAML file. When a user imports...

4.7CVSS5.9AI score0.00121EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

awxkit 路径遍历漏洞

awxkit is an open-source command-line tool developed by Ansible. Awxkit has a path traversal vulnerability, which stems from the YAML !include directive not clearing file paths properly. This vulnerability could allow attackers to read any YAML format file from the local file system through a...

4.7CVSS5.3AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:6 p.m.14 views

EUVD-2026-33369

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.00307EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 7:16 p.m.7 views

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.8CVSS0.00544EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:46 p.m.11 views

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.6CVSS5.8AI score0.00544EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/17 4:9 a.m.6 views

CVE-2026-3312

A flaw was found in Pagure's rendering engine for reStructuredText RST files. An authenticated user can exploit an unrestricted .. include:: directive within RST files to read arbitrary internal files from the server hosting Pagure. This information disclosure vulnerability allows unauthorized...

7.7CVSS5.8AI score
Exploits0References3
CNVD
CNVD
added 2026/03/12 12:0 a.m.4 views

OpenClaw Arbitrary File Read Vulnerability (CNVD-2026-13555)

OpenClaw is a tool for configuration management that supports loading external configuration files via the include directive. An arbitrary file read vulnerability exists in OpenClaw. An attacker can use this vulnerability to read sensitive files, such as API keys and credentials, outside of the...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 1:32 p.m.28 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS0.00146EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 1:32 p.m.2 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 1:32 p.m.6 views

EUVD-2026-11152

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 1:32 p.m.13 views

CVE-2026-32061

OpenClaw vulnerability CVE-2026-32061 affects OpenClaw versions prior to 2026.2.17, where the include directive resolution is susceptible to a path traversal that allows reading arbitrary local files outside the config directory boundary. Exploitation requires config modification privileges and c...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder