Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.5 views

openSUSE 15 Security Update : python-Markdown (SUSE-SU-2026:0846-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0846-1 advisory. This update for python-Markdown fixes the following issue: - CVE-2025-69534: incomplete markup declaration in raw HTML can crash applications that process...

8.2CVSS5.9AI score0.00566EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2025-13952

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.13969EPSS
Exploits0References7
Snyk
Snyk
added 2025/08/01 6:30 a.m.5 views

Cross-site Scripting (XSS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS in safemode due to improper handling of incomplete HTML tags. The encodeincompletetags function fails to properly check for auto links, allowin...

6.1CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2025/06/18 2:40 p.m.4 views

BIT-DJANGO-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS6.9AI score0.13969EPSS
Exploits0References5
OSV
OSV
added 2025/05/08 4:17 a.m.4 views

PYSEC-2025-37

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS6.8AI score0.13969EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/08 12:0 a.m.13 views

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS0.13969EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/08 12:0 a.m.8 views

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS5.1AI score0.13969EPSS
Exploits0References3
CVE
CVE
added 2025/05/08 12:0 a.m.218 views

CVE-2025-32873

CVE-2025-32873 affects Django: vulnerable in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The issue is in django.utils.html.strip_tags(), which can be exploited to cause a denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTM...

5.3CVSS5.1AI score0.13969EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/07 6:52 p.m.2 views

USN-7501-2 python-django vulnerability

USN-7501-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue ...

5.3CVSS7.2AI score0.13969EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/05/07 3:22 p.m.13 views

USN-7501-1: Django vulnerability

Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

5.3CVSS6.8AI score0.13969EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/12/06 12:0 a.m.7 views

CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS7.1AI score0.0137EPSS
Exploits0
Cvelist
Cvelist
added 2024/12/06 12:0 a.m.14 views

CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

0.0137EPSS
Exploits0References3
RubySec
RubySec
added 2022/05/14 12:0 a.m.23 views

xapian-core Cross-site Scripting vulnerability

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS1.2AI score0.01452EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2019/08/02 2:31 p.m.21 views

CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS8.6AI score0.03172EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/08/01 10:0 a.m.25 views

CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.8AI score0.03172EPSS
Exploits0References2
OSV
OSV
added 2018/07/02 12:29 p.m.1 views

DEBIAN-CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS5.7AI score0.01452EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/07/02 12:0 a.m.17 views

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS6.6AI score0.01452EPSS
Exploits0References4
Rows per page
Query Builder