49 matches found
CVE-2026-2288
The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...
CVE-2026-2288
CVE-2026-2288 affects the WordPress plugin myLinksDump (versions up to 1.6). The vulnerability is a Stored Cross-Site Scripting flaw triggered by the attack vector through the public-facing parameter 'link_title', caused by insufficient input sanitization and output escaping. Authentication requi...
WordPress plugin myLinksDump 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
PT-2026-43634
The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link title' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acces...
CVE-2026-33079
A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service ReDoS, exists in the LINKTITLERE regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expression engine to...
OSV-2026-777 Heap-buffer-overflow in md_is_link_title
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=514122612 Crash type: Heap-buffer-overflow READ 1 Crash state: mdislinktitle mdanalyzeinlines mdprocessnormalblockcontents...
EUVD-2026-30509
The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dtdefaultbutton' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes it...
CVE-2026-6646
The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dtdefaultbutton' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes it...
PT-2026-41269
The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt default button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes i...
Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
...
SUSE CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
Linux Distros Unpatched Vulnerability : CVE-2026-33079
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can...
CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...
GHSA-HJPH-F4MC-WX4C Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...
EUVD-2026-27877
Mistune has a ReDoS in LINKTITLERE that allows denial of service via crafted Markdown input...
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...
GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...