Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/06 6:16 p.m.11 views

CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

8.7CVSS0.00348EPSS
Exploits0References2
CVE
CVEadded 2026/05/06 5:25 p.m.15 views

CVE-2026-33079

Mistune 3.0.0a1–3.2.0 contains a ReDoS in LINK_TITLE_RE used for parsing link titles, enabling exponential backtracking when processing Markdown strings with repeated ! sequences and no closing quote. The ambiguity arises from overlapping alternatives in the two branches (double-quoted and single...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/06 5:25 p.m.7 views

CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
CVE
CVEadded 2025/09/12 6:0 a.m.11 views

CVE-2025-3650

CVE-2025-3650 refers to a stored XSS flaw in the WordPress plugin jQuery Colorbox (versions

3.5CVSS5.8AI score0.00168EPSS
Exploits0References1
OSV
OSVadded 2025/01/29 4:15 a.m.3 views

CVE-2025-0804

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it...

5.4CVSS7.4AI score
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/01/29 3:21 a.m.1 views

CVE-2025-0804 ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2024/10/09 2:55 a.m.2 views

SUSE CVE-2024-43364

Cacti is an open source performance and fault management framework. The title parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users wit...

8.2CVSS6.2AI score0.34383EPSS
Exploits1References3
Rows per page
Query Builder