Lucene search
K

204 matches found

NVD
NVD
added 13 hours ago4 views

CVE-2026-6850

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-59925

A flaw was found in Mistune, a Python Markdown parser. An attacker can exploit this vulnerability by providing specially crafted Markdown input containing long sequences of emphasis pairs. This can cause the parser to perform excessive computational work, leading to a denial of service DoS...

7.5CVSS5.8AI score0.00358EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-59928

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing a specially crafted Markdown document containing numerous repeated or distinct reference-link definitions. This can lead to excessive processing, causing CPU exhaustion and a...

7.5CVSS6AI score0.00366EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct...

5.3CVSS6.1AI score0.00307EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying...

5.9CVSS6.1AI score0.0034EPSS
Exploits1References3
NVD
NVD
added 5 days ago9 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS0.00366EPSS
Exploits1References3
NVD
NVD
added 5 days ago8 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS0.0034EPSS
Exploits1References3
NVD
NVD
added 5 days ago10 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS0.00307EPSS
Exploits1References3
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS6AI score0.00366EPSS
Exploits1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-42337

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score0.0034EPSS
Exploits1References3
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-59929

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...

6.1CVSS6AI score0.00198EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score0.00358EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 5 days ago3 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

6.1CVSS5.8AI score0.00191EPSS
Exploits0
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42334

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score0.00191EPSS
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago3 views

CVE-2026-59922

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed tilde, equals-sign, or caret marker pairs around a character causes quadratic work in src/mistune/plugins/formatting.py when the strikethrough, mark, or insert plugin scans for matching markers from ea...

7.5CVSS6AI score0.00366EPSS
Exploits1
OSV
OSV
added 2026/07/06 9:15 p.m.2 views

CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/28 1:10 a.m.5 views

[SECURITY] Fedora 43 Update: python-mistune-3.2.1-1.fc43

The fastest markdown parser in pure Python, inspired by marked...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
Fedora
Fedora
added 2026/06/28 12:58 a.m.4 views

[SECURITY] Fedora 44 Update: python-mistune-3.2.1-1.fc44

The fastest markdown parser in pure Python, inspired by marked...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
Rows per page
Query Builder