CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

CVE-2026-44899

CVE-2026-44899 – Mistune Image Directive CSS Injection exploits a prefix-only regex in the Image directive’s width/height validation. Before 3.2.1, values starting with digits (e.g., 100vw;…) pass _num_re.match() and are written into style="width:...;" or style="height:...;" without escaping, ena...

Drupal Toc.Js 安全漏洞

Drupal Toc.js is a directory generation plugin for the Drupal community. A security vulnerability exists in Drupal Toc.Js versions prior to 3.2.1 that stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2025-31687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting XSS.This issue affects SpamSpan filter: from 0.0.0 before 3.2.1...

CVE-2020-7591

A vulnerability has been identified in SIPORT MP All versions 3.2.1. Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform potentially administrative actions on behalf of those users if the single sign-on feature "Allow logon...