389 matches found
CVE-2026-4539
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
CVE-2026-4539
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
UBUNTU-CVE-2026-4539
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
CVE-2026-4539 pygments archetype.py AdlLexer redos
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
CVE-2026-4539 pygments archetype.py AdlLexer redos
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
CVE-2026-4539
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
CVE-2026-4539
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
CVE-2026-4539
CVE-2026-4539 affects the Pygments project, specifically the AdlLexer in pygments/lexers/archetype.py up to version 2.19.2. The issue stems from an inefficient regular expression construct in the AdlLexer, enabling a local-access DoS/slowdown scenario. Publicly released exploit material exists, a...
Matthäus G. Chajdas pygments 安全漏洞
Matthäus G. Chajdas’ pygments is an open-source application developed by Matthäus G. Chajdas. It provides a general-purpose syntax highlighting tool. Versions of Matthäus G. Chajdas’ pygments prior to 2.19.2 contained security vulnerabilities. These vulnerabilities were caused by inefficient...
PT-2026-26970
Name of the Vulnerable Software and Affected Versions pygments versions up to 2.19.2 Description A security flaw exists in pygments. The issue resides within the AdlLexer function located in the pygments/lexers/archetype.py file, leading to inefficient regular expression complexity. This...
Linux Distros Unpatched Vulnerability : CVE-2026-4539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The...
EUVD-2026-8597
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Summary An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk...
GHSA-VP6Q-7M36-PQ3W Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Summary An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
CVE-2026-27614
Bugsink (self-hosted error tracking) is affected by a Stored XSS in versions before 2.0.13. The root cause is how Pygments fallback in stacktrace rendering handles line mismatches: _pygmentize_lines() returns raw lines when line counts differ, and then mark_safe() is applied unconditionally to th...
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...
Azure Linux 3.0 Security Update: m2crypto / python-pygments (CVE-2019-11358)
The version of m2crypto / python-pygments installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-11358 advisory. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles...
MiracleLinux 8 : resource-agents-4.1.1-98.el8 (AXSA:2021-2804:10)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2804:10 advisory. python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 python-pygments: ReDoS in multiple lexers CVE-2021-27291 Tenable has...