Lucene search
K

65 matches found

EUVD
EUVD
added 2026/07/08 4:23 p.m.5 views

EUVD-2026-42338

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS6AI score0.00366EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 4:23 p.m.4 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS6AI score0.00366EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56519

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description A Python Markdown parser with renderers and plugins contains an issue where a Markdown document with numerous repeated or distinct reference-link definitions triggers quadratic work within...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References31
NVD
NVD
added 2026/06/17 8:17 p.m.9 views

CVE-2026-48822

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 7:59 p.m.18 views

CVE-2026-48822

Shaarli (versions ≤ 0.16.1) contains a stored XSS in the Bookmark Description field when a malicious javascript: URI is injected via Markdown reference links. The root cause is in BookmarkMarkdownFormatter.php: filterProtocols uses a regex that catches inline links but does not inspect Markdown r...

5.8CVSS5.4AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 7:59 p.m.2 views

CVE-2026-48822 Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS5.9AI score0.0012EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 7:59 p.m.20 views

CVE-2026-48822 Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.26 views

PT-2026-50535

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...

5.8CVSS5.3AI score0.0012EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 3:7 p.m.25 views

CLEANSTART-2026-NT30039 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34986, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-41889, CVE-2026-42499, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-4659, CVE-2026-46595, CVE-2026-46597, ghsa-273p-m2cw-6833, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-846p-jg2w-w324, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-whqx-f9j3-ch6m, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.3-r0, 1.14.1-r0, 1.14.1-r1, 1.14.1-r2, 1.14.5-r0, 1.14.5-r1

Multiple security vulnerabilities affect the spire-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS5.5AI score0.00901EPSS
Exploits3References80
OSV
OSV
added 2026/05/06 4:56 p.m.6 views

GHSA-HJPH-F4MC-WX4C Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...

8.7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 4:56 p.m.13 views

Duplicate Advisory: Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8mp2-v27r-99xp. This link is maintained to preserve external references. Original Description Summary Denial-of-Service DoS vulnerability in the Mistune Markdown parser. The issue occurs when processing speciall...

5.8AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38261

Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description A Denial-of-Service DoS issue exists in the Mistune Markdown parser. Processing specially crafted reference links can cause excessive backtracking and parsing loops within the parse link title functi...

8.7CVSS5.8AI score
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/26 6:58 a.m.74 views

CVE_REQUESTS_references

CVEREQUESTSr...

5.8AI score
Exploits0
OpenVAS
OpenVAS
added 2025/06/30 12:0 a.m.4 views

SUSE: Security Advisory (SUSE-SU-2025:02120-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.0056EPSS
Exploits0References7
Circl
Circl
added 2025/01/15 4:18 p.m.11 views

CVE-2025-22968

creationtimestamp| type| source ---|---|--- 2025-01-15 16:18:11+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfs652sxsa2e 2025-01-15 17:38:06+00:00| seen| https://t.me/cvedetector/15471 2025-01-16 15:56:07+00:00| published-proof-of-concept|...

9.8CVSS5.8AI score0.02454EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/12/09 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2024-075f626765)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS7.9AI score0.0157EPSS
Exploits1References14
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.8 views

The vulnerability of the GLPI system’s request and incident handling process, related to improper elimination of input data during the generation of web pages, allows a perpetrator to store arbitrary codes in the reference links.

The vulnerability of the GLPI system for handling requests and incidents is related to the improper elimination of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to insert arbitrary codes into the reference documents...

5.5CVSS6.3AI score0.00577EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/06/05 2:15 p.m.37 views

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

3.6CVSS8.4AI score
Exploits0References3
OpenVAS
OpenVAS
added 2023/11/17 12:0 a.m.33 views

Adobe Acrobat DC Continuous Security Update (APSB23-54) - Windows

Adobe Acrobat DC Continuous is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS7.2AI score0.04907EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/09/13 12:0 a.m.33 views

Microsoft Windows Multiple Vulnerabilities (KB5030219)

This host is missing an important security update according to Microsoft KB5030219 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

8.8CVSS7.4AI score0.39491EPSS
Exploits9References3
Rows per page
Query Builder