Lucene search
K

6 matches found

OSV
OSV
added 2026/05/28 12:8 p.m.11 views

SUSE-SU-2026:21858-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

8.7CVSS5.8AI score0.00481EPSS
Exploits4References15
PyPA
PyPA
added 2026/05/26 9:16 p.m.10 views

PYSEC-0000-CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/26 9:16 p.m.14 views

CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

6.1CVSS0.00198EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 9:16 p.m.9 views

DEBIAN-CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

6.1CVSS5.4AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 8:33 p.m.11 views

CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 11:43 p.m.13 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderadmonition, renderfigure, and blockerror rendering paths in the HTML output components. An attacker can inject arbitrary HTML by supplying crafted admonition classes, figure classes, or widths, or...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References2
Rows per page
Query Builder