87 matches found
CVE-2026-8318
A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...
SUSE-SU-2026:21858-1 Security update for python-mistune
This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...
OPENSUSE-SU-2026:20827-1 Security update for python-mistune
This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendertocul function. An attacker can execute arbitrary JavaScript in the context of the rendered page by injecting malicious input into heading text, which is then used unescaped as an anchor ID and labe...
Mistune TOC Anchor Injection XSS
Summary rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs...
CVE-2026-8318
A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...
CVE-2026-8318 VectifyAI PageIndex PDF Table of Contents page_index.py toc_transformer infinite loop
A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...
Mistune Heading ID Attribute has Injection XSS
Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...
GHSA-V87V-83H2-53W7 Mistune Heading ID Attribute has Injection XSS
Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...
CVE-2025-13738
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-13738
CVE-2025-13738 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Easy Table of Contents (ez-toc shortcode) affecting versions up to 2.0.78. The issue arises from insufficient input sanitization and output escaping on user-provided attributes, enabling an authenticated ...
CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2026-20606
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS via ToC Block vulnerability
Contributor+ Stored XSS via ToC Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...
EUVD-2025-200052
Malicious code in mongodb-atlas-cli-toc-generator npm...
Malicious code in mongodb-atlas-cli-toc-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b43eaf31369a3ecfac60651fb3c08bc314680fd9b476179d902bbfee64b0d62 The package mongodb-atlas-cli-toc-generator was found to contain malicious code...
MAL-2025-191517 Malicious code in mongodb-atlas-cli-toc-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b43eaf31369a3ecfac60651fb3c08bc314680fd9b476179d902bbfee64b0d62 The package mongodb-atlas-cli-toc-generator was found to contain malicious code...
EUVD-2020-24955
Malware in sbrugna...