Lucene search
K

360 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49500

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

7.5CVSS5.2AI score0.00362EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/08 1:11 p.m.10 views

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Mitchell in WordPress Plugin WPC Product Options for WooCommerce versions = 3.2.1...

7.5CVSS5.4AI score0.00362EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-44898

A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...

6.1CVSS6.5AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-44897

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing specially crafted input to the HTMLRenderer.heading function. This input, containing a double-quote character in the HTML heading's ID attribute, is not properly sanitized,...

6.1CVSS5.1AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-44708

A flaw was found in Mistune, a Python Markdown parser. The mistune math plugin improperly handles user-supplied content, such as inline and block math, by directly embedding it into the HTML output without proper HTML escaping. This vulnerability, which can lead to Cross-Site Scripting XSS, allow...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-44899

A flaw was found in Mistune, a Python Markdown parser. The Image directive plugin, responsible for handling image dimensions, improperly validates user-supplied input for width and height options. This allows a remote attacker to inject arbitrary CSS into style attributes, potentially leading to...

6.1CVSS6AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-40690

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.4AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 9:16 p.m.12 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS0.00228EPSS
Exploits1References2
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

DEBIAN-CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/05/26 9:16 p.m.7 views

DEBIAN-CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/26 9:16 p.m.15 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References3
OSV
OSV
added 2026/05/26 9:16 p.m.7 views

UBUNTU-CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/26 8:41 p.m.36 views

CVE-2026-44898 Mistune TOC Anchor Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS0.00228EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/26 8:41 p.m.9 views

CVE-2026-44898 Mistune TOC Anchor Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:40 p.m.8 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 8:40 p.m.9 views

CVE-2026-44897 Mistune Heading ID Attribute Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/26 8:40 p.m.9 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:36 p.m.8 views

CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/26 8:36 p.m.33 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

DocSpace 安全漏洞

DocSpace is an open-source document collaboration and sharing platform developed by ONLYOFFICE. Versions of DocSpace prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow users with low privileges to access...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2
Rows per page
Query Builder