Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inse...
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserte...
OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation
Portainer missing authorization on custom template file endpoint, which exposes template content
Portainer: JWT accepted in URL query leaks tokens to logs and referers
Portainer has an endpoint security bypass via Swarm service create/update
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Portainer has a bind-mount restriction bypass via HostConfig.Mounts
Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Portainer missing authorization on Docker plugin endpoints, which allows host RCE
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover
FlowiseAI: Vector Store No Permission Checks
Synapse pagination Denial of Service
Synapse CPU starvation (Denial of Service)