{
  "alerts": [
    {
      "created_at": "2026-06-11T17:05:54.805611Z",
      "cve_id": "CVE-2025-43306",
      "id": 12849,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 55,
          "summary": "Score 55/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43306.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T17:05:54.805611Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43306.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2025-43306 · Vulnérabilité applicative dans Apple macOS"
    },
    {
      "created_at": "2026-06-11T17:05:54.805611Z",
      "cve_id": "CVE-2025-43306",
      "id": 12848,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 55,
          "summary": "Score 55/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43306.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T17:05:54.805611Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43306.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2025-43306"
    },
    {
      "created_at": "2026-06-11T17:05:54.805611Z",
      "cve_id": "CVE-2025-43306",
      "id": 12847,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 55,
          "summary": "Score 55/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43306.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T17:05:54.805611Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43306.html"
      },
      "state": "solution_disponible",
      "summary": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.",
      "title": "Nouvelle CVE détectée : CVE-2025-43306"
    },
    {
      "created_at": "2026-06-11T16:55:35.069829Z",
      "cve_id": "CVE-2025-43290",
      "id": 12846,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43290.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T16:55:35.069829Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43290.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2025-43290 · Vulnérabilité applicative dans Apple macOS"
    },
    {
      "created_at": "2026-06-11T16:55:35.069829Z",
      "cve_id": "CVE-2025-43290",
      "id": 12845,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43290.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T16:55:35.069829Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43290.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2025-43290"
    },
    {
      "created_at": "2026-06-11T16:55:35.069829Z",
      "cve_id": "CVE-2025-43290",
      "id": 12844,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43290.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T16:55:35.069829Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43290.html"
      },
      "state": "solution_disponible",
      "summary": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.",
      "title": "Nouvelle CVE détectée : CVE-2025-43290"
    },
    {
      "created_at": "2026-06-11T16:45:22.231955Z",
      "cve_id": "CVE-2025-43289",
      "id": 12843,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43289.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T16:45:22.231955Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43289.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2025-43289 · Vulnérabilité applicative dans Apple macOS"
    },
    {
      "created_at": "2026-06-11T16:45:22.231955Z",
      "cve_id": "CVE-2025-43289",
      "id": 12842,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43289.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T16:45:22.231955Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43289.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2025-43289"
    },
    {
      "created_at": "2026-06-11T16:45:22.231955Z",
      "cve_id": "CVE-2025-43289",
      "id": 12841,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "cpe",
            "apple"
          ],
          "ecosystems": [
            "apple",
            "cpe"
          ],
          "products": [
            "macos"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "apple"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans Apple macOS",
        "llm_path": "CVE-2025-43289.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T16:45:22.231955Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte Apple macOS, apple macos. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2025-43289.html"
      },
      "state": "solution_disponible",
      "summary": "A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.",
      "title": "Nouvelle CVE détectée : CVE-2025-43289"
    },
    {
      "created_at": "2026-06-11T14:53:18.040851Z",
      "cve_id": "CVE-2026-45575",
      "id": 12830,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "java-maven",
            "oviva-ag",
            "com.oviva.telematik",
            "maven",
            "java"
          ],
          "ecosystems": [
            "oviva-ag",
            "com.oviva.telematik",
            "maven"
          ],
          "products": [
            "epa4all-client",
            "com.oviva.telematik-epa4all-client"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "oviva-ag",
            "com.oviva.telematik",
            "maven"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 55,
          "summary": "Score 55/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans oviva-ag epa4all-client",
        "llm_path": "CVE-2026-45575.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T14:53:18.040851Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte oviva-ag epa4all-client, com.oviva.telematik epa4all-client. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-45575.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte oviva-ag epa4all-client, com.oviva.telematik epa4all-client. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2026-45575 · Vulnérabilité applicative dans oviva-ag epa4all-client"
    },
    {
      "created_at": "2026-06-11T14:53:18.040851Z",
      "cve_id": "CVE-2026-45575",
      "id": 12829,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "java-maven",
            "oviva-ag",
            "com.oviva.telematik",
            "maven",
            "java"
          ],
          "ecosystems": [
            "oviva-ag",
            "com.oviva.telematik",
            "maven"
          ],
          "products": [
            "epa4all-client",
            "com.oviva.telematik-epa4all-client"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "oviva-ag",
            "com.oviva.telematik",
            "maven"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 55,
          "summary": "Score 55/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans oviva-ag epa4all-client",
        "llm_path": "CVE-2026-45575.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T14:53:18.040851Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte oviva-ag epa4all-client, com.oviva.telematik epa4all-client. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-45575.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-45575"
    },
    {
      "created_at": "2026-06-11T14:53:18.040851Z",
      "cve_id": "CVE-2026-45575",
      "id": 12828,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "java-maven",
            "oviva-ag",
            "com.oviva.telematik",
            "maven",
            "java"
          ],
          "ecosystems": [
            "oviva-ag",
            "com.oviva.telematik",
            "maven"
          ],
          "products": [
            "epa4all-client",
            "com.oviva.telematik-epa4all-client"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "oviva-ag",
            "com.oviva.telematik",
            "maven"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 55,
          "summary": "Score 55/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans oviva-ag epa4all-client",
        "llm_path": "CVE-2026-45575.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T14:53:18.040851Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte oviva-ag epa4all-client, com.oviva.telematik epa4all-client. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-45575.html"
      },
      "state": "solution_disponible",
      "summary": "epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material. This vulnerability is fixed in 1.2.2.",
      "title": "Nouvelle CVE détectée : CVE-2026-45575"
    },
    {
      "created_at": "2026-06-11T14:22:32.800948Z",
      "cve_id": "CVE-2026-44899",
      "id": 12825,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Vulnérabilité applicative dans lepture mistune",
        "llm_path": "CVE-2026-44899.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:22:32.800948Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte lepture mistune, mistune_project mistune. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44899.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte lepture mistune, mistune_project mistune. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2026-44899 · Vulnérabilité applicative dans lepture mistune"
    },
    {
      "created_at": "2026-06-11T14:22:32.800948Z",
      "cve_id": "CVE-2026-44899",
      "id": 12824,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Vulnérabilité applicative dans lepture mistune",
        "llm_path": "CVE-2026-44899.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:22:32.800948Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte lepture mistune, mistune_project mistune. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44899.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-44899"
    },
    {
      "created_at": "2026-06-11T14:22:32.800948Z",
      "cve_id": "CVE-2026-44899",
      "id": 12823,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Vulnérabilité applicative dans lepture mistune",
        "llm_path": "CVE-2026-44899.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:22:32.800948Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte lepture mistune, mistune_project mistune. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44899.html"
      },
      "state": "solution_disponible",
      "summary": "Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r\"^\\d+(?:\\.\\d*)?\"). When the validated value is not a plain integer, render_block_image() inserts it directly into a style=\"width:...;\" or style=\"height:...;\" attribute. Because the value was accepted by the prefix-only regex, any CSS after the leading digits reaches the style= attribute verbatim and without escaping. This vulnerability is fixed in 3.2.1.",
      "title": "Nouvelle CVE détectée : CVE-2026-44899"
    },
    {
      "created_at": "2026-06-11T14:12:22.519020Z",
      "cve_id": "CVE-2026-44898",
      "id": 12822,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44898.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:12:22.519020Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44898.html"
      },
      "state": "solution_disponible",
      "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
      "title": "CVE-2026-44898 · Cross-Site Scripting (XSS) dans lepture mistune"
    },
    {
      "created_at": "2026-06-11T14:12:22.519020Z",
      "cve_id": "CVE-2026-44898",
      "id": 12821,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44898.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:12:22.519020Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44898.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-44898"
    },
    {
      "created_at": "2026-06-11T14:12:22.519020Z",
      "cve_id": "CVE-2026-44898",
      "id": 12820,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44898.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:12:22.519020Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44898.html"
      },
      "state": "solution_disponible",
      "summary": "Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href=\"#<id>\") and the text value (used as the visible link label) are inserted into <a> tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs are derived from user-supplied heading text (the standard use-case for readable slug anchors), an attacker can craft a heading whose text breaks out of the href=\"#...\" attribute context, injecting arbitrary HTML tags including <script> blocks directly into the rendered TOC. This vulnerability is fixed in 3.2.1.",
      "title": "Nouvelle CVE détectée : CVE-2026-44898"
    },
    {
      "created_at": "2026-06-11T14:02:17.132388Z",
      "cve_id": "CVE-2026-44897",
      "id": 12819,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44897.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:02:17.132388Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44897.html"
      },
      "state": "solution_disponible",
      "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
      "title": "CVE-2026-44897 · Cross-Site Scripting (XSS) dans lepture mistune"
    },
    {
      "created_at": "2026-06-11T14:02:17.132388Z",
      "cve_id": "CVE-2026-44897",
      "id": 12818,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44897.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:02:17.132388Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44897.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-44897"
    },
    {
      "created_at": "2026-06-11T14:02:17.132388Z",
      "cve_id": "CVE-2026-44897",
      "id": 12817,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44897.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T14:02:17.132388Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44897.html"
      },
      "state": "solution_disponible",
      "summary": "Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTML — with no call to escape(), safe_entity(), or any other sanitisation function. A double-quote character \" in the id value terminates the attribute, allowing an attacker to inject arbitrary additional attributes (event handlers, src=, href=, etc.) into the heading element. This vulnerability is fixed in 3.2.1.",
      "title": "Nouvelle CVE détectée : CVE-2026-44897"
    },
    {
      "created_at": "2026-06-11T13:52:14.845654Z",
      "cve_id": "CVE-2026-44896",
      "id": 12816,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44896.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:52:14.845654Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44896.html"
      },
      "state": "solution_disponible",
      "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
      "title": "CVE-2026-44896 · Cross-Site Scripting (XSS) dans lepture mistune"
    },
    {
      "created_at": "2026-06-11T13:52:14.845654Z",
      "cve_id": "CVE-2026-44896",
      "id": 12815,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44896.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:52:14.845654Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44896.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-44896"
    },
    {
      "created_at": "2026-06-11T13:52:14.845654Z",
      "cve_id": "CVE-2026-44896",
      "id": 12814,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "lepture",
            "cpe",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "lepture",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "mistune"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "lepture",
            "mistune_project",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Cross-Site Scripting (XSS) dans lepture mistune",
        "llm_path": "CVE-2026-44896.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:52:14.845654Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille permet à un attaquant d’injecter du JavaScript malveillant dans le navigateur d’un utilisateur qui interagit avec lepture mistune, mistune_project mistune.",
        "url": "cve/CVE-2026-44896.html"
      },
      "state": "solution_disponible",
      "summary": "Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer. Version 3.2.1 contains a patch.",
      "title": "Nouvelle CVE détectée : CVE-2026-44896"
    },
    {
      "created_at": "2026-06-11T13:31:44.000126Z",
      "cve_id": "CVE-2026-44844",
      "id": 12812,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "govcert-lu",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "govcert-lu",
            "pypi",
            "pip"
          ],
          "products": [
            "eml_parser",
            "eml-parser"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "govcert-lu",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Déni de service dans GOVCERT-LU eml_parser",
        "llm_path": "CVE-2026-44844.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:31:44.000126Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille peut permettre à un attaquant de provoquer un arrêt, un crash ou une indisponibilité de GOVCERT-LU eml_parser, PyPI eml-parser.",
        "url": "cve/CVE-2026-44844.html"
      },
      "state": "solution_disponible",
      "summary": "Cette faille peut permettre à un attaquant de provoquer un arrêt, un crash ou une indisponibilité de GOVCERT-LU eml_parser, PyPI eml-parser.",
      "title": "CVE-2026-44844 · Déni de service dans GOVCERT-LU eml_parser"
    },
    {
      "created_at": "2026-06-11T13:31:44.000126Z",
      "cve_id": "CVE-2026-44844",
      "id": 12811,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "govcert-lu",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "govcert-lu",
            "pypi",
            "pip"
          ],
          "products": [
            "eml_parser",
            "eml-parser"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "govcert-lu",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Déni de service dans GOVCERT-LU eml_parser",
        "llm_path": "CVE-2026-44844.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:31:44.000126Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille peut permettre à un attaquant de provoquer un arrêt, un crash ou une indisponibilité de GOVCERT-LU eml_parser, PyPI eml-parser.",
        "url": "cve/CVE-2026-44844.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-44844"
    },
    {
      "created_at": "2026-06-11T13:31:44.000126Z",
      "cve_id": "CVE-2026-44844",
      "id": 12810,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "govcert-lu",
            "pypi",
            "pip",
            "python"
          ],
          "ecosystems": [
            "govcert-lu",
            "pypi",
            "pip"
          ],
          "products": [
            "eml_parser",
            "eml-parser"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "govcert-lu",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 60,
          "summary": "Score 60/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Déni de service dans GOVCERT-LU eml_parser",
        "llm_path": "CVE-2026-44844.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:31:44.000126Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette faille peut permettre à un attaquant de provoquer un arrêt, un crash ou une indisponibilité de GOVCERT-LU eml_parser, PyPI eml-parser.",
        "url": "cve/CVE-2026-44844.html"
      },
      "state": "solution_disponible",
      "summary": "eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the message. A 12 KB EML file is enough to crash a worker. Though this causes the parser to crash, it is an unlikely scenario as the suggested EML that crashes the parser would not pass basic RFC compliance tests. This vulnerability is fixed in 3.0.1.",
      "title": "Nouvelle CVE détectée : CVE-2026-44844"
    },
    {
      "created_at": "2026-06-11T13:21:34.835019Z",
      "cve_id": "CVE-2026-44843",
      "id": 12809,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "langchain-ai",
            "cpe",
            "pypi",
            "pip",
            "python",
            "rust"
          ],
          "ecosystems": [
            "langchain-ai",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "langchain",
            "langchain-core"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "langchain-ai",
            "langchain",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 75,
          "summary": "Score 75/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Désérialisation dangereuse dans langchain-ai langchain",
        "llm_path": "CVE-2026-44843.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:21:34.835019Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte langchain-ai langchain, langchain. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44843.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte langchain-ai langchain, langchain. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2026-44843 · Désérialisation dangereuse dans langchain-ai langchain"
    },
    {
      "created_at": "2026-06-11T13:21:34.835019Z",
      "cve_id": "CVE-2026-44843",
      "id": 12808,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "langchain-ai",
            "cpe",
            "pypi",
            "pip",
            "python",
            "rust"
          ],
          "ecosystems": [
            "langchain-ai",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "langchain",
            "langchain-core"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "langchain-ai",
            "langchain",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 75,
          "summary": "Score 75/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Désérialisation dangereuse dans langchain-ai langchain",
        "llm_path": "CVE-2026-44843.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:21:34.835019Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte langchain-ai langchain, langchain. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44843.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-44843"
    },
    {
      "created_at": "2026-06-11T13:21:34.835019Z",
      "cve_id": "CVE-2026-44843",
      "id": 12807,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "python-pip",
            "langchain-ai",
            "cpe",
            "pypi",
            "pip",
            "python",
            "rust"
          ],
          "ecosystems": [
            "langchain-ai",
            "cpe",
            "pypi",
            "pip"
          ],
          "products": [
            "langchain",
            "langchain-core"
          ],
          "severity": [
            "high"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "langchain-ai",
            "langchain",
            "pypi",
            "pip"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:high",
            "projet:match",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "eleve",
          "project_count": 1,
          "score": 75,
          "summary": "Score 75/100 : la CVE matche l’inventaire projet (api-python)."
        },
        "headline": "Désérialisation dangereuse dans langchain-ai langchain",
        "llm_path": "CVE-2026-44843.md",
        "project_matches": [
          {
            "confidence_score": 85,
            "name": "api-python",
            "reasons": [
              "ecosystem:pip",
              "category:python"
            ]
          }
        ],
        "published": true,
        "published_at": "2026-06-11T13:21:34.835019Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte langchain-ai langchain, langchain. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44843.html"
      },
      "state": "solution_disponible",
      "summary": "LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with allowed_objects=\"all\". This does not enable arbitrary Python object deserialization, but it does allow any trusted LangChain-serializable object to be revived, which is broader than these runtime paths require. As a result, attacker-supplied LangChain serialized constructor dictionaries may cause trusted runtime paths to instantiate classes with untrusted constructor arguments. This vulnerability is fixed in 0.3.85 and 1.3.3.",
      "title": "Nouvelle CVE détectée : CVE-2026-44843"
    },
    {
      "created_at": "2026-06-11T13:11:16.259749Z",
      "cve_id": "CVE-2026-44837",
      "id": 12806,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "ruby-rubygems",
            "viewcomponent",
            "cpe",
            "rubygems",
            "ruby"
          ],
          "ecosystems": [
            "viewcomponent",
            "cpe",
            "rubygems"
          ],
          "products": [
            "view_component"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "viewcomponent",
            "rubygems"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans ViewComponent view_component",
        "llm_path": "CVE-2026-44837.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T13:11:16.259749Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte ViewComponent view_component, viewcomponent view_component. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44837.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte ViewComponent view_component, viewcomponent view_component. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2026-44837 · Vulnérabilité applicative dans ViewComponent view_component"
    },
    {
      "created_at": "2026-06-11T13:11:16.259749Z",
      "cve_id": "CVE-2026-44837",
      "id": 12805,
      "kind": "remediation_published",
      "payload": {
        "categories": {
          "categories": [
            "ruby-rubygems",
            "viewcomponent",
            "cpe",
            "rubygems",
            "ruby"
          ],
          "ecosystems": [
            "viewcomponent",
            "cpe",
            "rubygems"
          ],
          "products": [
            "view_component"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "viewcomponent",
            "rubygems"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans ViewComponent view_component",
        "llm_path": "CVE-2026-44837.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T13:11:16.259749Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte ViewComponent view_component, viewcomponent view_component. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44837.html"
      },
      "state": "solution_disponible",
      "summary": "Une solution fiable a été détectée.",
      "title": "Remédiation publiée pour CVE-2026-44837"
    },
    {
      "created_at": "2026-06-11T13:11:16.259749Z",
      "cve_id": "CVE-2026-44837",
      "id": 12804,
      "kind": "new_cve",
      "payload": {
        "categories": {
          "categories": [
            "ruby-rubygems",
            "viewcomponent",
            "cpe",
            "rubygems",
            "ruby"
          ],
          "ecosystems": [
            "viewcomponent",
            "cpe",
            "rubygems"
          ],
          "products": [
            "view_component"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "viewcomponent",
            "rubygems"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans ViewComponent view_component",
        "llm_path": "CVE-2026-44837.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T13:11:16.259749Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte ViewComponent view_component, viewcomponent view_component. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44837.html"
      },
      "state": "solution_disponible",
      "summary": "view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. This vulnerability is fixed in 4.9.0.",
      "title": "Nouvelle CVE détectée : CVE-2026-44837"
    },
    {
      "created_at": "2026-06-11T13:01:14.798876Z",
      "cve_id": "CVE-2026-44836",
      "id": 12803,
      "kind": "page_published",
      "payload": {
        "categories": {
          "categories": [
            "ruby-rubygems",
            "viewcomponent",
            "rubygems",
            "ruby"
          ],
          "ecosystems": [
            "viewcomponent",
            "rubygems"
          ],
          "products": [
            "view_component"
          ],
          "severity": [
            "medium"
          ],
          "state": [
            "solution_disponible"
          ],
          "vendors": [
            "viewcomponent",
            "rubygems"
          ]
        },
        "exposure": {
          "factors": [
            "gravite:medium",
            "projet:non-confirme",
            "detection:disponible",
            "remediation:solution_available"
          ],
          "level": "a_surveiller",
          "project_count": 0,
          "score": 40,
          "summary": "Score 40/100 : aucune correspondance projet directe n’a été détectée."
        },
        "headline": "Vulnérabilité applicative dans ViewComponent view_component",
        "llm_path": "CVE-2026-44836.md",
        "project_matches": [],
        "published": true,
        "published_at": "2026-06-11T13:01:14.798876Z",
        "remediation_status": "solution_available",
        "state": "solution_disponible",
        "summary": "Cette vulnérabilité affecte ViewComponent view_component, RubyGems view_component. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
        "url": "cve/CVE-2026-44836.html"
      },
      "state": "solution_disponible",
      "summary": "Cette vulnérabilité affecte ViewComponent view_component, RubyGems view_component. Consultez les sources originales pour le détail technique exact du scénario d’exploitation.",
      "title": "CVE-2026-44836 · Vulnérabilité applicative dans ViewComponent view_component"
    }
  ],
  "generated_at": "2026-06-11T17:05:54.805611Z"
}