Lucene search
K

1065 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 4:1 p.m.8 views

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.7AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:34 p.m.47 views

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 3:34 p.m.17 views

CVE-2026-45553

CVE-2026-45553 affects NiceGUI prior to v3.12.0. The server-side reStructuredText renderer (ui.restructured_text) passes content through Docutils without disabling file insertion directives, enabling an attacker-controlled input to trigger include, csv-table with :file:, or raw with :file:. This ...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:34 p.m.8 views

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.7AI score0.00255EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 9:9 p.m.18 views

Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

5.8AI score0.00052EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2026/05/25 11:37 p.m.16 views

CVE-2026-40682

A flaw was found in Apache OpenNLP. A remote attacker can exploit this vulnerability by providing a specially crafted dictionary file. This can lead to an XML External Entity XXE injection, which allows for the disclosure of local files or enables server-side request forgery SSRF, where the serve...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Trimble SketchUp 安全漏洞

Trimble SketchUp is a 3D modeling software developed by Trimble in the United States. It is designed for architects, urban planning experts, producers, game developers, and professionals in related fields. Trimble SketchUp has a security vulnerability that stems from improper handling of dynamic...

9.3CVSS6.4AI score0.00231EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/20 3:35 p.m.14 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Crawler::addXmlContent XML parsing logic. An attacker can read arbitrary local files by supplying crafted XML containing external entities, as validateOnParse re-enables DTD processing and...

8.8CVSS6AI score0.00052EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 8:21 p.m.16 views

NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

Summary ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard Docutils directives include, csv-table with :file:, raw wi...

7.5CVSS5.9AI score0.00255EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/18 8:21 p.m.12 views

GHSA-JFRM-RX66-G536 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

Summary ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard Docutils directives include, csv-table with :file:, raw wi...

7.5CVSS5.9AI score0.00255EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 6:16 p.m.13 views

CVE-2026-42598

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...

6.9CVSS0.00325EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 10:0 a.m.16 views

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)

Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...

9.1CVSS5.9AI score0.00542EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:56 p.m.10 views

CVE-2026-43891

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

7.5CVSS5.8AI score0.00354EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.12 views

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:35 p.m.9 views

CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/08 9:35 p.m.16 views

EUVD-2026-28839

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 9:35 p.m.16 views

CVE-2026-42212

CVE-2026-42212 – SolidCAM-GPPL-IDE (Postprocessor IDE) affects versions 1.0.0–1.0.1 of the unofficial SolidCAM extension. The VMID parser loads XML with XDocument.Load(...) without XmlReaderSettings, enabling DTD processing and leading to XXE and related risks. Impact per sources includes local f...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Postprocessor IDE for SolidCAM 资源管理错误漏洞

Postprocessor IDE for SolidCAM is a GPPL language development support tool developed by Andrey Zorin. Versions of Postprocessor IDE for SolidCAM from 1.0.0 to 1.0.2 contained a resource management vulnerability. This vulnerability arose from the language server’s parsing of.vmid files in the same...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.16 views

Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder