Lucene search
K

237 matches found

EUVD
EUVD
added 2026/06/26 10:29 p.m.10 views

EUVD-2026-38069

YARD static cache reads raw traversal paths before router sanitization...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 8:16 p.m.12 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 8:16 p.m.11 views

DEBIAN-CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 8:16 p.m.4 views

UBUNTU-CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 7:13 p.m.19 views

CVE-2026-49342

YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:13 p.m.18 views

CVE-2026-49342 YARD static cache reads raw traversal paths before router sanitization

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/19 7:13 p.m.6 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Yard

Path traversal is possible before version 0.9.20...

7.5CVSS7.1AI score0.02334EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51019

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : YARD vulnerability (USN-8394-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8394-1 advisory. It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An...

7.5CVSS5.7AI score0.00388EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/05 8:11 a.m.11 views

USN-8394-1: YARD vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0
OSV
OSV
added 2026/06/05 8:11 a.m.8 views

USN-8394-1 yard vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/05 4:10 a.m.19 views

[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.14 views

Fedora 44 : rubygem-yard (2026-acefc1fe48)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-acefc1fe48 advisory. Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues Tenable has extracted the preceding description block directly from the Fedora security...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.14 views

Fedora 43 : rubygem-yard (2026-2d0a32ddc0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2d0a32ddc0 advisory. Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues Tenable has extracted the preceding description block directly from the Fedora security...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/25 11:16 p.m.14 views

CVE-2026-41493

A flaw was found in YARD, a Ruby Documentation tool. When using yard server to serve documentation, a path traversal vulnerability allows a remote attacker to access arbitrary files on the host machine through unsanitized HTTP requests. This could lead to unauthorized information disclosure from...

7.5CVSS5.9AI score0.00388EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Yard

YARD is a Ruby documentation tool. The “frames.html” file within the Yard Doc’s generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the “frames.erb” template file. This vulnerability has been fixed...

6.1CVSS6.4AI score0.0106EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 1:59 p.m.12 views

OESA-2026-2285 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

7.5CVSS5.9AI score0.00388EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/11 2:14 p.m.12 views

SUSE CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

7.5CVSS5.9AI score0.00388EPSS
Exploits0References3
Rows per page
Query Builder