1081 matches found
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.
Red Hat Developer Hub 1.9.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
EUVD-2026-36783
Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...
CVE-2026-50885
Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...
MAL-2026-5802 Malicious code in cardano-addresses-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d99ae2a620ac8a3db31cde344d6d1e46914f785b3d5f4b8debdb20d64fa9c75 package.json declares a preinstall hook node index.js that runs automatically on npm install. index.js collects host identifiers os.hostname,...
XXE Injection
Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...
PT-2026-49326
Name of the Vulnerable Software and Affected Versions Sismics Docs Teedy version 1.11 Description Incorrect access control in the share-based read endpoints allows unauthorized attackers to access sensitive endpoints by sending a crafted request. Recommendations At the moment, there is no...
CVE-2026-50885
Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...
CVE-2026-50885
CVE-2026-50885 concerns Sismics Docs (Teedy) with version v1.11, where an incorrect access control flaw in the share-based read endpoints enables unauthorized attackers to access sensitive endpoints via a crafted request. The related advisories consistently describe limited information about root...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs24: nodejs24-24.16.0-1.hum1 aarch64, x8664 nodejs24-bin-24.16.0-1.hum1 noarch nodejs24-devel-24.16.0-1.hum1 aarch64, x8664 nodejs24-docs-24.16.0-1.hum1 noarch...
[SECURITY] Fedora 43 Update: rust-1.96.0-1.fc43
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...
EUVD-2026-35885
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
CVE-2026-40991
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
VMware Spring REST Docs 代码问题漏洞
VMware Spring REST Docs is a REST API documentation generation framework developed by VMware, Inc. There are code-related vulnerabilities in VMware Spring REST Docs. These vulnerabilities arise when using spring-restdocs-webtestclient or spring-restdocs-restassistant to record remote APIs accesse...
CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
CVE-2026-40991
The CVE-2026-40991 issue affects Spring REST Docs: 4.0.0; 3.0.0–3.0.5; and 2.0.0.RELEASE–2.0.8.RELEASE. When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote HTTP API, an attacker who compromises the API or tricks a user into documenting a malicious API can ...
UBUNTU-CVE-2026-9748
The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improperly configured XML parsing in the PrettyPrintingContentModifier and XmlContentHandler classes, in PrettyPrintingContentModifier.java and payload/XmlContentHandler.java. When the...
PT-2026-48306
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...
SUSE CVE-2026-32685
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...