4403 matches found
CVE-2026-32685
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...
CVE-2026-40927
Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...
CVE-2026-44262
Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...
MINI-MJ3R-P93W-CPXG
Bulletin has no description...
MINI-55C8-63MP-Q86W
Bulletin has no description...
MINI-J3W8-53J6-8GWX
Bulletin has no description...
MINI-F2WQ-XPWX-4X38
Bulletin has no description...
MINI-GHH6-552P-77RF
Bulletin has no description...
MINI-G88F-W572-GP33
Bulletin has no description...
MINI-24XV-C23C-5229
Bulletin has no description...
MINI-4CQH-P78X-W3GC
Bulletin has no description...
USN-8394-1: YARD vulnerability
It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...
USN-8394-1 yard vulnerability
It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...
BIT-AIRFLOW-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
[SECURITY] Fedora 44 Update: rubygem-yard-0.9.40-2.fc44
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
MINI-PHHF-2QWJ-MM7Q
Bulletin has no description...
MINI-VG28-MQ3W-WM56
Bulletin has no description...
MINI-9F3Q-HV78-3QHC
Bulletin has no description...
MINI-QF8P-Q49H-FJMQ
Bulletin has no description...