77 matches found
CVE-2026-45553
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
CVE-2026-45553
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
CVE-2026-45553
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
CVE-2026-45553
CVE-2026-45553 affects NiceGUI prior to v3.12.0. The server-side reStructuredText renderer (ui.restructured_text) passes content through Docutils without disabling file insertion directives, enabling an attacker-controlled input to trigger include, csv-table with :file:, or raw with :file:. This ...
CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
GHSA-JFRM-RX66-G536 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
Summary ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard Docutils directives include, csv-table with :file:, raw wi...
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
Summary ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard Docutils directives include, csv-table with :file:, raw wi...
EUVD-2005-3322
Malware in sbrugna...
CVE-2009-5042
python-docutils allows insecure usage of temporary files...
SUSE CVE-2005-3323
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality...
SUSE CVE-2006-4684
The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...
SUSE CVE-2015-0846
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXTFILTERSETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors...
Security fix for the ALT Linux 9 package openvpn version 2.5.6-alt1
2.5.6-alt1 built Sept. 28, 2022 Andrey Cherepanov in task 305924 May 16, 2022 Nikolay A. Fetisov - New version Closes: 42217 - Security fixes: + CVE-2022-0547: possible authentication bypass if multiple authentication plugins tries to do deferred authentication - Fix build with new...
Security fix for the ALT Linux 10 package openvpn version 2.5.6-alt1
2.5.6-alt1 built May 24, 2022 Andrey Cherepanov in task 300403 --- May 16, 2022 Nikolay A. Fetisov - New version Closes: 42217 - Security fixes: + CVE-2022-0547: possible authentication bypass if multiple authentication plugins tries to do deferred authentication - Fix build with new...
django-markupfield Arbitrary File Read
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXTFILTERSETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors...
GHSA-WXMR-7XJV-8XQW django-markupfield Arbitrary File Read
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXTFILTERSETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors...
GHSA-F9QV-J5G6-G5CR Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...
Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...
GHSA-HM8G-JXJJ-GFM3 Zope allows remote attackers to read arbitrary files
The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...