Lucene search
K

4 matches found

NVD
NVD
added 2026/06/02 4:16 p.m.14 views

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:34 p.m.8 views

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.7AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 3:34 p.m.3 views

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.9AI score0.00255EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 8:21 p.m.13 views

GHSA-JFRM-RX66-G536 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

Summary ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard Docutils directives include, csv-table with :file:, raw wi...

7.5CVSS5.9AI score0.00255EPSS
Exploits0References4
Rows per page
Query Builder