Lucene search
+L

34 matches found

Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.4 views

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...

4.9CVSS6.8AI score0.00375EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.4 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS6.4AI score0.00368EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/19 12:0 a.m.5 views

EUVD-2025-204427

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

8.3CVSS7.6AI score0.01055EPSS
Exploits1References5
CVE
CVE
added 2025/12/19 12:0 a.m.24 views

CVE-2025-67842

The CVE describes a vulnerability in Mintlify Platform’s Static Asset API where, prior to 2025-11-15, any tenant’s assets could be served on another tenant’s documentation site via the subdomain parameter, enabling remote arbitrary web script or HTML injection. Affected component: Static Asset AP...

6.4CVSS6.2AI score0.00316EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.28 views

CVE-2025-67843

A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...

8.3CVSS0.01055EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.29 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS0.00368EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.24 views

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

6.4CVSS0.00493EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.31 views

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...

4.9CVSS0.00375EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.5 views

Mintlify 安全漏洞

Mintlify is an AI-driven documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15 that stems from predictable deployment identifiers in Deployment Infrastructure and could lead to a degradation attack...

6.5CVSS6.6AI score0.00375EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.30 views

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS0.00316EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.8 views

PT-2025-52407

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows attackers to bypass security patches and execute downgrade attacks. This is possible through predictable...

6.5CVSS6.8AI score0.00375EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.10 views

PT-2025-52404

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description A Server-Side Template Injection SSTI flaw exists in the MDX Rendering Engine of Mintlify Platform. This issue allows remote attackers to execute arbitrary code through inline JSX...

8.3CVSS7.6AI score0.01055EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.8 views

PT-2025-52403

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site...

6.4CVSS6.7AI score0.00316EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.8 views

PT-2025-52406

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing pa...

6.4CVSS6.4AI score0.00493EPSS
Exploits1References14
Rows per page
Query Builder