CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

CVE-2026-45553

CVE-2026-45553 affects NiceGUI prior to v3.12.0. The server-side reStructuredText renderer (ui.restructured_text) passes content through Docutils without disabling file insertion directives, enabling an attacker-controlled input to trigger include, csv-table with :file:, or raw with :file:. This ...

NiceGUI 信息泄露漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.12.0 contained a vulnerability related to information leakage. This vulnerability stemmed from the fact that the ui.restructuredtext function did not disable the file...

EUVD-2006-0004

Malware in sbrugna...

EUVD-2006-0006

Malware in sbrugna...

GHSA-JCJP-QQPQ-PC54 Zope allows local users to read arbitrary files

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

Web Auditing Framework: GoLismero

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. Features: Real platform independence. Tested on Windows, Linux, BSD and OS X. No native library dependencies. All of the framework has bee...

PYSEC-2011-6

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

Debian: Security Advisory (DSA-1113)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2006-3695

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

DEBIAN-CVE-2006-3695

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

DSA-1113 zope2.7 - programming error

Bulletin has no description...

zope -- information disclosure vulnerability

Zope team reports: Unspecified vulnerability in Zope2 allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text"...