Lucene search
K

4 matches found

Veracode
Veracode
added 2026/05/16 5:34 a.m.15 views

Path Traversal

Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...

8.6CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node- based asset pipelines PostCSS, Babel, TailwindCSS, Hugo...

8.6CVSS5.5AI score0.00274EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:37 p.m.13 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/18 12:15 a.m.3 views

CVE-2021-41599

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

8.8CVSS7.7AI score0.0214EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder