17 matches found
OESA-2026-2852 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
OESA-2026-2851 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
EUVD-2026-38069
YARD static cache reads raw traversal paths before router sanitization...
CVE-2026-49342
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...
CVE-2026-49342 YARD static cache reads raw traversal paths before router sanitization
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...
CVE-2026-49342
YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...
CVE-2026-49342
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...
PT-2026-51019
Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...
Important: Red Hat Security Advisory: JBoss EAP XP 5.0 Update 4.0 release. See references for release notes.
JBoss EAP XP 5.0 Update 4.0 release. See references for release notes. JBoss EAP XP 5.0 Update 4.0 GA release. See references for release notes. Security Fixes: vertx-core: static handler component cache can be manipulated to deny the access to static files eapxp-5 CVE-2026-1002 netty-codec:...
EUVD-2025-7947
Malicious code in bioql PyPI...
CVE-2025-30568
Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through = 3.3.5...
CVE-2025-30568
Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through = 3.3.5...
CVE-2025-30568 WordPress Super Static Cache - <= <= 3.3.5 Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache allows Cross Site Request Forgery. This issue affects Super Static Cache: from n/a through 3.3.5...
CVE-2025-30568 WordPress Super Static Cache plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through = 3.3.5...
CVE-2025-30568
CVE-2025-30568 is a CSRF vulnerability in the WordPress plugin Super Static Cache, affecting versions from n/a through 3.3.5. The connected Wordfence entry confirms the CVE ID, affected product, and nature of the issue, but no exploit details or remediation are provided in the supplied documents.
WordPress Super Static Cache plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Super Static Cache versions = 3.3.5...
WordPress plugin Super Static Cache 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...