Lucene search
K

17 matches found

OSV
OSV
added 4 days ago3 views

OESA-2026-2852 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 4 days ago5 views

OESA-2026-2851 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:29 p.m.11 views

EUVD-2026-38069

YARD static cache reads raw traversal paths before router sanitization...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:13 p.m.19 views

CVE-2026-49342 YARD static cache reads raw traversal paths before router sanitization

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:13 p.m.24 views

CVE-2026-49342

YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/19 7:13 p.m.6 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51019

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/05 8:0 p.m.8 views

Important: Red Hat Security Advisory: JBoss EAP XP 5.0 Update 4.0 release. See references for release notes.

JBoss EAP XP 5.0 Update 4.0 release. See references for release notes. JBoss EAP XP 5.0 Update 4.0 GA release. See references for release notes. Security Fixes: vertx-core: static handler component cache can be manipulated to deny the access to static files eapxp-5 CVE-2026-1002 netty-codec:...

8.2CVSS6.5AI score0.00562EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7947

Malicious code in bioql PyPI...

4.3CVSS9AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/26 2:52 p.m.8 views

CVE-2025-30568

Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through = 3.3.5...

4.3CVSS7.2AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 2:15 p.m.5 views

CVE-2025-30568

Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through = 3.3.5...

4.3CVSS0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/24 1:47 p.m.4 views

CVE-2025-30568 WordPress Super Static Cache - <= <= 3.3.5 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache allows Cross Site Request Forgery. This issue affects Super Static Cache: from n/a through 3.3.5...

4.3CVSS4.7AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 1:47 p.m.16 views

CVE-2025-30568 WordPress Super Static Cache plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through = 3.3.5...

4.3CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 1:47 p.m.54 views

CVE-2025-30568

CVE-2025-30568 is a CSRF vulnerability in the WordPress plugin Super Static Cache, affecting versions from n/a through 3.3.5. The connected Wordfence entry confirms the CVE ID, affected product, and nature of the issue, but no exploit details or remediation are provided in the supplied documents.

4.3CVSS7.2AI score0.00186EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 1:31 p.m.4 views

WordPress Super Static Cache plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Super Static Cache versions = 3.3.5...

4.3CVSS6.9AI score0.00186EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

WordPress plugin Super Static Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS8.6AI score0.00186EPSS
Exploits0References2
Rows per page
Query Builder