CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Yard

YARD is a Ruby documentation tool. The “frames.html” file within the Yard Doc’s generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the “frames.erb” template file. This vulnerability has been fixed...

6.1CVSS6.4AI score0.0106EPSS

Exploits1References1

Tenable Nessus•added 2026/05/09 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation...

7.5CVSS5.7AI score0.00388EPSS

Exploits0References3

OSV•added 2026/05/08 2:16 p.m.•6 views

DEBIAN-CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

7.5CVSS5.9AI score0.00388EPSS

Exploits0References1

OSV•added 2024/02/29 12:0 a.m.•0 views

UBUNTU-CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

6.1CVSS7.1AI score0.0106EPSS

Exploits1References9