CVE-2026-48547 KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a childprocess.execSync cal...

WordPress YML for Yandex Market plugin < 5.0.26 - Shop Manager+ RCE via Feed Generation vulnerability

Shop Manager+ RCE via Feed Generation vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin YML for Yandex Market versions 5.0.26...

WordPress plugin YML for Yandex Market 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-31880

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...

CVE-2026-32567

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

CVE-2026-32567 WordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

CVE-2026-32567

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

CVE-2026-32567

CVE-2026-32567 affects the WordPress plugin WordPress YML for Yandex Market (

PT-2026-28061

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

CVE-2026-29075

Mesa CVE-2026-29075 affects the Mesa library (versions ≤ 3.5.0). The vulnerability arises when untrusted code is checked out in the benchmarks.yml workflow, potentially allowing code execution in a privileged runner. The issue has been patched via commit c35b8cd. Public-facing exploitation detail...

CVE-2020-7650

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...

CVE-2025-64232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

EUVD-2025-38059

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232 WordPress Import from YML plugin <= 3.1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232

CVE-2025-64232 affects the WordPress Import from YML plugin (versions through 3.1.17). The vulnerability is a reflected cross-site scripting (XSS) flaw caused by improper neutralization of input during web page generation, enabling attacker-controlled input to be reflected in resulting pages. Imp...

WordPress plugin Import from YML 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

better-config-loader (>=0.1.4 <=0.2.4), brainwires-skills (>=0.2.0 <=0.6.0) +60 more potentially affected by unknown CVE via serde_yml (>=0.0.10 <=0.0.12)

serdeyml CARGO version =0.0.10, =0.1.4, =0.2.0, =0.33.0, =0.14.0, =0.14.0, =0.3.0, =0.1.5, =0.9.0, =0.3.0, =0.10.0, =0.3.2, =0.1.0, =0.6.1 - fastconfig =1.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HHW4-XG65-FP2X...

CVE-2023-30473

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov YML for Yandex Market plugin = 3.10.7 versions...

DRUPAL-CONTRIB-2025-060

This module enables you to seamlessly migrate and deploy content across environments, eliminating manual steps. It simplifies the process by exporting content to a YML file or a ZIP archive, which can be imported into another environment effortlessly. While the export feature rightfully bypasses...