It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host.

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

USN-8394-1: YARD vulnerability

VERWANDTEARTIKEL

CVE-2026-46400 - HAXCMS PHP has a File Upload Validation Bypass

CVE-2026-45779 - Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise

CVE-2026-46398 - HAX CMS Missing Secure Flag on Cookie

CVE-2026-45758 - Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

CVE-2026-45777 - Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection

CVE-2026-45778 - Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset