YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...
5.4CVSS
5AI Score
0.0004EPSS
The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.0004EPSS
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.002EPSS
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary...
7.5CVSS
6.1AI Score
0.002EPSS
7.5CVSS
6.1AI Score
0.003EPSS
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3)...
8.2AI Score
0.016EPSS
Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary...
7.4AI Score
0.025EPSS
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than...
6.6AI Score
0.004EPSS
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret...
8AI Score
0.037EPSS