Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Yard Security Vulnerabilities

cve
cve

CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

5.4CVSS

5AI Score

0.0004EPSS

2024-02-28 08:15 PM
88
cve
cve

CVE-2023-1110

The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.0004EPSS

2023-08-16 12:15 PM
19
cve
cve

CVE-2022-2094

The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site...

6.1CVSS

6AI Score

0.001EPSS

2023-02-08 10:15 AM
35
cve
cve

CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted...

5.3CVSS

5.3AI Score

0.001EPSS

2023-02-01 02:15 PM
13
cve
cve

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing...

7.5CVSS

7.5AI Score

0.002EPSS

2023-02-01 02:15 PM
13
cve
cve

CVE-2022-47714

Last Yard 22.09.8-1 does not enforce HSTS...

9.8CVSS

9.3AI Score

0.002EPSS

2023-02-01 02:15 PM
17
cve
cve

CVE-2017-17042

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary...

7.5CVSS

6.1AI Score

0.002EPSS

2022-10-03 04:23 PM
54
cve
cve

CVE-2019-1020001

yard before 0.9.20 allows path...

7.5CVSS

6.1AI Score

0.003EPSS

2019-07-29 01:15 PM
71
cve
cve

CVE-2013-4147

Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3)...

8.2AI Score

0.016EPSS

2013-08-09 09:55 PM
18
cve
cve

CVE-2004-0987

Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary...

7.4AI Score

0.025EPSS

2005-01-10 05:00 AM
28
cve
cve

CVE-2001-1377

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than...

6.6AI Score

0.004EPSS

2002-06-11 04:00 AM
26
cve
cve

CVE-2001-1376

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret...

8AI Score

0.037EPSS

2002-06-11 04:00 AM
27