14 matches found
CVE-2026-33242
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
CVE-2026-33241
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely...
CVE-2026-33242
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
salvo ๅฎๅ จๆผๆด
Salvo is a web framework developed by Salvo OpenSource. Versions of Salvo prior to 0.89.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of payload size limits in the form data parsing mechanism, which could lead to memory exhaustion and service...
CVE-2026-33241 Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely...
CVE-2026-33241 Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely...
CVE-2026-33241 Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely...
CVE-2026-33241
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely...
CVE-2026-33242 Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
CVE-2026-33242
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...
CVE-2026-33242
The GitHub advisory GHSA-F842-PHM9-P4V4 describes a path traversal in the salvo-proxy component of the Salvo Rust framework (v0.89.2). The root cause is encode_url_path failing to normalize path segments (not re-encoding '.' and not handling '..' safely), allowing an unauthenticated attacker to p...
CVE-2023-6994
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Plugin List category posts Security Breach
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-15167 ยท WordPress ยท List Category Posts
Name of the Vulnerable Software and Affected Versions: The List category posts plugin for WordPress versions up to, and including, 0.89.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escapin...