CVE-2025-56499

Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...

CVE-2025-56499

Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...

mihomo 安全漏洞

mihomo is an open source API interface for MetaCubeX. A security vulnerability exists in mihomo version v1.19.11, which stems from improper access control and could lead to reading arbitrary files...

CVE-2025-56499

Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...

PT-2025-47393

Name of the Vulnerable Software and Affected Versions mihomo version 1.19.11 Description An access control issue exists in mihomo version 1.19.11. Authenticated attackers with limited privileges can read arbitrary files with higher privileges. This is achieved by obtaining an external control key...

CVE-2025-56499

VULNERABILITY: CVE-2025-56499 affects mihomo v1.19.11. Description: an access-control issue allows authenticated attackers with low privileges to read arbitrary files with elevated privileges by obtaining the external control key from the configuration file. Impact: elevated read access (confiden...

GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

CVE-2025-12044

CVE-2025-12044: Vault and Vault Enterprise are vulnerable to unauthenticated DoS when processing JSON due to a rate-limit regression from HCSEC-2025-24. Affected: Vault Community 1.20.3–1.20.4; Vault Enterprise 1.16.25–1.16.26, 1.19.9–1.19.10, 1.18.14–1.18.15. Fixed in Vault Community 1.21.0 and ...

PT-2025-43549

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.16.27 HashiCorp Vault Enterprise versions prior to 1.16.27 HashiCorp Vault versions prior to 1.19.11 HashiCorp Vault Enterprise versions prior to 1.19.11 HashiCorp Vault versions prior to 1.20.5 HashiCorp...

CVE-2021-25741 affecting package kubernetes-1.19.11 1.19.11-7

CVE-2021-25741 affecting package kubernetes-1.19.11 1.19.11-7. No patch is available currently...

SUSE-SU-2023:2845-1 Security update for go1.19

This update for go1.19 fixes the following issues: go was updated to version 1.19.11 bsc1200441: - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http bsc1213229...

GHSA-3VJF-82FF-P4R3 Incorrect protocol extraction via \r, \n and \t characters

\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11. This can lead to XSS when the module is used to prevent passing in malicious javascript: links into HTML or Javascript see following example:...

CVE-2022-1243 CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...

GHSA-G694-M8VQ-GV9H URL Confusion When Scheme Not Supplied in medialize/uri.js

Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...

URL Confusion When Scheme Not Supplied in medialize/uri.js

Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...

CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...

MediaWiki 'formatHTML'函数跨站脚本漏洞

BUGTRAQ ID：65906 CVE ID：CVE-2014-2244 MediaWiki是一款Wiki程序。 MediaWiki中的includes/api/ApiFormatBase.php脚本的'formatHTML'函数存在跨站脚本漏洞。由于程序未能正确处理追加到api.php脚本的链接，远程攻击者可利用该漏洞注入任意Web脚本或HTML。 0 MediaWiki Mediawiki 2.0.18 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6...