CVE-2026-22256

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

http-api-problem (>=0.50.0 <=0.50.2) potentially affected by CVE-2026-22256 via salvo (>=0.10.4 <=0.11.6)

salvo CARGO version =0.10.4, =0.50.0, =0.50.2 Source cves: CVE-2026-22256 Source advisory: OSV:GHSA-RJF8-2WCW-F6MP...

CVE-2026-22256

creationtimestamp| type| source ---|---|--- 2026-01-08 08:03:58+00:00| published-proof-of-concept| https://github.com/salvo-rs/salvo/security/advisories/GHSA-rjf8-2wcw-f6mp 2026-01-08 19:40:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbwqesbsvq2v 2026-01-08...

Linux Distros Unpatched Vulnerability : CVE-2021-22256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

CVE-2025-22256

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests...

CVE-2025-22256

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests...

CVE-2025-22256

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests...

CVE-2023-51557

Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...

CVE-2023-51557

CVE-2023-51557 affects Foxit PDF Reader/Editor (AcroForm Doc handling). The flaw is a Use-After-Free in Doc objects due to not validating the existence of an object before operations, allowing code execution in the current process. Exploitation requires user interaction (visiting a malicious page...

CVE-2023-51557 Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...

CVE-2023-51557 Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...

CVE-2024-22256

creationtimestamp| type| source ---|---|--- 2024-03-07 11:31:13+00:00| seen| https://t.me/ctinow/202305 2024-03-07 11:36:41+00:00| seen| https://t.me/ctinow/202316...

CVE-2024-22256

VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance...

GitLab 12.6 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22256)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status CVE-2021-22256 Note that Nessus has not tested fo...

CVE-2023-22256 AEM URL Redirection to Untrusted Site Security feature bypass

Experience Manager versions 6.5.15.0 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interactio...

CVE-2023-22256

CVE-2023-22256 affects Adobe Experience Manager 6.5.15.0 and earlier with a URL Redirection to Untrusted Site (Open Redirect). Root cause: vulnerable redirect logic; exploitation requires low-privilege authenticated user interaction. Impact: possible redirection to malicious sites; CVSSv3.1 base ...

CVE-2022-22256

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2022-22256

CVE-2022-22256 affects Huawei HarmonyOS, specifically the DFX module, which has an access control error. The vulnerability arises from inadequate restriction of resources to unauthorized roles, with potential impact on data confidentiality. Public references in the dataset describe the issue cons...

CVE-2021-22256

creationtimestamp| type| source ---|---|--- 2021-08-25 22:25:47+00:00| seen| https://t.me/cibsecurity/27873...

CVE-2021-22256

CVE-2021-22256 concerns GitLab CE/EE: improper authorization allowed guest users to create issues for Sentry errors and track status, affecting all versions since 12.6. Public records from Red Hat, OSV, NVD and related feeds confirm the issue exists in GitLab CE/EE and has concrete exploitation c...