CVE-2026-29185

A flaw was found in the Backstage SCM Source Code Management integration component. This vulnerability allows an attacker to include encoded path traversal sequences within SCM URLs. When these URLs are processed, the traversal segments can redirect requests to unintended SCM provider API...

@backstage/backend-defaults (>=0.15.3-next.0 <=0.16.0-next.2), @backstage/backend-dynamic-feature-service (>=0.7.10-next.0 <=0.8.0-next.2) +70 more potentially affected by CVE-2026-29185 via @backstage/integration (>=1.21.0-next.0 <=2.0.0-next.2)

@backstage/integration NPM version =1.21.0-next.0, =0.15.3-next.0, =0.7.10-next.0, =1.11.1-next.0, =0.35.5-next.0, =0.5.9-next.0, =1.1.21-next.0, =0.15.1-next.0, =0.4.1-next.0, =0.5.1-next.0, =1.2.16-next.0, =0.13.5-next.0, =0.4.1-next.0, =0.3.8-next.0, =1.33.1-next.0, =3.5.0-next.0, =3.5.0-next....

CVE-2024-29185

FreeScout before 1.8.128 is vulnerable to OS command injection in /public/tools.php. The php_path parameter is executed as an OS command via shell_exec without validation, enabling an attacker to run arbitrary commands on the server. Demonstrations have shown access to /etc/passwd, indicating com...

CVE-2023-29185

creationtimestamp| type| source ---|---|--- 2023-04-11 07:23:21+00:00| seen| https://t.me/cibsecurity/61832...

CVE-2023-29185

SAP NetWeaver AS for ABAP Business Server Pages - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources...

CVE-2023-29185

CVE-2023-29185 affects SAP NetWeaver AS for ABAP (Business Server Pages) across versions 700–757. An attacker authenticated as a non-administrative user can craft a request with certain parameters in specific conditions to cause uncontrolled resource consumption, leading to server unavailability ...

CVE-2023-29185 Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)

SAP NetWeaver AS for ABAP Business Server Pages - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources...

CVE-2022-29185

creationtimestamp| type| source ---|---|--- 2022-05-21 00:31:17+00:00| seen| https://t.me/cibsecurity/43106...

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

CVE-2022-29185

CVE-2022-29185 affects the Rust library totp-rs. Prior to version 1.1.0, token comparison was not constant time, which could theoretically allow guessing a TOTP token value and reusing it within the same time window, assuming the attacker knew the password. Patch 1.1.0 introduces a constant-time ...

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...