CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

OESA-2023-1911 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host...

Reflected Cross-site Scripting (XSS)

generator-hottowel is vulnerable to Reflected Cross-site Scripting XSS attacks. The library does not properly handle invalid calls to assets as it uses a custom 404 response object, allowing an attacker to inject and execute JavaScript through the app.use function in app/templates/src/server/app....

CVE-2022-39348

A host header injection flaw was found in the twisted event-based framework's web module. When the host header does not match a configured host, the web module will render unescaped characters into the 404 response. This can result in HTML and script injection. For this vulnerability to be...

CVE-2022-39348

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

Lucee < 5.3.5.96, 5.3.6.x < 5.3.6.68, 5.3.7.x < 5.3.7.47 RCE Vulnerability (GHSA-2xvv-723c-8p7r) - Active Check

Lucee is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lucee:luceeserver";...

Design/Logic Flaw

Http4s is a Scala interface for HTTP services. StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a...

CVE-2020-4028

CVE-2020-4028 affects Atlassian Jira Server/Data Center (versions before 8.9.1). Vulnerability arises because various resources responded with 404 instead of redirecting unauthenticated users to the login page, enabling information disclosure about whether resources exist during login redirection...

Mail.ru: Reflected XSS at city-mobil.ru

Reflected XSS via URI vector in https://city-mobil.ru/ 404 response...

Code injection

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...

CVE-2016-2165

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...

CVE-2016-2165

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...

CVE-2016-2165 Loggregator Request URL Paths | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation, VMware Cloud Foundry Versions Affected cf-release v231 and lower Description The Loggregator Traffic Controller endpoints are not cleansing request URL paths when they are invalid and is returning them in the 404 response. This could allow maliciou...

HackerOne: HackerOne Private Programs users disclosure and de-anonymous-ize

Hi HackerOne Team, I have found a bug in HackerOne Platform allows any attacker to deanonymousize any security researcher using the platform and the most wild usage is to disclose some information about this security researcher if he is invited to a private program or not. Unfortunately HackerOne...

Microsoft IIS 404 Response Service Pack Signature

The Patch level Service Pack of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk. Note that this test makes assumptions of the remote patch level based on static return value...

CVE-2002-1497

Cross-site scripting XSS vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response...