467 matches found
CVE-2026-25779 Gitea redirect handling permits open redirects through backslash paths
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirectto values...
CVE-2026-25779
Gitea is affected up to version 1.25.4 by an open redirect in redirect_to caused by using raw or encoded backslashes in the redirect_to parameter; the root cause is improper validation in modules/httplib/url.go, allowing directory traversal sequences to bypass validation. Impacts include phishing...
PT-2026-54444
Name of the Vulnerable Software and Affected Versions probod versions prior to 0.194.1 Description The saferedirect package in go.probo.inc/probo fails to properly validate redirect URLs used in authentication flows, such as OIDC, SAML, session transfer, OAuth connectors, and trust-center magic...
PT-2026-52980
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.23 Description The local internal-storage backend fails to properly validate user-supplied paths because it checks for directory traversal sequences before converting Windows-style...
CVE-2026-52844
CVE-2026-52844 describes a Windows-specific path handling bug in Caddy prior to 2.11.4 where path matchers do not normalize backslashes, causing a request like /private%5csecret.txt to bypass path-scoped auth and reach the protected file, e.g., /private/*, through file_server. The issue is exploi...
CVE-2026-53779 WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows
WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMGPATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...
CVE-2026-54286
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...
CVE-2026-54286
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...
CVE-2026-54286 Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...
CVE-2026-54286
CVE-2026-54286 concerns Hono’s path traversal in the Windows environment via encoded backslash (%5C) in the request path. A prior issue (pre-4.12.25) causes %5C to decode to a backslash, which Windows path resolution treats as a separator, allowing a crafted URL segment (e.g., admin\secret.txt) t...
GHSA-M999-J542-5W3R Open Redirect Bypass in miniflux-v2
Summary The URL restrictions in miniflux-v2 can be bypassed by attackers, leading to an open redirect vulnerability. Details Normally, the redirect URL needs to be validated using IsRelativePath. There are some security measures in place, such as requiring relative paths, prohibiting host and...
CakePHP Authentication: Open redirect weakness via backslash bypass
Impact The getLoginRedirect method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Patches 3.3.6 and 4.1.1 contain a fix for this issue. Workarounds If you are unable to upgrade, you should consider adding application validation to the...
GHSA-J5R2-4C8J-XC3M Gitea: Open Redirect via redirect_to
Details Despite the validation within urlIsRelative in modules/httplib/url.go, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirectto" parameter. PoC When a user uses this URL to login:...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the redirectto parameter when directory traversal sequences and a backslash are used. An attacker can redirect users to arbitrary external sites by crafting a malicious URL, potentially leading to phishing, token theft...
Gitea: Open Redirect via redirect_to
Details Despite the validation within urlIsRelative in modules/httplib/url.go, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirectto" parameter. PoC When a user uses this URL to login:...
PT-2026-50585
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An open redirect exists due to improper validation within the urlIsRelative function in modules/httplib/url.go. An attacker can bypass this validation by using directory traversal sequences...
GHSA-QRP7-CVWR-J2C6 Caddy: Windows `file_server` path authorization bypass via encoded backslash
Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...
Caddy: Windows `file_server` path authorization bypass via encoded backslash
Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...
NPM: hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)
NPM: hono: Path traversal in serve-static on Windows via encoded backslash %5C vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...
Directory Traversal
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Directory Traversal via the serve-static method on Windows hosts when an encoded backslash %5C in the request path is decoded to , which is treated as a separator by the Windows path...