Lucene search
K

40 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-55590

CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...

5.1CVSS5.9AI score0.00578EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-55590 CakePHP: Open redirect weakness via backslash bypass

CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...

5.1CVSS0.00578EPSS
Exploits0References10
CVE
CVE
added 2 days ago28 views

CVE-2026-55590

The CVE-2026-55590 entry concerns the CakePHP Authentication plugin (CakePHP, PSR-7 compatible) with a backslash bypass in getLoginRedirect() that enables open redirects to attacker-controlled hostnames through the redirect query parameter. Affected versions: prior to 2.11.1, 3.3.6, and 4.1.1. Th...

5.1CVSS5.9AI score0.00578EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/17 6:52 p.m.14 views

CakePHP Authentication: Open redirect weakness via backslash bypass

Impact The getLoginRedirect method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Patches 3.3.6 and 4.1.1 contain a fix for this issue. Workarounds If you are unable to upgrade, you should consider adding application validation to the...

5.1CVSS5.3AI score0.00578EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/17 6:52 p.m.4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the getLoginRedirect function. An attacker can redirect users to an attacker-controlled hostname by exploiting a backslash bypass in the redirect target. Remediation Upgrade cakephp/authentication to version 3.3.6, 4.1....

5.1CVSS5.8AI score0.00578EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50603

Name of the Vulnerable Software and Affected Versions CakePHP Authentication versions prior to 2.11.1 CakePHP Authentication versions prior to 3.3.6 CakePHP Authentication versions prior to 4.1.1 Description The getLoginRedirect function contains a weakness to backslash bypasses. This allows...

5.1CVSS5.9AI score0.00578EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/06/08 11:6 p.m.14 views

FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString

Summary The TDengine DAQ storage connector's escapeTdString at server/runtime/storage/tdengine/index.js:10 doubles single quotes but does not escape backslashes. TDengine's SQL parser treats ' as a literal single quote inside a string, so a tag id of the form x' OR 1=1-- escapes the first single...

5.5AI score0.00082EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/08 3:42 p.m.71 views

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

2.3CVSS0.00282EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 3:42 p.m.6 views

EEF-CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines i...

2.3CVSS5.8AI score0.00282EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 3:42 p.m.8 views

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

2.3CVSS5.8AI score0.00282EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 3:42 p.m.26 views

CVE-2026-42794

CVE-2026-42794 is a reflected XSS in absinthe_plug via GraphiQL. The function Elixir.Absinthe.Plug.GraphiQL:js_escape/1 escapes single quotes and newlines in the query GET parameter but does not escape backslashes, enabling an attacker to prefix a quote with a backslash (e.g., ") to break out of ...

6.1CVSS5.8AI score0.00282EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/07 6:54 p.m.49 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 6:54 p.m.7 views

CVE-2026-42259 Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward...

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 6:54 p.m.19 views

CVE-2026-42259

Technical details are not publicly available in the provided Connected documents. Monitor for updates on Saltcorn CVE-2026-42259 for any vendor advisories or patches beyond the initial description.

5.1CVSS5.7AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 11:0 p.m.8 views

GHSA-F3G8-9XV5-77GV Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Summary Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward slashes / for special schemes, a payload such as /\evil.com/path slips through isrelativeurl, is emitted unchanged in t...

5.1CVSS5.6AI score0.00339EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 11:0 p.m.7 views

Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Summary Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward slashes / for special schemes, a payload such as /\evil.com/path slips through isrelativeurl, is emitted unchanged in t...

5.1CVSS5.6AI score0.00339EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/08 8:13 p.m.31 views

CVE-2026-39844

CVE-2026-39844 affects NiceGUI prior to 3.10.0, where upload file names are sanitized using PurePosixPath(filename).name. On Windows, backslashes are not treated as path separators by PurePosixPath, allowing attackers to bypass sanitization with backslash-filled filenames. If applications constru...

7.5CVSS6AI score0.00371EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 8:13 p.m.2 views

CVE-2026-39844 NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath Sanitization

NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes \ in the upload filename. Applications that construct file paths using file.name a pattern...

5.9CVSS6AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 1:46 p.m.3 views

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00255EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/26 1:46 p.m.6 views

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00255EPSS
Exploits0References3
Rows per page
Query Builder