DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

CVE-2026-2455

Mattermost Affected Versions: 11.3.x up to 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. Issue: the product fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation, enabling SSRF to internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]). Outco...

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Behavior Order: Authorization Before Parsing and Canonicalization due to the Authorization header...

Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)

Binary data 801018.prm...

CVE-2000-0024

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability...