Lucene search
K

96 matches found

CNNVD
CNNVD
added 2025/12/05 12:0 a.m.7 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...

7.5CVSS6.4AI score0.00784EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2025:4300-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4300-1 advisory. - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Tenable has extracted the precedin...

4.6CVSS6AI score0.00302EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/11/28 3:40 p.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

6.5CVSS7AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2025/11/28 3:40 p.m.4 views

SUSE-SU-2025:4309-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...

4.6CVSS6.5AI score0.00302EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/11/28 12:58 p.m.4 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

6.5CVSS7AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2025/11/28 12:57 p.m.2 views

SUSE-SU-2025:4300-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...

4.6CVSS6.7AI score0.00302EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/26 12:0 a.m.4 views

SUSE SLED15: curl / libcurl-devel / libcurl-devel-32bit / libcurl4 / etc (SUSE-SU-2025:4236-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4236-1 advisory. - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Tenable has extracte...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2025/11/24 7:54 a.m.1 views

SUSE-SU-2025:4180-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...

4.6CVSS6.9AI score0.00302EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Server-Side Request Forgery (SSRF) (CVE-2022-27780)

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS6.7AI score0.02187EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2025-47036

Name of the Vulnerable Software and Affected Versions curl versions prior to 8.17.0 Description The software is susceptible to a path traversal issue when handling URLs with percent-encoded slashes. This could allow an attacker to access files outside the intended directory. Recommendations Updat...

7.5CVSS6.5AI score0.01301EPSS
Exploits5References38
RedHat Linux
RedHat Linux
added 2018/03/12 4:37 p.m.3 views

undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser

It was found that the AJP connector in undertow does not use the ALLOWENCODEDSLASH option and thus allows the slash and anti-slash characters encoded in a URL. This may lead to path traversal and result in the information disclosure of arbitrary local files...

7.5CVSS5.8AI score0.0159EPSS
Exploits0References4
OSV
OSV
added 2018/01/24 11:29 p.m.4 views

DEBIAN-CVE-2018-1048

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...

7.5CVSS6.3AI score0.0159EPSS
Exploits0References1
Mozilla
Mozilla
added 2008/09/23 12:0 a.m.37 views

resource: traversal vulnerabilities — Mozilla

Mozilla developer Boris Zbarsky reported that the resource: protocol allowed directory traversal on Linux when using URL-encoded slashes...

7.8CVSS3.4AI score0.04438EPSS
Exploits2References3Affected Software3
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.20 views

CVE-2004-1939

Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...

5.7AI score0.01739EPSS
Exploits0References5
CVE
CVE
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1939

CVE-2004-1939 affects Zaep AntiSpam 2.0. The vulnerability is a cross-site scripting (XSS) flaw in the key parameter, exploitable via double-encoded slashes (%252F). The NVD metrics show a base score of 4.3 (medium) with network attack vector, no confidentiality impact, partial integrity impact, ...

4.3CVSS6AI score0.01739EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2004/04/14 4:0 a.m.18 views

CVE-2004-1939

Cross-site scripting XSS vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes %252F in the key parameter...

4.3CVSS5.7AI score0.01739EPSS
Exploits0References5
Rows per page
Query Builder