Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

641 matches found

Cvelist
Cvelistadded 2025/12/29 4:1 p.m.27 views

CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

9.1CVSS0.00355EPSS
Exploits1References2
CNNVD
CNNVDadded 2025/12/29 12:0 a.m.5 views

nest 安全漏洞

nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A security vulnerability exists in versions of nest prior to 11.1.11, which stems from a bypass in the Fastify URL encoding middleware tha...

9.1CVSS5.8AI score0.00355EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/12/29 12:0 a.m.5 views

PT-2025-53755

Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.11 Description Nest is a framework used for building scalable Node.js server-side applications. A flaw exists where the Fastify URL encoding middleware can be bypassed. This impacts applications utilizing...

9.1CVSS6.4AI score0.00355EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/12/11 11:4 p.m.4 views

CVE-2025-66415

A flaw was found in fastify-reply-from. This vulnerability allows an attacker to bypass intended route restrictions and gain unauthorized access to specific application routes, potentially exposing sensitive information or functionality, via crafting a malicious Uniform Resource Locator URL...

6.9CVSS6.1AI score0.00147EPSS
Exploits0References5
Snyk
Snykadded 2025/12/02 12:38 a.m.1 views

Directory Traversal

Overview @fastify/reply-from is a forward your HTTP request to another server, for fastify Affected versions of this package are vulnerable to Directory Traversal via the reply.from function. An attacker can access unauthorized routes by crafting a malicious URL containing encoded directory...

6.9CVSS7.4AI score0.00147EPSS
Exploits0References3
OSV
OSVadded 2025/12/02 12:38 a.m.5 views

GHSA-2Q7R-29RG-6M5H fastify-reply-from affected by bypass of reply forwarding

Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...

6.9CVSS6.7AI score0.00147EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/12/02 12:38 a.m.5 views

fastify-reply-from affected by bypass of reply forwarding

Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...

6.9CVSS6.8AI score0.00147EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/12/02 12:38 a.m.4 views

EUVD-2025-200117

fastify-reply-from affected by bypass of reply forwarding...

6.9CVSS6.4AI score0.00147EPSS
Exploits0References3
NVD
NVDadded 2025/12/01 11:15 p.m.3 views

CVE-2025-66415

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

6.9CVSS0.00147EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/01 10:39 p.m.4 views

CVE-2025-66415 fastify-reply-from bypass of reply forwarding

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

6.9CVSS0.00147EPSS
Exploits0References2
CVE
CVEadded 2025/12/01 10:39 p.m.10 views

CVE-2025-66415

CVE-2025-66415 affects the Fastify plugin @fastify/reply-from . Affected versions allow bypassing route restrictions by crafting a malicious URL, enabling access to routes that should be disallowed when using reply.from. The vulnerability is described across multiple sources as a bypass of reply ...

6.9CVSS6.4AI score0.00147EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/12/01 10:39 p.m.3 views

CVE-2025-66415 fastify-reply-from bypass of reply forwarding

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

6.9CVSS6.1AI score0.00147EPSS
Exploits0References2
OSV
OSVadded 2025/12/01 10:39 p.m.3 views

CVE-2025-66415 fastify-reply-from bypass of reply forwarding

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is...

6.9CVSS6.7AI score0.00147EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/12/01 12:0 a.m.6 views

PT-2025-48579

Name of the Vulnerable Software and Affected Versions fastify-reply-from versions prior to 12.5.0 Description fastify-reply-from is a Fastify plugin used to forward HTTP requests to another server. Versions of the plugin prior to 12.5.0 contain a flaw where a malicious URL can be crafted to allow...

6.9CVSS5.4AI score0.00147EPSS
Exploits0References8
CNNVD
CNNVDadded 2025/12/01 12:0 a.m.5 views

Fastify 安全漏洞

Fastify is a web framework from Fastify open source. A security vulnerability exists in Fastify that originates from an attacker being able to construct malicious URLs to access unauthorized routes, potentially leading to over-the-top access...

6.9CVSS6.4AI score0.00147EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2020-0654

Malware in sbrugna...

6.5CVSS6.4AI score0.01157EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.6 views

EUVD-2021-0642

Malware in sbrugna...

10CVSS9.3AI score0.01924EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-0698

Malware in sbrugna...

10CVSS8.9AI score0.01821EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2021-0487

Malware in sbrugna...

8.8CVSS8.7AI score0.0098EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2021-2236

Malware in sbrugna...

8.8CVSS8.6AI score0.00988EPSS
Exploits1References6
Rows per page
Query Builder