8220 matches found
CVE-2026-22037
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...
CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...
CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...
CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...
CVE-2026-22031
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...
CVE-2026-22031 Fastify Middie Middleware Path Bypass
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...
CVE-2026-22031
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...
CVE-2026-22031
CVE-2026-22031 affects the Fastify middleware plugin @fastify/middie (prior to 9.1.0). A vulnerability allows bypassing a middleware registered with a path prefix by using URL-encoded paths (e.g., /%61dmin). The middie engine uses path-to-regexp for matching; the regex is applied to the undecoded...
CVE-2026-22031 Fastify Middie Middleware Path Bypass
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...
CVE-2026-22031 Fastify Middie Middleware Path Bypass
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...
PT-2026-3452
Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.3 Description A security issue exists in the @fastify/express plugin, which provides Express compatibility for Fastify. The problem occurs when middleware is registered with a specific path prefix...
PT-2026-3448
Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.1.0 Description A security issue exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters. For example, using /%61dmin instead of /admin...
OpenStack Keystone Middleware security vulnerabilities
OpenStack Keystone Middleware is a core certification component of the OpenStack open-source project. Vulnerabilities exist in versions prior to 10.7.2, 10.9.1, and 10.12.1 of OpenStack Keystone Middleware. These vulnerabilities stem from uncleaned authentication headers, which may lead to...
PT-2026-3495
Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.7.66 Description MyTube is a self-hosted downloader and player for several video websites. A flaw allows unauthenticated users to bypass the authentication check in the roleBasedAuthMiddleware. By not providing an...
@fastify/express security vulnerability
@fastify/express is a compatibility plugin developed by Fastify. Versions of @fastify/express prior to 4.0.3 contained security vulnerabilities. These vulnerabilities were caused by improper path prefix matching, which could allow middleware to bypass security checks...
CVE-2026-23634
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...
ai_bouncer
AiBouncer AI-powered HTTP request classification for Ruby on...
CVE-2026-23634
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...
CVE-2026-23634
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...
CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...