Lucene search
K

15098 matches found

Cvelist
Cvelist
added 2026/05/05 12:40 p.m.39 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS0.00251EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/05 12:40 p.m.5 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References3
CVE
CVE
added 2026/05/05 12:40 p.m.36 views

CVE-2026-30246

Summary: CVE-2026-30246 affects the Go web framework Fiber (github.com/gofiber/fiber/v3) middleware/cache. The default KeyGenerator uses only the request path, omitting the query string, so requests with different query parameters can map to the same cache key, causing cross-request data mix-ups ...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.34 views

CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

7.7CVSS0.00259EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/05 7:56 a.m.5 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 3:47 a.m.10 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 3:47 a.m.5 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/05 3:12 a.m.19 views

CVE-2026-39852

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 12:18 a.m.11 views

EUVD-2026-25590

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams...

3.7CVSS5.8AI score0.00217EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 12:18 a.m.2 views

GHSA-XHJH-PMCV-23JW Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

3.7CVSS5.9AI score0.00217EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/05 12:18 a.m.15 views

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...

3.7CVSS5.9AI score0.00217EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.7 to 2026.4.10 contains security vulnerabilities. These vulnerabilities stem from the lack of standardization of Discord event cover image parameters during sandbox media...

7.7CVSS5.8AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37294

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.1 Description An issue exists where the 'plugin/Meet/iframe.php' endpoint echoes the user and pass query parameters unescaped into a JavaScript double-quoted string literal within a block. This allows an attacker to...

6.1CVSS6.1AI score0.00225EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Fiber 安全漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber 3.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the default key generator used in the caching middleware, which only uses the request path without including the query string. As a result,...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.8 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/04 7:17 p.m.7 views

EUVD-2026-27125

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

9.3CVSS5.9AI score0.01235EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 7:17 p.m.22 views

CVE-2026-41926

CVE-2026-41926 affects the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The firewall.cgi binary exposes an OS command injection across five request handlers due to insufficient input validation. Attacks can inject arbitrary shell commands through parameters including websURLFilter, web...

9.3CVSS5.9AI score0.01235EPSS
Exploits0References3
NVD
NVD
added 2026/05/04 7:16 p.m.11 views

CVE-2026-42226

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.5CVSS0.0026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 7:12 p.m.5 views

CVE-2026-41924

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

9.3CVSS6.1AI score0.02707EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/04 7:4 p.m.9 views

CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

9.3CVSS6.6AI score0.04983EPSS
Exploits0References3
Rows per page
Query Builder