2 matches found
CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...
PYSEC-2023-15
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version...