Lucene search
K

1012 matches found

Cvelist
Cvelist
added 2026/04/08 2:41 p.m.20 views

CVE-2026-39407 Hono has a middleware bypass via repeated slashes in serveStatic

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for...

5.3CVSS0.00459EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 2:34 p.m.4 views

CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References1
OSV
OSV
added 2026/04/08 12:16 a.m.4 views

GHSA-WMMM-F939-6G9C Hono: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.7AI score0.00459EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 12:16 a.m.1 views

GHSA-92PP-H63X-V22M @hono/node-server: Middleware bypass via repeated slashes in serveStatic

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.8AI score0.00376EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 12:7 a.m.4 views

GHSA-5G3J-89FR-R2VP skilleton has improper input handling in repository/path processing

Summary skilleton versions prior to 0.3.1 include security-related weaknesses in repository normalization and path handling logic. Version 0.3.1 contains fixes and additional test coverage for these issues. Affected Versions =0.3.1 Impact In affected versions, crafted input could trigger unsafe o...

6.9CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31666

Name of the Vulnerable Software and Affected Versions: basic-ftp versions 5.2.0 Description: basic-ftp is an FTP client for Node.js. Versions prior to 5.2.1 are susceptible to FTP command injection due to improper handling of CRLF sequences r within file path parameters used in high-level path AP...

9CVSS5.3AI score0.02185EPSS
Exploits1References15
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:9 p.m.2 views

CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.11 views

Technostrobe HI-LED-WR120-G2 安全漏洞

Technostrobe HI-LED-WR120-G2 is a high-brightness industrial strobe lighting device from the Canadian company Technostrobe. Version 5.5.0.1R6.03.30 of Technostrobe HI-LED-WR120-G2 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters “dir” and “path” in...

9.1CVSS6.5AI score0.00544EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/04 12:0 a.m.3 views

CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the...

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect path not releasing the skb objects properly, potentially leading to memory leaks or...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/01 3:31 p.m.4 views

EUVD-2026-17877

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

8.7CVSS6.5AI score0.00608EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 9:48 a.m.8 views

USN-8136-1 dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

8.2CVSS6AI score0.0079EPSS
Exploits7References12
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : kea (SUSE-SU-2026:1091-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1091-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local...

7.8CVSS6AI score0.00233EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/27 7:40 p.m.30 views

CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

5.4CVSS0.00202EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 5:48 p.m.2 views

SUSE-SU-2026:1091-1 Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Fixed insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Fixed...

7.8CVSS5.9AI score0.00233EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.6 views

CVE-2025-43534

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock...

6.8CVSS5.8AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-20688

A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to break out of its sandbox...

9.3CVSS5.8AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-28816

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...

4CVSS5.8AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-28827

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox...

9.3CVSS5.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-28823

A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files...

4.9CVSS5.8AI score0.00294EPSS
Exploits0References1
Rows per page
Query Builder