Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 6 days ago3 views

PT-2026-44416

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description In the app.mount function, the mount prefix is stripped from the incoming request path using the raw URL pathname, whereas route matching is conducted against the percent-decoded path. This...

5.3CVSS5.8AI score0.00051EPSS
Exploits0References3
NVD
NVDadded 2026/04/15 10:16 a.m.1 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS0.00037EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/15 9:52 a.m.1 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS5.8AI score0.00037EPSS
Exploits1References3
F5 Networks
F5 Networksadded 2025/10/01 6:27 p.m.5 views

K000156757: Curl vulnerability CVE-2025-9086

Security Advisory Description 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path...

7.5CVSS6.5AI score0.00102EPSS
Exploits1
OSV
OSVadded 2025/10/01 5:15 p.m.1 views

UBUNTU-CVE-2025-11233

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...

6.3CVSS5.8AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/08/05 12:0 a.m.3 views

RatPanel 安全漏洞

RatPanel RatPanel is an open source server operations management panel from TreeNewBee. A security vulnerability exists in RatPanel versions 2.3.19 through 2.5.5, which stems from the CleanPath middleware's failure to handle r.URL.Path, which could lead to remote code execution and unauthorized...

7.7CVSS7.6AI score0.02299EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/01/09 12:0 a.m.2 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment open-sourced by Node.js. Node.js suffers from a security vulnerability that stems from the permissions model's assumption that any path beginning with two backslashes has an ignorable four-character prefix, a subtle error th...

3.6CVSS6.2AI score0.00066EPSS
Exploits0References4
Rows per page
Query Builder