153 matches found
CVE-2026-29519
Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...
CVE-2026-29519
CVE-2026-29519 affects Lucee CFML Server across 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. It describes a reflected cross-site scripting vulnerability in URL path parsing, where unauthenticated remote attackers can cause arbitrary JavaScript to execute in a victim’s browser by embedding payloa...
EUVD-2026-42906
Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...
CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing
Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...
PT-2026-57164
Name of the Vulnerable Software and Affected Versions Lucee CFML Server versions 5.3.x Lucee CFML Server versions 6.1.x Lucee CFML Server versions 6.2.x Lucee CFML Server versions 7.0.x Description Reflected cross-site scripting occurs during URL path parsing, allowing unauthenticated remote...
CVE-2026-54573 Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy
Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...
CVE-2026-54573
CVE-2026-54573 affects Outline (a collaborative documentation service). Before version 1.8.0, AuthenticationHelper.canAccess uses ctx.originalUrl and extracts the target resource by splitting on “/” and taking the last segment, but does not strip the URL fragment (#). Since Koa’s router uses ctx....
CVE-2025-24268
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...
CVE-2025-24268
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...
CVE-2026-44749
The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...
PT-2026-44724
Name of the Vulnerable Software and Affected Versions python311-dulwich versions prior to 1.2.5-1.1 Description Security issues were identified in the python311-dulwich package. Recommendations Update to version 1.2.5-1.1...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...
CVE-2026-28915
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges...
CVE-2026-28915
A parsing issue in the handling of directory paths was fixed by improved path validation in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. The flaw could allow an app to gain root privileges. The CVE is tied to CVE-2026-28915 and is addressed by the listed OS updates; no additio...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...
CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...
CVE-2026-6862
CVE-2026-6862: A flaw in libefiboot (part of efivar) affects the device path node parser, which does not validate that each node’s Length is at least 4 bytes (EFI node header minimum). A crafted device path node could trigger infinite recursion, stack exhaustion, and a DoS via a process crash. Do...
PT-2026-34450
A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...
EUVD-2026-18436
A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...