Improper Handling of Length Parameter Inconsistency

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

UBUNTU-CVE-2026-34591

Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. It is reachable from untrusted package...

CVE-2026-34786

Vulnerability summary: CVE-2026-34786 affects Rack’s static file serving. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules compares header_rules against the raw URL-encoded PATH_INFO while the file path is decoded for serving. This can allow a URL-encoded path variant to...

CVE-2026-34831 Rack: Content-Length mismatch in Rack::Files error responses

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

keycloak: Keycloak: Information disclosure due to redirect_uri validation bypass

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

CVE-2026-3872

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

CVE-2026-3872

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

CVE-2026-3775

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...

CVE-2026-3780

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

PT-2026-29819

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack’s Rack::Filesfail function incorrectly calculates the Content-Length response header using Stringsize instead of Stringbytesize. This occurs when the response body contains...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by the Rack open-source project. Versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6 contained security vulnerabilities. These vulnerabilities stemmed from Rack::Directory allowing the root path of configuration settings to be directly inserte...

GHSA-F23M-R3PF-42RH lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...

lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...

Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Summary Copier's externaldata feature allows a template to load YAML files using template-controlled paths. The documentation describes these values as relative paths from the subproject destination, so relative paths themselves appear to be part of the intended feature model. However, the curren...

GHSA-HGJQ-P8CR-GG4H Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Summary Copier's externaldata feature allows a template to load YAML files using template-controlled paths. The documentation describes these values as relative paths from the subproject destination, so relative paths themselves appear to be part of the intended feature model. However, the curren...

EUVD-2026-18039

AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows...

EUVD-2026-17915

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

CVE-2026-34510

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

CVE-2026-34510 OpenClaw < 2026.3.22 - Remote File URL Acceptance in Windows Media Loaders

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

CVE-2026-0522

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...