Lucene search
K

29 matches found

Vulnrichment
Vulnrichment
added 2026/05/11 7:26 p.m.8 views

CVE-2026-42882 oxyno-zeta/s3-proxy: Security Issues in Resource Path Matching

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 6:52 p.m.4 views

GHSA-RFGQ-WGG8-662P S3-Proxy has Security Issues in its Resource Path Matching Implementation

Background The original concern is functional: a resource pattern should treat a percent-encoded segment like some%2Fvalue as a single opaque token rather than splitting it into two path segments at the decoded /. Investigation into why %2F was being decoded and how routes matched against the...

9.4CVSS5.5AI score0.00554EPSS
Exploits0References5
OSV
OSV
added 2026/05/04 1:12 p.m.4 views

JLSEC-2026-425 URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file...

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/25 11:29 p.m.8 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via inconsistent handling of URL-encoded slashes in the path processing. An attacker can gain unauthorized access or escalate privileges by crafting requests with lowercase percent-encoded slashes that bypass...

10CVSS5.8AI score0.00396EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/25 11:29 p.m.4 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via inconsistent handling of URL-encoded slashes in the path processing. An attacker can gain unauthorized access or escalate privileges by crafting requests with lowercase percent-encoded slashes that bypass...

10CVSS5.8AI score0.00396EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/25 10:58 a.m.5 views

CVE-2025-11563

A flaw was found in wcurl. This vulnerability allows a remote attacker to manipulate the location where output files are saved. By crafting a malicious URL with percent-encoded slashes, the attacker can trick the wcurl command-line tool into writing files outside of the intended directory. This...

6.5CVSS5.6AI score0.00302EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/25 9:30 a.m.7 views

EUVD-2025-208109

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.4AI score0.00302EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/25 9:17 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of URLs containing percent-encoded slashes in the UNSAFEPERCENTENCODE parameter in wcurl wrapper. An attacker can cause files to be saved outside of the intended directory by supplying specially...

6.5CVSS6.5AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 8:16 a.m.3 views

CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2026/02/25 8:16 a.m.10 views

CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS0.00302EPSS
Exploits0References4
OSV
OSV
added 2026/02/25 8:16 a.m.2 views

UBUNTU-CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/02/25 7:20 a.m.5 views

CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.2AI score0.00302EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/25 7:20 a.m.26 views

CVE-2025-11563 wcurl path traversal with percent-encoded slashes

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/25 7:20 a.m.7 views

CVE-2025-11563 wcurl path traversal with percent-encoded slashes

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

5.4AI score0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 7:20 a.m.7 views

CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.3AI score0.00302EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/25 7:20 a.m.37 views

CVE-2025-11563

CVE-2025-11563 describes a wcurl path-traversal issue where URLs with percent-encoded slashes can cause output to be saved outside the intended directory. The connected advisories (Ubuntu USN-8062-1, Amazon Linux ALAS2025-3088/ALAS2023-2025-1317, and related Nessus/NVD/NVL entries) corroborate th...

4.6CVSS5.2AI score0.00302EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/09 4:41 p.m.5 views

SUSE-SU-2025:21206-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2025/12/09 7:19 a.m.2 views

SUSE-SU-2025:21198-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References3
Amazon
Amazon
added 2025/12/08 12:0 a.m.9 views

Medium: curl

Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Note: This advisory is...

4.6CVSS6.7AI score0.00302EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.5 views

Amazon Linux 2 : curl, --advisory ALAS2-2025-3088 (ALAS-2025-3088)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3088 advisory. wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the outpu...

4.6CVSS6AI score0.00302EPSS
Exploits0References4
Rows per page
Query Builder