Lucene search
+L

130 matches found

CVE
CVE
added last week14 views

CVE-2026-59221

Open WebUI before 0.10.0 is affected by a path traversal guard bypass in sanitize_proxy_path (backend/open_webui/routers/terminals.py). The function decodes proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal to bypass normalization and be decoded by the upstream ter...

7.7CVSS5.9AI score0.00362EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/07/01 11:42 a.m.22 views

CVE-2026-14181

CVE-2026-14181 affects @fastify/middie versions 9.1.0 through 9.3.2, where the URL normalization step in the standalone engine fails to sanitize malformed percent‑encoded sequences. Inputs such as incomplete escapes or truncated multibyte sequences cause the underlying decoder to throw synchronou...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 11:42 a.m.8 views

EUVD-2026-40947

@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths contain malformed percent-encoded sequences. Inputs such as an incomplete percent escape or a truncated multibyte sequence cause the underlying decoder t...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 1:16 a.m.4 views

UBUNTU-CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/30 12:14 a.m.37 views

CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS0.0051EPSS
Exploits1References1
CVE
CVE
added 2026/06/30 12:14 a.m.31 views

CVE-2026-12243

NLTK 3.9.4 is documented to be vulnerable to a path traversal attack due to an incomplete fix (GitHub Issue #3504). The root cause is that the _UNSAFE_NO_PROTOCOL_RE regex in nltk/data.py only checks for literal ../ sequences and does not account for percent-encoded traversal such as ..%2f. Even ...

7.5CVSS7.3AI score0.0051EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/23 7:10 p.m.5 views

CVE-2026-48020

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

10CVSS5.8AI score0.00591EPSS
Exploits2References7
OSV
OSV
added 2026/06/23 7:10 p.m.3 views

CVE-2026-48020 Traefik StripPrefix Route-Level Auth Bypass via Path Normalization

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

7.8CVSS5.9AI score0.00591EPSS
Exploits2References9
CVE
CVE
added 2026/06/22 5:25 p.m.64 views

CVE-2026-54293

CVE-2026-54293 affects NLTK’s nltk.data.load() in Python. A TOCTOU-style flaw lets an attacker bypass the unsafe-path regex (UNSAFE_NO_PROTOCOL_RE) by using URL-encoded path separators (e.g., %2f, %2e%2e) and then decoding, enabling arbitrary local file reads prior to the fix. Affected until vers...

7.5CVSS6AI score0.00378EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/15 5:33 p.m.7 views

GHSA-H5X3-XFC9-M39H Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...

6.9CVSS5.3AI score0.00419EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 1:26 p.m.13 views

GHSA-XF64-8MW2-4GR2 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization

Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...

7.8CVSS5.6AI score0.00591EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48684

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...

7.8CVSS5.3AI score0.00591EPSS
Exploits2References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42272

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent %2f is not recognized...

7.8CVSS5.3AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.15 views

CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 7:32 p.m.39 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS0.00376EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/28 7:32 p.m.10 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 3:26 p.m.2 views

CVE-2026-47676 Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the...

5.3CVSS6AI score0.0026EPSS
Exploits0References3
OSV
OSV
added 2026/05/25 2:0 p.m.11 views

EEF-CVE-2026-47075 CR/LF injection in query parameter in hackney

Summary Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the...

6.8CVSS6.2AI score0.00421EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-44133

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.31 Description The parse function in SymfonyComponentHtmlSanitizerTextSanitizerUrlSanitizer utilized by UrlSanitizer::sanitize and any HtmlSanitizer configuration permitting links or media fails to filter Unicode...

6.9CVSS6.1AI score0.00466EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/05/13 8:26 p.m.33 views

CVE-2026-44373 Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...

5.3CVSS0.00392EPSS
Exploits0References5
Rows per page
Query Builder