Lucene search
K

38 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 8:29 a.m.7 views

CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...

8.2CVSS6AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 8:29 a.m.38 views

CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...

8.2CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 8:29 a.m.12 views

CVE-2026-14336

The connected documents confirm CVE-2026-14336 affects PIA’s OIDC issuer allowlist for Jenkins tokens. The issue is a faulty host-bounded URL validation: issuer.startswith(' https://ci.eclipse.org ') is used in is_issuer_known (pia/models.py:139) instead of properly validating the issuer as a hos...

8.2CVSS6AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-54948

Name of the Vulnerable Software and Affected Versions PIA affected versions not specified Description The OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check instead of validating the issuer as a properly host-bounded URL. This allows an attacker to bypass the check using a...

8.2CVSS6.1AI score0.00321EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-41732

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...

8.1CVSS5.4AI score0.00347EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.13 views

EUVD-2026-35909

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...

8.1CVSS5.5AI score0.00347EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 10:53 a.m.8 views

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS5.4AI score0.00356EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS5.4AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 9:16 p.m.13 views

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45061

Name of the Vulnerable Software and Affected Versions PraisonAI Platform affected versions not specified Description The server contains multiple authorization flaws. First, a cross-tenant Insecure Direct Object Reference IDOR exists because the require workspace member dependency only validates...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References7
NVD
NVD
added 2026/05/11 8:25 p.m.12 views

CVE-2026-42885

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-39303

Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.9 Description The system test entrypoint canonicalizes a user-controlled file path using File.realpath and verifies if the resolved path starts with the temporary directory path. This containment check...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/21 7:34 p.m.4 views

CVE-2026-40876 SFTP root escape via prefix-based path validation in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

8.7CVSS5.8AI score0.00439EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:36 p.m.2 views

CVE-2026-40256

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...

5CVSS5.8AI score0.00324EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/14 11:27 p.m.5 views

GHSA-PQ8P-WC4F-VG7J WWBN AVideo has an incomplete fix for CVE-2026-33502: Command Injection

Summary The incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit...

9.3CVSS6.7AI score0.00442EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.5 views

SUSE CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 12:36 p.m.2 views

CVE-2026-34785

A flaw was found in Rack. The Rack::Static component, which serves static files for web applications, uses a simple string prefix check to determine if a request should be served as a static file. This can lead to unintended information disclosure, as files with names that merely share a configur...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29812

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Static uses a simple string prefix check to determine if a request should be served as a static file. When configured with URL prefixes like "/css", it matches any request path...

7.8CVSS5.9AI score0.00387EPSS
Exploits0References54
Cvelist
Cvelist
added 2026/03/31 5:1 p.m.28 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS0.00272EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/31 5:1 p.m.1 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References2
Rows per page
Query Builder