21 matches found
CVE-2026-6994
A flaw was found in Envoy. A remote attacker could exploit a weakness in the Query Parameter Handler component, specifically within the params.add function. This vulnerability allows for injection, which may lead to limited impacts on the confidentiality, integrity, and availability of the affect...
CVE-2026-7059
A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function getsimulationposts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...
CVE-2026-7059
The CVE-2026-7059 entry concerns 666ghj MiroFish (affected up to version 0.1.2). The vulnerability lies in the get_simulation_posts function of backend/app/api/simulation.py within the Query Parameter Handler. An attacker can achieve path traversal by manipulating the Platform argument. The issue...
CVE-2026-6994
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
EUVD-2026-25670
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
PT-2026-35167
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header mutation/header mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patc...
EUVD-2026-7457
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...
Horilla 输入验证错误漏洞
Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla 1.0.2 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the parameter prevurl in the Query Parameter Handler...
PT-2026-21595
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla generics/global search.py of the component Query Parameter Handler. The manipulation of the argument prev url results in open redirect. The attack can be executed...
CVE-2025-11433
A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...
CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting
A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...
PT-2025-41225
Name of the Vulnerable Software and Affected Versions itsourcecode Leave Management System version 1.0 Description A security flaw exists in itsourcecode Leave Management System 1.0. The issue impacts the redirect function within the /module/employee/controller.php?action=reset file, specifically...
The vulnerability of the Query Parameter Handler component in the IBM TXSeries for Multiplatforms transaction management software solutions, including the IBM CICS TX Standard and IBM CICS TX Advanced application servers, allows a malicious individual to gain unauthorized access to confidential information.
The vulnerability of the Query Parameter Handler component in the IBM TXSeries transaction application management software for multiplatforms, as well as in the IBM CICS TX Standard and IBM CICS TX Advanced application servers, is related to the use of an unprotected communication channel for dat...
CVE-2021-4247
A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the...
CVE-2021-4247
A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the...
Design/Logic Flaw
A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the...
CVE-2021-4247 OWASP NodeGoat Query Parameter research.js denial of service
A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the...
PT-2022-11599 · Owasp · Owasp Nodegoat
Name of the Vulnerable Software and Affected Versions: OWASP NodeGoat affected versions not specified Description: A problematic issue has been found in the Query Parameter Handler component, specifically affecting the file app/routes/research.js. This issue leads to denial of service and can be...