GHSA-35HP-HQMV-8QG8 Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

EUVD-2026-25618

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

EUVD-2025-209573

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...

CVE-2026-41145

MinIO contains an authentication bypass in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path, affecting releases prior to RELEASE.2026-04-11T03-20-12Z. An attacker with a valid access key (including default minioadmin or any key with WRITE on a bucket) can write objects to any bucket without a val...

CVE-2026-41062

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

EUVD-2026-24541

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

CVE-2026-41062

Summary: WWBN AVideo

CVE-2026-41062

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

CVE-2026-40878

CVE-2026-40878 affects mailcow: dockerized prior to 2026-03b. The web interface passes raw $_SERVER['REQUEST_URI'] to Twig as a global variable and renders it inside a JavaScript string in setLang(), relying on Twig’s HTML escaping rather than JS escaping. Additionally, the query_string() Twig he...

WWBN AVideo 路径遍历漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a path traversal vulnerability. This vulnerability stemmed from the directory traversal fix in objects/aVideoEncoderReceiveImage.json.php, which only checked the U...

PT-2026-34207

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description A directory traversal flaw exists where a security check in 'objects/aVideoEncoderReceiveImage.json.php' only validates the URL path component for traversal sequences. However, the try get...

GHSA-8783-3WGF-JGGF Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...