Lucene search
K

6406 matches found

Cvelist
Cvelist
added 2026/03/10 9:34 p.m.29 views

CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS0.01056EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:34 p.m.3 views

CVE-2026-28807

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/10 9:34 p.m.14 views

CVE-2026-28807

CVE-2026-28807 affects gleam-wisp wisp; path traversal in wisp.serve_static occurs because sanitization runs before percent-decoding, allowing %2e%2e to decode to .. and read any file the process can access. Affected versions are 2.1.1 <= wisp

8.7CVSS5.9AI score0.01056EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 9:34 p.m.4 views

CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References4
OSV
OSV
added 2026/03/10 9:34 p.m.7 views

EEF-CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/03/10 4:5 p.m.5 views

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...

8.7CVSS7.1AI score0.00487EPSS
Exploits0References30
OSV
OSV
added 2026/03/10 4:5 p.m.6 views

SUSE-SU-2026:0859-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...

8.7CVSS7.1AI score0.00487EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/03/10 8:9 a.m.3 views

CVE-2026-3809

A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS8AI score0.00619EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24472

Name of the Vulnerable Software and Affected Versions gleam-wisp wisp versions 2.1.1 through 2.2.0 Description A path traversal issue exists in gleam-wisp wisp that allows arbitrary file reading through percent-encoded path traversal. The wisp.serve static function is susceptible because...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References12
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.14 views

MCP-In-SoS: Risk Assessment Framework for Open-Source MCP Servers

Model Context Protocol MCP servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model LLM agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks become...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

Wisp 安全漏洞

Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 2.1.1 to 2.2.1 contained security vulnerabilities. These vulnerabilities were caused by a path traversal vulnerability in the wisp.servestatic function,...

8.7CVSS7.4AI score0.01056EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/09 7:32 a.m.3 views

CVE-2026-3809 Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow

A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS6.4AI score0.00619EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/09 7:32 a.m.4 views

CVE-2026-3809

A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS8AI score0.00619EPSS
Exploits1References5Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.3 views

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.4 views

CVE-2026-29087

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS5.7AI score0.00327EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/06 9:3 p.m.3 views

Directory Traversal

Overview std/os is a Go standard library package std/os Affected versions of this package are vulnerable to Directory Traversal. Go Vulnerability Report:On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file...

4.8CVSS6.2AI score0.00201EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 6:16 p.m.8 views

CVE-2026-29087

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS0.00327EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 5:3 p.m.2 views

CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS5.6AI score0.00327EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/06 5:3 p.m.31 views

CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 5:3 p.m.3 views

CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS5.7AI score0.00327EPSS
Exploits0References2
Rows per page
Query Builder