6406 matches found
CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
CVE-2026-28807
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
CVE-2026-28807
CVE-2026-28807 affects gleam-wisp wisp; path traversal in wisp.serve_static occurs because sanitization runs before percent-decoding, allowing %2e%2e to decode to .. and read any file the process can access. Affected versions are 2.1.1 <= wisp
CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
EEF-CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...
SUSE-SU-2026:0859-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...
CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...
PT-2026-24472
Name of the Vulnerable Software and Affected Versions gleam-wisp wisp versions 2.1.1 through 2.2.0 Description A path traversal issue exists in gleam-wisp wisp that allows arbitrary file reading through percent-encoded path traversal. The wisp.serve static function is susceptible because...
MCP-In-SoS: Risk Assessment Framework for Open-Source MCP Servers
Model Context Protocol MCP servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model LLM agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks become...
Wisp 安全漏洞
Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 2.1.1 to 2.2.1 contained security vulnerabilities. These vulnerabilities were caused by a path traversal vulnerability in the wisp.servestatic function,...
CVE-2026-3809 Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow
A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...
CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...
SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction
Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...
CVE-2026-29087
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...
Directory Traversal
Overview std/os is a Go standard library package std/os Affected versions of this package are vulnerable to Directory Traversal. Go Vulnerability Report:On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file...
CVE-2026-29087
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...
CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...
CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...
CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...