Lucene search
K

166 matches found

Nuclei
Nuclei
added 6 hours ago9 views

Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

6.9CVSS6.2AI score0.00614EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday4 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00181EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday5 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00181EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday9 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00181EPSS
Exploits0References8
NVD
NVD
added 2 days ago8 views

CVE-2026-61874

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS0.00198EPSS
Exploits0References3
CVE
CVE
added 2 days ago13 views

CVE-2026-61874

CVE-2026-61874 affects filebrowser before 2.63.17. The root cause is improper path normalization in DeleteWithPathPrefix, allowing an authenticated user to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path and then recreate the same directory to...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43234

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-61874 filebrowser before 2.63.17 Stale Public Share via Trailing-Slash Delete

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS0.00198EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago5 views

os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00181EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-39822 Root escape via symlink plus trailing slash in os

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

0.00181EPSS
Exploits0References4
CVE
CVE
added 6 days ago20 views

CVE-2026-39822

CVE-2026-39822 describes a root-escape vulnerability in Unix environments involving os.Root: when opening a path whose final component is a symbolic link and the path ends with a slash, the implementation may follow the symlink to locations outside the designated root. Example: root.Open("symlink...

7.8CVSS6AI score0.00181EPSS
Exploits0References4Affected Software1
OSV
OSV
added last week2 views

GO-2026-4970 Root escape via symlink plus trailing slash in os

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

7.8CVSS6.1AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56478

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description On Unix systems, opening a file in an os.Root improperly follows symbolic links to locations outside of the Root. This occurs when the final path component of a...

7.8CVSS6AI score0.00181EPSS
Exploits0References40
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-54281

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nestjs/platform-fastify. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated clien...

8.7CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 8:48 p.m.19 views

CVE-2026-54281

The CVE concerns NestJS with the Fastify adapter: an authentication bypass exists in @nestjs/platform-fastify before version 11.1.24 when middleware is registered via MiddlewareConsumer.forRoutes(). A trailing slash on the request URL can bypass route-specific Nest middleware on the default Fasti...

8.7CVSS5.9AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:48 p.m.41 views

CVE-2026-54281 Nest: Middleware Bypass on Fastify via Trailing Slash

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nestjs/platform-fastify. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated clien...

8.7CVSS0.00285EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/15 8:36 p.m.8 views

Incorrect Authorization

Overview @nestjs/platform-fastify is a Nest - modern, fast, powerful node.js web framework @platform-fastify Affected versions of this package are vulnerable to Incorrect Authorization via the MiddlewareConsumer.forRoutes API on the Fastify adapter. An attacker can gain unauthorized access to...

8.7CVSS5.9AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:36 p.m.11 views

GHSA-6V32-FJC9-9QF6 Nest: Middleware Bypass on Fastify via Trailing Slash

Impact An authentication bypass vulnerability exists in @nestjs/platform-fastify confirmed on version 11.1.24, the latest available release at time of report. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated client can bypa...

8.7CVSS5.3AI score0.00285EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:36 p.m.9 views

Nest: Middleware Bypass on Fastify via Trailing Slash

Impact An authentication bypass vulnerability exists in @nestjs/platform-fastify confirmed on version 11.1.24, the latest available release at time of report. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated client can bypa...

8.7CVSS5.3AI score0.00285EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.24 views

PT-2026-49595

Name of the Vulnerable Software and Affected Versions @nestjs/platform-fastify versions prior to 11.1.24 Description An authentication bypass exists in the Fastify adapter when middleware is registered through the MiddlewareConsumer.forRoutes API. An unauthenticated client can bypass registered...

8.7CVSS5.4AI score0.00285EPSS
Exploits0References8
Rows per page
Query Builder