Lucene search
K

5 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-54281

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass vulnerability exists in @nestjs/platform-fastify. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated clien...

8.7CVSS0.00285EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/15 8:36 p.m.8 views

Incorrect Authorization

Overview @nestjs/platform-fastify is a Nest - modern, fast, powerful node.js web framework @platform-fastify Affected versions of this package are vulnerable to Incorrect Authorization via the MiddlewareConsumer.forRoutes API on the Fastify adapter. An attacker can gain unauthorized access to...

8.7CVSS5.9AI score0.00285EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:36 p.m.8 views

Nest: Middleware Bypass on Fastify via Trailing Slash

Impact An authentication bypass vulnerability exists in @nestjs/platform-fastify confirmed on version 11.1.24, the latest available release at time of report. When middleware is registered through NestJS's MiddlewareConsumer.forRoutes API on the Fastify adapter, an unauthenticated client can bypa...

8.7CVSS5.3AI score0.00285EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 12:8 p.m.2 views

CVE-2026-2742 Unauthorized session creation via reserved framework path access

An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...

5.3CVSS5.8AI score0.00391EPSS
Exploits0References7
OSV
OSV
added 2007/07/24 12:30 a.m.1 views

DEBIAN-CVE-2007-3949

modaccess.c in lighttpd 1.4.15 ignores trailing / slash characters in the URL, which allows remote attackers to bypass url.access-deny settings...

8.3CVSS7AI score0.03299EPSS
Exploits0References1
Rows per page
Query Builder