515 matches found
CVE-2024-34712
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...
EUVD-2025-205611
Nest has a Fastify URL Encoding Middleware Bypass TOCTOU...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview @nestjs/platform-fastify is a Nest - modern, fast, powerful node.js web framework @platform-fastify Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the URL encoding middleware, allowing it to be bypassed in certain configurations. An...
CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)
Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...
CVE-2025-69211
CVE-2025-69211 affects Nest.js applications using the Fastify platform integration before version 11.1.11. The issue is a bypass in the Fastify URL encoding middleware that can skip security checks implemented via NestMiddleware (via MiddlewareConsumer) or app.use(), particularly when middleware ...
nest 安全漏洞
nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A security vulnerability exists in versions of nest prior to 11.1.11, which stems from a bypass in the Fastify URL encoding middleware tha...
PT-2025-53755
Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.11 Description Nest is a framework used for building scalable Node.js server-side applications. A flaw exists where the Fastify URL encoding middleware can be bypassed. This impacts applications utilizing...
cl-cybersec-pysxss
XSS WAF Lab – Payload Generator This project studies how Web...
Qnap QTS and QuTS hero Improper Handling of URL Encoding (CVE-2024-48866)
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
Astro 安全漏洞
Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions 5.15.7 and below, which stems from a double URL encoding bypass that could allow an unauthenticated attacker to access protected routes...
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Authentication Bypass via Double URL Encoding in Astro Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- Summary A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. Whi...
body-parser is vulnerable to denial of service when url encoding is used
Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...
BIT-GITLAB-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...
CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...
CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...
CLSA-2025-1762867600 git-lfs: Fix of CVE-2024-53263
CVE-2024-53263: fix issue where Git LFS could expose user credentials via URL- encoded control characters in host's URL...
Cross-site Scripting
dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...
EUVD-2020-19371
Malware in sbrugna...
EUVD-2019-4115
Malware in sbrugna...
EUVD-2006-5018
Malware in sbrugna...