320 matches found
CVE-2025-21622
CVE-2025-21622 affects ClipBucket V5. The issue arises in the avatar deletion workflow where avatar_url is treated as a file path within the avatars directory without validating path traversal sequences. The final $file variable can be tainted by traversal inputs stored in the DB, enabling deleti...
CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
Apache Solr Authentication Error Vulnerability
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. An authentication error vulnerability exists in Apache Solr that stems from the...
CVE-2024-45216
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...
UBUNTU-CVE-2024-45216
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...
CVE-2024-45216 Apache Solr: Authentication bypass possible using a fake URL Path ending
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...
CVE-2024-45216 Apache Solr: Authentication bypass possible using a fake URL Path ending
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip...
CVE-2024-39020
idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/vpsApiDatadeal.php?mudi=rev&nohrefStr=close...
Information Disclosure
SilverStripe is vulnerable to Information Disclosure. The vulnerability is caused by a specific URL path configured by default through the silverstripe/framework module, which can be used to disclose that a domain is hosting a SilverStripe application...
Oceanic 安全漏洞
Oceanic is a NodeJS library for interacting with Discord open-sourced by Oceanic. A security vulnerability exists in Oceanic versions prior to 1.10.4, which stems from uncleaned user input that may result in URL path traversal...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application from Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability previously existed in Synology Surveillance Station version 9.2.0-11289, which stemmed from a...
CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file
CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...
Cross Site Scripting
concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability is due to inadequate input validation on user-supplied data through the URL path /dashboard/system/basics/name, allowing malicious scripts to be stored and executed in the context of the user's browser when the affected...
CVE-2024-26263
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login...
CVE-2024-26263
Summary: CVE-2024-26263 pertains to EBM Technologies RISWEB where a URL path is not properly controlled by permissions, enabling attackers to browse specific pages and query sensitive data without login. The core issue is improper access control affecting RISWEB’s URL paths; exploitation details ...
DEBIAN-CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
CVE-2024-1019
ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...
Design/Logic Flaw
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service...
CVE-2023-5876 Regex DoS from a malicious server enrolled in Desktop
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service...