Lucene search
+L

9 matches found

ATTACKERKB
ATTACKERKB
added 10 hours ago3 views

CVE-2026-16158

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-45373

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References2
CVE
CVE
added 10 hours ago10 views

CVE-2026-16158

Affected component: @fastify/reply-from. Versions 8.3.1 up to, but not including, 12.6.4 construct an internal URL cache key by concatenating destination and source paths without a delimiter, enabling cross-upstream data access when getUpstream selects an upstream from request data. This can caus...

8.7CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 23 hours ago4 views

PT-2026-60935

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.8 views

CVE-2023-3979

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the...

4.3CVSS6.4AI score0.00399EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2021-0552)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.02295EPSS
Exploits0References5
OSV
OSV
added 2021/12/09 7:9 p.m.5 views

GHSA-V6RH-HP5X-86RV Potential bypass of an upstream access control based on URL paths in Django

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy...

7.3CVSS7.1AI score0.02295EPSS
Exploits0References11
OSV
OSV
added 2021/12/08 12:15 a.m.14 views

PYSEC-2021-439

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

7.5CVSS5.9AI score0.02295EPSS
Exploits0References5
Cent OS
Cent OS
added 2007/12/21 12:49 a.m.61 views

libexif security update

CentOS Errata and Security Advisory CESA-2007:1165 Updated libexif packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libexif packages contain the Exif...

6.8CVSS7.5AI score0.02727EPSS
Exploits0References7
Rows per page
Query Builder