Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/02/27 6:31 p.m.7 views

Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...

9.8CVSS5.8AI score0.00666EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/27 6:31 p.m.4 views

GHSA-7Q64-3RG2-H9PF Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...

8.2CVSS5.8AI score0.00666EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 4:15 p.m.4 views

CVE-2026-2293

A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...

8.2CVSS5.9AI score0.00666EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/14 10:1 p.m.12 views

CVE-2025-64748

Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...

6.5CVSS7.1AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.9 views

PT-2025-46911

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...

4.6CVSS6.5AI score0.00166EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/29 9:30 a.m.3 views

EUVD-2025-36625

Cross-Site Request Forgery CSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.12...

4.3CVSS6.3AI score0.00117EPSS
Exploits0References2
Rows per page
Query Builder