CVE-2026-33732

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

CVE-2026-33732

The srvx vulnerability CVE-2026-33732 affects the Node.js adapter prior to version 0.11.13, where FastURL’s pathname parsing could mis-handle absolute URIs with non-standard schemes (e.g., file://). This allowed bypass of route-based middleware because FastURL would later deopt to the native URL ...

CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

srvx is vulnerable to middleware bypass via absolute URI in request line

Summary A pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Details When Node.js receives an absolute URI in the request line e.g. GET file://hehe?/internal/run...

OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...

SUSE CVE-2016-4553

clientside.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request...

HTTP NIDS evasion

This plugin configures OpenVAS for NIDS evasion see the SPDX-FileCopyrightText: 2008 Michel Arboi / Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only The HTTP IDS evasion...

DEBIAN-CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

HTTP NIDS Evasion

This plugin configures Nessus for NIDS evasion see the 'Prefs' panel. NIDS evasion options are useful if you want to determine the quality of the expensive NIDS you just bought. HTTP evasion techniques : - HEAD: use HEAD method instead of GET - URL encoding: - Hex: change characters to %XX - MS...