CVE-2026-28808

CVE-2026-28808 is an incorrect authorization vulnerability in Erlang OTP (inets modules). The root cause is a script_alias path mismatch where mod_auth checks DocumentRoot-relative paths while mod_cgi executes ScriptAlias-resolved paths, allowing unauthenticated access to CGI scripts protected by...

EUVD-2026-13927

The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias val parameter in the updatekbdbkupalias AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While...

django: Django SQL injection in FilteredRelation column aliases

An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

PT-2024-26122 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.0 Description: A user with permission to view any collection using redacted hashed fields can access the raw stored version using the alias functionality on the API. Normally, these redacted fields return , bu...

PYSEC-2023-236

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

Remarshal unlimitedly expanding YAML alias nodes

Overview Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly CWE-674, hence Remarshal is vulnerable to Billion Laughs Attack. Taichi Kotake of Sterra Security Co.,Ltd. / Akatsuki Games Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Redline Router 授权问题漏洞

Redline Router is a wireless router from Redline. A security vulnerability exists in Redline Router versions prior to 7.17, which stems from an authentication bypass via alias vulnerability...

CVE-2022-2059

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Apache httpd only 2.4.49 For educational pur...

Nextcloud Mail Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Mail that stems from a lack of permission checking in Nextcloud Mail.Nextcloud Mail version 1.9.5 an...

CVE-1999-0565

CVE-1999-0565 affects Sendmail: a mail alias can cause input to be piped to an external program, enabling potential command execution. Documents confirm the issue but do not specify affected versions or a fix; one PT-security entry notes no information about a newer version containing a patch. No...

Sendmail decode Alias Arbitrary File Overwrite

The remote SMTP server seems to pipe mail sent to the 'decode' alias to a program. There have been in the past a lot of security problems regarding this, as it would allow an attacker to overwrite arbitrary files on the remote server. We suggest you deactivate this alias. C Tenable Network...