CVE-2026-22707

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...

CVE-2026-22707 Strapi Upload Plugin MIME Validation Bypass via Content API

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...

MiracleLinux 4 : httpd-2.2.15-60.6.0.1.AXS4 (AXSA:2017-2391:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2391:05 advisory. A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in a...

EUVD-2025-202368

Malicious code in allow-deny npm...

Malicious Package

Overview allow-deny is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in allow-deny (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 512611dc9091a6cb708a796ffa1ff4047634ff63ee34231b092411ec45e57132 The package allow-deny was found to contain malicious code. Source: ghsa-malware eacee1962bd7ee456809cbd1fec30a8feb4fe397bf9e945ff4f42a8331cab117 Any...

MAL-2025-192403 Malicious code in allow-deny (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 512611dc9091a6cb708a796ffa1ff4047634ff63ee34231b092411ec45e57132 The package allow-deny was found to contain malicious code. Source: ghsa-malware eacee1962bd7ee456809cbd1fec30a8feb4fe397bf9e945ff4f42a8331cab117 Any...

GO-2025-4190 Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page in github.com/mattermost/mattermost-server...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the allow/deny lists mechanism when establishing connections to untrusted AMQP servers. An attacker can achieve arbitrary code execution by crafting malicious responses that exploit unbounded...

Linux Distros Unpatched Vulnerability : CVE-2016-9850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to...

CVE-2025-24887

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

CVE-2025-24887

OpenCTI has a CVE-2025-24887 vulnerability affecting versions 6.4.8–6.4.9. The issue lets a user bypass the allow/deny lists to modify attributes meant to be immutable, including toggling the external flag, changing a user’s own token, and editing non-allow-listed attributes such as otp_qr and ot...

SUSE CVE-2018-1080

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules authz.evaluateOrder=allow,deny, then allow rules will...

ALPINE-CVE-2023-34241

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page...

GHSA-9X8X-W6G5-HX4W Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page...

The vulnerability of the Apache HTTP server relates to the use of memory after it is freed. This allows an attacker to access parts of the server’s memory, cause failures in the child process of httpd, or gain access to closed HTTP resources.

The vulnerability of the Apache HTTP server is related to the use of memory after it is freed during the processing of comments in the Allow and Deny directives of the .htaccess configuration file. Exploiting this vulnerability allows a remote attacker to cause a child process of the httpd to cra...

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

httpd: # character matches all IPs

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

PT-2017-3746 · Apache +2 · Httpd +2

Name of the Vulnerable Software and Affected Versions: httpd version 2.2.15-60 Description: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. This issue is related to the use of memory after it has been freed when processing...