Lucene search
+L

487 matches found

OSV
OSV
added 2026/06/22 5:14 p.m.2 views

CVE-2026-54286 Hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS5.9AI score0.00292EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:16 p.m.9 views

GHSA-M999-J542-5W3R Open Redirect Bypass in miniflux-v2

Summary The URL restrictions in miniflux-v2 can be bypassed by attackers, leading to an open redirect vulnerability. Details Normally, the redirect URL needs to be validated using IsRelativePath. There are some security measures in place, such as requiring relative paths, prohibiting host and...

5.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:52 p.m.4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the getLoginRedirect function. An attacker can redirect users to an attacker-controlled hostname by exploiting a backslash bypass in the redirect target. Remediation Upgrade cakephp/authentication to version 3.3.6, 4.1....

6.1CVSS5.8AI score0.0028EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:52 p.m.15 views

CakePHP Authentication: Open redirect weakness via backslash bypass

Impact The getLoginRedirect method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Patches 3.3.6 and 4.1.1 contain a fix for this issue. Workarounds If you are unable to upgrade, you should consider adding application validation to the...

6.1CVSS5.3AI score0.0028EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/17 6:10 p.m.4 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the redirectto parameter when directory traversal sequences and a backslash are used. An attacker can redirect users to arbitrary external sites by crafting a malicious URL, potentially leading to phishing, token theft...

6.1CVSS6.1AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:10 p.m.3 views

GHSA-J5R2-4C8J-XC3M Gitea: Open Redirect via redirect_to

Details Despite the validation within urlIsRelative in modules/httplib/url.go, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirectto" parameter. PoC When a user uses this URL to login:...

5.1CVSS5.4AI score0.00248EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:10 p.m.11 views

Gitea: Open Redirect via redirect_to

Details Despite the validation within urlIsRelative in modules/httplib/url.go, an open redirect is still possible due to usage of directory traversal sequences plus a back-slash in the "redirectto" parameter. PoC When a user uses this URL to login:...

6.1CVSS5.3AI score0.00248EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50585

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An open redirect exists due to improper validation within the urlIsRelative function in modules/httplib/url.go. An attacker can bypass this validation by using directory traversal sequences...

6.1CVSS5.9AI score0.00248EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50603

Name of the Vulnerable Software and Affected Versions CakePHP Authentication versions prior to 2.11.1 CakePHP Authentication versions prior to 3.3.6 CakePHP Authentication versions prior to 4.1.1 Description The getLoginRedirect function contains a weakness to backslash bypasses. This allows...

6.1CVSS5.9AI score0.0028EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.15 views

Caddy: Windows `file_server` path authorization bypass via encoded backslash

Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...

8.2CVSS5.3AI score0.00409EPSS
Exploits2References2Affected Software2
OSV
OSV
added 2026/06/16 9:28 p.m.7 views

GHSA-QRP7-CVWR-J2C6 Caddy: Windows `file_server` path authorization bypass via encoded backslash

Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...

7.5CVSS5.4AI score0.00409EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/06/16 2:9 p.m.6 views

NPM: hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

NPM: hono: Path traversal in serve-static on Windows via encoded backslash %5C vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.9CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/16 2:9 p.m.12 views

Directory Traversal

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Directory Traversal via the serve-static method on Windows hosts when an encoded backslash %5C in the request path is decoded to , which is treated as a separator by the Windows path...

8.7CVSS6.5AI score0.00292EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:9 p.m.18 views

hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

Summary On Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as admin\secret.txt into a nested file under the root and serves it, letting an attacker read static file...

5.9CVSS5.2AI score0.00292EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49733

Name of the Vulnerable Software and Affected Versions serve-static affected versions not specified Description On Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. Because the router splits paths only on /, a request su...

5.9CVSS5.8AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50160

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description On Windows, a mismatch exists between how Caddy path matchers and the file server handle request paths. The MatchPath.MatchWithError function compares the r.URL.Path using URL path semantics and does...

7.5CVSS7.3AI score0.00409EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/06/12 9:53 p.m.50 views

File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...

6.8CVSS5.7AI score0.00189EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49066

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description An issue exists where the software fails to properly normalize file paths when creating zip or tar archives on Linux hosts. Specifically, the getFiles function uses filepath.ToSlash, which does...

6.8CVSS6AI score0.00189EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/08 11:6 p.m.14 views

FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString

Summary The TDengine DAQ storage connector's escapeTdString at server/runtime/storage/tdengine/index.js:10 doubles single quotes but does not escape backslashes. TDengine's SQL parser treats ' as a literal single quote inside a string, so a tag id of the form x' OR 1=1-- escapes the first single...

5.5AI score0.00082EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/08 9:30 a.m.6 views

OPENSUSE-SU-2026:20918-1 Security update for salt

This update for salt fixes the following issues: Security fixes: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554 Other changes in salt: - Use non vendored tornado with Python 3.11 bsc1257583, bsc1259700 - Harden Tornado fro...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References7
Rows per page
Query Builder