186 matches found
CVE-2026-39844
NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes \ in the upload filename. Applications that construct file paths using file.name a pattern...
EUVD-2026-20610
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows...
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows
Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses PurePosixPathfilename.name to strip path components. Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes \ in the upload...
PT-2026-31353
Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses PurePosixPathfilename.name to strip path components. Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes in the upload...
USN-8151-1 lambdaisland-uri-clojure vulnerability
It was discovered that lambdaisland/uri did not properly sanitize the backslash character in URI strings. An attacker could possibly use this issue to bypass security checks or redirect users...
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
CVE-2026-33468
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...
Kysely SQL注入漏洞
Kysely is a type-safe TypeScript SQL query builder developed by Kysely. Versions of Kysely prior to 0.28.14 contained an SQL injection vulnerability. This vulnerability stemmed from the sanitizeStringLiteral method not escaping backslashes, which could lead to SQL injection attacks...
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...
SQL Injection
Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and single quotes, which are not...
SQL Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection in the getAllCategories function via the doNotShowCats parameter due to insufficient sanitization, where only single quotes are stripped but...
DEBIAN-CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
Improper Neutralization of Equivalent Special Elements
Overview github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver is a fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in matcher.go, when matching filenam...
Improper Neutralization of Equivalent Special Elements
Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in matcher.go, when matching filenames using the tryfiles directive, which does not properly handle backslashes. An attacker can bypass security protections by exploiting glob...
Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections
Summary The path sanitization in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. Details The tryfiles directive is used to rewrite the request uri. It accepts a list of patterns and checks if any files exist in the root that match the...
GHSA-4XRR-HQ4W-6VF4 Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections
Summary The path sanitization in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. Details The tryfiles directive is used to rewrite the request uri. It accepts a list of patterns and checks if any files exist in the root that match the...
CVE-2026-27585
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
CVE-2026-27585
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...