7 matches found
DELMIA Apriso - Command Injection
An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...
DEBIAN-CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-49454
Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...
CVE-2026-2455
Mattermost Affected Versions: 11.3.x up to 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. Issue: the product fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation, enabling SSRF to internal services via IPv4-mapped IPv6 literals (e.g., [::ffff:127.0.0.1]). Outco...
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Behavior Order: Authorization Before Parsing and Canonicalization due to the Authorization header...
Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)
Binary data 801018.prm...
CVE-2000-0024
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability...