Lucene search
K

11 matches found

CVE
CVE
added 2026/05/28 7:32 p.m.31 views

CVE-2026-32847

DeepCode (commit c991dc2) exposes a path traversal vulnerability in the SPA catch-all route of new_ui/backend/main.py. An unauthenticated attacker can read arbitrary files by sending percent-encoded path segments to GET /{full_path:path}, bypassing Starlette path normalization via %2F and %2E%2E....

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 7:32 p.m.10 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:32 p.m.8 views

CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 7:32 p.m.34 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS0.00376EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44488

Name of the Vulnerable Software and Affected Versions DeepCode versions prior to commit c991dc2 Description A path traversal issue exists in the SPA catch-all route within new ui/backend/main.py. Unauthenticated attackers can read arbitrary files by providing percent-encoded path segments to the...

8.7CVSS5.6AI score0.00376EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

DeepCode 路径遍历漏洞

DeepCode is a multi-agent code generation tool open-source by Data Intelligence Lab@HKU. Previous versions of DeepCode c991dc2 contained a path traversal vulnerability. This vulnerability originated from the SPA catch-all route in newui/backend/main.py, which had a path traversal vulnerability...

8.7CVSS6AI score0.00376EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/04 12:54 a.m.7 views

CVE-2025-50735

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...

7.5CVSS6.7AI score0.00835EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/03 9:34 p.m.5 views

EUVD-2025-37512

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...

7.5CVSS6.2AI score0.00835EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/03 12:0 a.m.5 views

CVE-2025-50735

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...

6.3AI score0.00835EPSS
Exploits1References3
OSV
OSV
added 2025/11/03 12:0 a.m.6 views

CVE-2025-50735

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...

7.5CVSS6.7AI score0.00835EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/03/31 10:44 p.m.45 views

URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect

Impact Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under example.com are protected with the requiresAuth middleware, a visit to...

7.5CVSS1.2AI score0.0071EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder