EUVD-2026-26156

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function getcontextfilepath of the file src/executionsystemmcp/server.py of the component addaction Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely...

CVE-2026-40022

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

CVE-2025-25231

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests read-only to restricted API endpoints...

CVE-2024-56511

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class,...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the use of request.getRequestURI validation in com.baidu.brcc.config.UserAuthFilter.doFilter. An attacker can gain unauthorized admin rights by sending requests to /admin/ URIs on misconfigured servers. Not...

PT-2025-1176 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.4 Description: DataEase is an open source data visualization analysis tool. There is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of...

GHSA-29PH-FJF3-C5CM Apache NiFi XSS issue in context path handling

A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate...

Apache NiFi XSS issue in context path handling

A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate...

Paessler PRTG Network Monitor 安全漏洞

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A security vulnerability exists in PRTG Network Monitor before 21.1.66.1623, which can be exploited by an attacker to invoke the screenshot function by using a prepared context path...

Apache NiFi Cross-Site Scripting Vulnerability (CNVD-2018-26520)

Apache NiFi is a data-flow based data processing and distribution system of the Apache Apache Software Foundation, USA. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic. A cross-site scripting vulnerability exists in...

Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...

UBUNTU-CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

Path traversal

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

CVE-2016-6802

CVE-2016-6802 affects Apache Shiro prior to 1.3.2. The issue allows bypass of intended servlet filters by leveraging a non-root servlet context path, enabling an attacker to gain access. The risk and exploit details are limited in the provided documents; the core vulnerability is a path/filters b...

CVE-2016-6802

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...