Lucene search
+L

23 matches found

cve
cve
added 2 days ago29 views

CVE-2026-48784

CVE-2026-48784 is a Symfony UrlGenerator issue in UrlGenerator::doGenerate() where strtr dot-segment encoding skipped every other chained ../ or ./ segments. This allowed attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. The vuln...

6.1CVSS6.1AI score0.00419EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/06/30 9:16 p.m.8 views

CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/30 8:24 p.m.35 views

CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
cve
cve
added 2026/06/30 8:24 p.m.22 views

CVE-2026-13207

The CVE refers to FUXA prior to 1.3.2 with an authentication bypass in the REST API caused by improper normalization of dot-segments in the router. Prefixing paths with dot-segments (e.g., /api/./users, /api/./roles, /api/project/../users) can bypass authentication and expose protected data such ...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References3
osv
osv
added 2026/06/30 8:24 p.m.4 views

CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS5.9AI score0.00352EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.10 views

PT-2026-53986

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authentication bypass exists in the REST API due to improper dot-segment path normalization. The API router does not normalize dot-segment sequences before the authentication middleware is applied...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References6
github
github
added 2026/06/15 5:33 p.m.9 views

Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...

6.1CVSS5.3AI score0.00419EPSS
Exploits0References6Affected Software2
ptsecurity
ptsecurity
added 2026/06/11 12:0 a.m.14 views

PT-2026-48813

Name of the Vulnerable Software and Affected Versions WsgiDAV version 4.3.3 Description An issue exists in the FilesystemProvider. loc to file path function where the application fails to properly validate path boundaries when using a filesystem-backed share. The method uses...

7.1CVSS6.1AI score0.00072EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/05/08 12:0 p.m.15 views

CVE-2026-40912

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth...

8.6CVSS5.7AI score0.00767EPSS
Exploits1References7
susecve
susecve
added 2026/05/05 1:45 a.m.8 views

SUSE CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/04/30 8:38 p.m.5 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS5.7AI score0.00767EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/30 8:38 p.m.4 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS5.3AI score0.00767EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/04/24 4:37 p.m.3 views

GHSA-6JWX-7VP4-9847 Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync

Summary There is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the...

8.2CVSS5.8AI score0.00767EPSS
Exploits1References6
github
github
added 2026/04/18 12:55 a.m.10 views

Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

5.7AI score
Exploits0References4Affected Software1
mscve
mscve
added 2026/04/12 8:1 a.m.10 views

Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

...

4.8CVSS5.2AI score0.00199EPSS
Exploits0
osv
osv
added 2026/04/09 9:2 p.m.1 views

CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

4.8CVSS6.1AI score0.00199EPSS
Exploits0References5
cvelist
cvelist
added 2026/03/19 10:7 p.m.27 views

CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels

OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...

8.3CVSS0.00433EPSS
Exploits0References3
github
github
added 2026/03/03 6:54 p.m.8 views

OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths

Summary Gateway plugin route auth protection for /api/channels could be bypassed using encoded dot-segment traversal for example ..%2f in path variants that plugin handlers normalize. Affected Packages / Versions - Package: npm openclaw - Latest published vulnerable version: 2026.2.25 - Vulnerabl...

8.3CVSS5.9AI score0.00433EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/03/03 12:0 a.m.15 views

PT-2026-26417

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26 Description The OpenClaw gateway plugin contains a path traversal issue that allows remote attackers to bypass route authentication checks. This is achieved by manipulating the /api/channels paths with...

8.3CVSS6AI score0.00433EPSS
Exploits0References8
redhat
redhat
added 2020/06/11 9:11 a.m.12 views

cxf: reflected XSS in the services listing page

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

6.1CVSS7.2AI score0.07055EPSS
Exploits0References4
Rows per page
Query Builder