CVE-2026-40332

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...

Lovable VDP: Bypass of Open Redirect Fix on lovable.dev via /..// Path Traversal in redirect parameter

A bypass was discovered for a previously patched open redirect vulnerability on a web application. The original fix blocked certain payloads, but failed to account for path traversal sequences combined with double slashes. By supplying a specific redirect value, an attacker could still redirect...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the input.parsedpath field. An attacker can gain unauthorized access to protected resources by crafting HTTP requests with double slashes in the path, causing a mismatch between the path evaluated by...

PT-2026-20563

A security vulnerability has been discovered in how the input.parsed path field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Th...

EUVD-2009-0753

Malware in sbrugna...

EUVD-2022-1164

Malicious code in bioql PyPI...

EUVD-2025-23565

Malicious code in bioql PyPI...

Open Redirect

Astro is vulnerable to Open Redirect. The vulnerability is due to improper handling of paths with double slashes in the trailing slash redirection logic, which allows an attacker to redirect users to arbitrary external domains and perform phishing or social engineering attacks...

Open Redirect

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Open Redirect the trailing slash redirection logic when handling URLs with double slashes in the path. An attacker can redirect users to arbitrary external...

CVE-2025-52892

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes e.g https://domain//Admin and the webserver does not strip the double slash, it can cause ...

CVE-2025-52892 EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes e.g https://domain//Admin and the webserver does not strip the double slash, it can cause ...

PT-2025-31880 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions 9.1.6 and below Description: EspoCRM is a web application featuring a single-page application frontend and a PHP-based REST API backend. If a user accesses EspoCRM in a browser with double slashes e.g., https://domain//Admin...

CVE-2023-3042

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes // from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edittextinc.jsp , which should return a 404 response b...

PT-2023-22684 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 23.06 dotCMS versions prior to LTS 22.03.7 dotCMS versions prior to LTS 23.01.4 Description: A flaw in the NormalizationFilter of dotCMS does not strip double slashes // from URLs, potentially enabling bypasses for XS...

SUSE CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

CVE-2021-23387

The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::createTrailing, as the web server uses relative URLs...

trailing-slash 输入验证错误漏洞

trailing-slash is an application. Add or remove trailing slashes and redirect. A security vulnerability exists in versions of trailing-slash prior to 2.0.1, when accessing vulnerable endpoints, through the use of trailing double slashes in URLs...

CVE-2021-23384

The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::removeTrailingSlashes, as the web serve...

Open Redirect

Overview trailing-slash is an Add or remove trailing slashes, and redirect. Affected versions of this package are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable cod...

UBUNTU-CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...