107 matches found
CVE-2025-66202
Astro (web framework) is affected by CVE-2025-66202: versions 5.15.7 and below are vulnerable to a double URL encoding bypass that lets unauthenticated attackers bypass middleware pathname checks and access protected routes. The fix for CVE-2025-64765 in 5.15.8 decodes URLs only once, leaving roo...
CVE-2025-66202 Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8,...
CVE-2025-66202 Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8,...
EUVD-2025-201717
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8,...
CVE-2025-66202 Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8,...
Use of Non-Canonical URL Paths for Authorization Decisions
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions due to improper URL decoding logic. The pathname validation used for...
GHSA-WHQG-PPGF-WP8C Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Authentication Bypass via Double URL Encoding in Astro Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- Summary A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. Whi...
Exploit for CVE-2020-14882
π CVE-2020-14882 β Oracle WebLogic Server Remote Code Execut...
Deserialization Of Untrusted Data
h2o is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of JDBC connection parameters with insufficient input validation, which allows an attacker to bypass regular expression checks using double URL encoding and subsequently read arbitrary files or...
EUVD-2025-25855
Malicious code in bioql PyPI...
CVE-2025-6544
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
PT-2025-38624
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
PT-2025-38621
Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.0 through 1.7.0 Description A flaw exists in Apache Linkis when utilizing the JDBC engine and data source functionality. Multiple rounds of URL encoding applied to the URL parameter configured on the frontend can...
Google Android Information Disclosure Vulnerability (CNVD-2025-19990)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by double encoding of URIs in multiple locations. The vulnerability can be exploited by an attacker to obtain sensitive information...
CVE-2025-0083
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0083
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0083
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0083
CVE-2025-0083 is an information-disclosure vulnerability affecting Google Android, caused by URI double encoding that allows cross-profile content access without extra privileges. The issue is referenced across multiple sources (Android Android framework/system entries in the 2025 Android bulleti...
CVE-2025-0083
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...