Lucene search
K

72 matches found

Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.4 views

PT-2025-47489

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.8 Description Astro versions prior to 5.15.8 contain a path normalization discrepancy between how the framework routes requests and how middleware validates them. Astro uses decodeURI to determine the route, while...

6.9CVSS6.7AI score0.00481EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-5602

Malware in sbrugna...

7.5CVSS6.4AI score0.01629EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20569

Malware in sbrugna...

5.3CVSS5.2AI score0.01766EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1991

Malicious code in bioql PyPI...

7.5CVSS7AI score0.01702EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-47443

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00371EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-6162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises becau...

7.5CVSS6.8AI score0.01702EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.2 views

CVE-2021-37699

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly ha...

6.9CVSS6.7AI score0.01198EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/04/01 3:15 p.m.4 views

rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

7.5CVSS6.6AI score0.01068EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/03/12 5:5 a.m.3 views

SUSE CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7.7AI score0.01068EPSS
Exploits0References5
OSV
OSV
added 2024/08/10 7:20 a.m.98 views

BIT-GITLAB-2024-6329 Improper Encoding or Escaping of Output in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

7.5CVSS6AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2024/08/08 10:15 a.m.3 views

UBUNTU-CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References4
OSV
OSV
added 2024/08/08 10:2 a.m.12 views

CVE-2024-6329 Improper Encoding or Escaping of Output in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

5.7CVSS6.5AI score0.00371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/07 12:0 a.m.5 views

PT-2024-5513 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: The issue causes the web interface to fail to render the diff correctly when the path is encoded. This ...

7.5CVSS6.8AI score0.00371EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2024/07/25 7:26 p.m.4 views

undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS5.9AI score0.01702EPSS
Exploits0References5
OSV
OSV
added 2024/06/20 3:15 p.m.2 views

DEBIAN-CVE-2024-6162

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS7.1AI score0.01702EPSS
Exploits0References1
OSV
OSV
added 2024/06/20 3:15 p.m.11 views

UBUNTU-CVE-2024-6162

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS7AI score0.01702EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.36 views

Rocky Linux 8 : grafana (RLSA-2022:1781)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1781 advisory. - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability fo...

4.3CVSS6.9AI score0.57499EPSS
Exploits0References4
OSV
OSV
added 2023/06/09 7:31 p.m.56 views

GHSA-VCVG-XGR8-P5GQ Arbitrary file read using percent-encoded relative paths in FileMiddleware

Impact Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware. Patches Version 4.29.4 Workarounds Upgrade to 4.24.4 or later, or disable FileMiddleware. References Introduced in https://github.com/vapor/vapor/pull/2223 Fixed by...

6.5CVSS7.2AI score0.0153EPSS
Exploits0References5
Snyk
Snyk
added 2022/11/02 2:36 p.m.4 views

Arbitrary File Read

Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Arbitrary File Read. This can be caused by using percent-encoded relative paths in FileMiddleware. Remediation Upgrade vapor/vapor to version 4.29.4 or higher. References - GitHu...

8.5CVSS6.9AI score0.0153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/12/13 6:3 a.m.48 views

CVE-2021-43813

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

4.3CVSS1.9AI score0.57499EPSS
Exploits0References4
Rows per page
Query Builder