Directory Traversal

Overview nitro is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs containing...

GHSA-95V5-PRP4-5GV5 Backstage vulnerable to potential reading of SCM URLs using built in token

Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...

EUVD-2002-1580

Malware in sbrugna...

EUVD-2004-1359

Malware in sbrugna...

EUVD-2005-0291

Malware in sbrugna...

EUVD-2001-1099

Malware in sbrugna...

EUVD-2001-0523

Malware in sbrugna...

EUVD-2017-0724

Malware in sbrugna...

EUVD-2020-7821

Malware in sbrugna...

EUVD-2004-1900

Malware in sbrugna...

EUVD-2022-6514

Malicious code in bioql PyPI...

EUVD-2025-31146

Malicious code in bioql PyPI...

CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs...

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...

CVE-2024-49706

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...

CVE-2024-49706 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0...

CVE-2024-49706

The CVE-2024-49706 entry concerns Internet Starter, a module of the SoftCOM iKSORIS system. The vulnerability is an Open Redirect caused by including base64-encoded URLs in the target parameter of a POST request to a specific endpoint. The underlying component exposed to this issue is the handlin...

CVE-2022-35920

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue...

GHSA-8CW9-5HMV-77W6 sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs

Impact Access to lateral directories when using app.static if using encoded %2F URLs. Parent directory traversal is not impacted. Patches - v20.12.7 LTS - v21.12.2 LTS - v22.6.1 References https://github.com/sanic-org/sanic/issues/2478 https://github.com/sanic-org/sanic/pull/2495 For more...

Directory Traversal

sanic is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of URL paths in the handler function allowing an attacker to access lateral directories when using app.static if using encoded %2F URLs...