CVE-2025-69211

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

CVE-2025-69211 Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU)

Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it uses @nestjs/platform-fastify; relies on NestMiddleware via MiddlewareConsumer for security checks...

CVE-2025-69211

CVE-2025-69211 affects Nest.js applications using the Fastify platform integration before version 11.1.11. The issue is a bypass in the Fastify URL encoding middleware that can skip security checks implemented via NestMiddleware (via MiddlewareConsumer) or app.use(), particularly when middleware ...

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

PT-2025-53755

Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.11 Description Nest is a framework used for building scalable Node.js server-side applications. A flaw exists where the Fastify URL encoding middleware can be bypassed. This impacts applications utilizing...

nest 安全漏洞

nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A security vulnerability exists in versions of nest prior to 11.1.11, which stems from a bypass in the Fastify URL encoding middleware tha...

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

cl-cybersec-pysxss

XSS WAF Lab – Payload Generator This project studies how Web...

Cross-site Scripting (XSS)

Overview httpbin is a HTTP Request and Response Service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the endpoint /base64 which does not encode user-controllable parameters when outputting them on the current page. An attacker can inject and execute arbitrary...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python3 (UTSA-2025-992144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992144 advisory. During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also...

CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

UBUNTU-CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

CVE-2021-47733

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...

CVE-2018-25154

CVE-2018-25154 affects GNU Barcode 0.99. The vulnerability is a buffer overflow in the Code 93 encoding path that can trigger memory corruption during input file processing. The description in connected sources confirms boundary/overflow issues in the encoding routine that could potentially allow...

CVE-2018-25154 GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

📄 Varnish / Styx HTTP Request Smuggling

Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...