Lucene search
K

127 matches found

Snyk
Snyk
added 2026/06/17 12:0 a.m.7 views

Path Equivalence

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...

8.7CVSS5.9AI score0.00451EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.7 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00451EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.4 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00451EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.6 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00451EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.6 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00451EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50145

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.14 Description Deno's permission system on macOS enforces filesystem and execution restrictions by comparing requested paths against those supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. The...

7.3CVSS6AI score0.00144EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35478

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.4AI score0.00237EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.8 views

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.4AI score0.00237EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.18 views

CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.9 views

CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

5.8AI score0.00137EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 12:0 a.m.5 views

UBUNTU-CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

5.8AI score0.00137EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2026/05/26 8:0 a.m.18 views

CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

More info at https://symfony.com/cve-2026-46644...

5.8AI score0.00137EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2026/05/26 8:0 a.m.9 views

CVE-2026-46644

insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...

5.8AI score0.00137EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2026/05/26 8:0 a.m.16 views

CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

More info at https://symfony.com/cve-2026-46644...

5.8AI score0.00137EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43392

Name of the Vulnerable Software and Affected Versions symfony/polyfill-intl-idn versions prior to 1.x Description The Idn::process function fails to enforce the validity criterion defined in UTS 46 revision 33 Section 4 step 4.1.2. Specifically, it does not verify that a label prefixed with xn--...

6.9CVSS5.9AI score0.00137EPSS
Exploits0References10
Snyk
Snyk
added 2026/05/20 3:35 p.m.15 views

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...

9.8CVSS6.2AI score0.01425EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.17 views

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...

9.8CVSS6.2AI score0.01425EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.23 views

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The path ‘file.Name’ Internal Dot leads to remote code execution, information disclosure, and the addition of malicious content to uploaded files via the write-enabled default servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: - 11.0.0-M1 through...

10CVSS7.4AI score0.99945EPSS
Exploits46References2
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16307

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 9:31 p.m.3 views

Keycloak: manage-clients permission escalates to full realm admin access

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

7.2CVSS5.8AI score0.00471EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder