CVE-2026-28413

The CVE affects Plone via the Products.isurlinportal replacement. Before versions 2.1.0, 3.1.0, and 4.0.0, a login redirect can be manipulated when the came_from parameter contains more than two forward slashes (e.g., /login?came_from=////evil.example), leading to an open redirect. The issue has ...

Open Redirect

Overview Products.isurlinportal is a replacement for isURLInPortal method in Plone. Affected versions of this package are vulnerable to Open Redirect via the login form. An attacker can cause users to be redirected to an external website by crafting a URL with more than two forward slashes in the...

CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

Path Equivalence

Overview rou3 is a Lightweight and fast router for JavaScript. Affected versions of this package are vulnerable to Path Equivalence due to insufficient preservation of empty segments. An attacker can bypass access restrictions and rate limits by sending requests with multiple slashes in the URL...

PT-2025-9087

Name of the Vulnerable Software and Affected Versions CodeChecker versions through 6.24.5 Description The CodeChecker web server contains an open redirect issue due to insufficient protection against multiple slashes in the URL after the product name. This allows bypassing existing protections,...

CVE-2025-0720

A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rtscanner of the component Folder Watch List Handler. The manipulation leads to stack-based buffer...

GHSA-24Q2-59HM-RH9R Strapi Improper Rate Limiting vulnerability

Summary There is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. 2. Details It is possible to avoid this by modifying the rate-limited request path as follows. 1. Manipulating request paths to upper or lower case. Pattern 1 - In this case,...

CVE-2018-16479

Path traversal vulnerability in http-live-simulator 1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL...

Cohu 3960HD Information Disclosure Vulnerability

The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. The Cohu 3960HD suffers from an information disclosure vulnerability. An attacker can view and download source code, log files, and other sensitive device information via a specially crafted web request...