Lucene search
+L

21 matches found

cve
cve
added 2026/06/26 4:47 p.m.26 views

CVE-2026-54557

CVE-2026-54557 affects the mise HTTP backend. Before 2026.6.1, install symlinks were created using the raw resolved version string for non-latest versions, instead of the sanitized version pathname. This allows a repository-controlled .tool-versions entry to cause mise install to create a symlink...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References1
github
github
added 2026/06/23 6:13 p.m.9 views

mise HTTP backend uses raw version path for install symlink destination

Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an...

5.5CVSS6.1AI score0.00175EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/23 6:13 p.m.4 views

GHSA-F94H-J2QG-FXW3 mise HTTP backend uses raw version path for install symlink destination

Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an...

5.5CVSS6.1AI score0.00175EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/23 12:0 a.m.12 views

PT-2026-51638

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.1 Description The HTTP backend in mise improperly handles version strings for non-latest versions when creating install symlinks. Instead of using a sanitized version pathname, it uses the raw resolved version...

5.5CVSS6AI score0.00175EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2026/05/05 5:30 p.m.8 views

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +3 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-core and may be impacted: -...

10CVSS6AI score0.03678EPSS
Exploits1
github
github
added 2026/04/22 5:41 p.m.26 views

i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Summary Versions of i18next-http-backend prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template without any encoding, validation, or path sanitisation. When an application exposes the language-code selection to user-controlled input the defau...

9.1CVSS5.8AI score0.00251EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2026/04/22 5:41 p.m.9 views

Directory Traversal

Overview org.webjars.npm:i18next-http-backend is an i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno. Affected versions of this package are vulnerable to Directory Traversal or other URL manipulation, via unsanitized interpolation of lng and ns...

9.1CVSS6.3AI score0.00251EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/22 5:41 p.m.11 views

@armenak/aa (=1.0.1), @armenak/ui-kit (>=1.0.0 <=1.0.5) +74 more potentially affected by CVE-2026-41691 via i18next-http-backend (>=3.0.1 <=3.0.4)

i18next-http-backend NPM version =3.0.1, =1.0.0, =1.0.2, =3.12.2-pre.0a3e0d524e, =3.2.9, =3.2.9, =10.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =3.42.3, =3.8.2, =3.7.3, =3.7.11 - @eternal-baguette/sample-component =0.0.3 and more Source cves: CVE-2026-41691 Source advisory:...

9.1CVSS5.7AI score0.00251EPSS
Exploits0
osv
osv
added 2019/04/03 1:51 a.m.5 views

OPENSUSE-SU-2019:1128-1 Security update for pdns

This update for pdns fixes the following issue: Security issue fixed: - CVE-2019-3871: Fixed an insufficient validation in the HTTP remote backend which could allow a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one bsc1129734...

8.8CVSS7.8AI score0.12632EPSS
Exploits1References3
nessus
nessus
added 2019/04/03 12:0 a.m.21 views

openSUSE Security Update : pdns (openSUSE-2019-1128)

This update for pdns fixes the following issue : Security issue fixed : - CVE-2019-3871: Fixed an insufficient validation in the HTTP remote backend which could allow a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one bsc1129734...

8.8CVSS7.2AI score0.12632EPSS
Exploits1References2
osv
osv
added 2019/03/29 3:51 p.m.8 views

MGASA-2019-0122 Updated pdns packages fix security vulnerability

Updated pdns packages fix security vulnerability: An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode without post=1 set, allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured...

8.8CVSS8.3AI score0.12632EPSS
Exploits1References3
archlinux
archlinux
added 2019/03/22 12:0 a.m.31 views

[ASA-201903-13] powerdns: insufficient validation

Arch Linux Security Advisory ASA-201903-13 ========================================== Severity: High Date : 2019-03-22 CVE-ID : CVE-2019-3871 Package : powerdns Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-927 Summary ======= The package powerdns before...

8.8CVSS1.9AI score0.12632EPSS
Exploits1References6
nessus
nessus
added 2019/03/20 12:0 a.m.28 views

FreeBSD : PowerDNS -- Insufficient validation in the HTTP remote backend (6001cfc6-9f0f-4fae-9b4f-9b8fae001425)

PowerDNS developers report : An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode without post=1 set, allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS...

8.8CVSS6.9AI score0.12632EPSS
Exploits1References3
openvas
openvas
added 2019/03/19 12:0 a.m.28 views

PowerDNS Authoritative Server RESTful Vulnerability (2019-03)

An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode without post=1 set, allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to...

8.8CVSS7.1AI score0.12632EPSS
Exploits1References1
prion
prion
added 2017/09/01 1:29 p.m.21 views

Code injection

A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus MSS+ versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response...

7.5CVSS9.7AI score0.11679EPSS
Exploits2References2Affected Software2
nvd
nvd
added 2017/09/01 1:29 p.m.22 views

CVE-2017-3897

A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus MSS+ versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response...

9.8CVSS9.7AI score0.11679EPSS
Exploits2References2
prion
prion
added 2017/09/01 1:29 p.m.15 views

Authentication flaw

A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe MLS versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response...

4.3CVSS5.7AI score0.03176EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2017/09/01 1:0 p.m.29 views

CVE-2017-3898

A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe MLS versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response...

6AI score0.03176EPSS
Exploits2References1
cvelist
cvelist
added 2017/09/01 1:0 p.m.24 views

CVE-2017-3897

A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus MSS+ versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response...

9.8AI score0.11679EPSS
Exploits2References2
cve
cve
added 2017/09/01 1:0 p.m.73 views

CVE-2017-3898

CVE-2017-3898 affects McAfee LiveSafe (MLS) prior to 16.0.3 and is tied to a MitM flaw in the non‑certificate‑based authentication used during HTTP backend responses. An attacker on the network could manipulate the Windows registry value associated with McAfee updates, potentially enabling remote...

5.9CVSS6AI score0.03176EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder