57 matches found
CVE-2026-22220
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...
CVE-2025-15543
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...
CVE-2025-15543
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...
CVE-2025-15543
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...
Exploit for CVE-2021-4191
Nuclei POC Duplicate Detection Tool This tool is written in G...
openSUSE Security Advisory (SUSE-SU-2025:02592-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPA server Data API HTTP path injection of Rego
...
GO-2025-3660 OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa
OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa...
CVE-2025-46569 OPA server Data API HTTP path injection of Rego
Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...
GHSA-6M8W-JC87-6CR7 OPA server Data API HTTP path injection of Rego
Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...
DEBIAN-CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
UBUNTU-CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
PT-2024-8623 · Hashicorp +4 · Hashicorp Consul +4
Name of the Vulnerable Software and Affected Versions: Consul versions 1.9.0 through 1.20.1 Description: A vulnerability was identified in Consul such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This issue allows a remote attacker to bypass...
Fortinet FortiPresence Security Vulnerability
Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiPresence that stems from the lack of a custom error page, which could allow an attacker to obtain sensitive information by navigating to a specific HTTP path...
CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
CVE-2023-0100
A flaw was found In Eclipse BIRT, where the default configuration allowed retrieval of a report from the same host using an absolute HTTP path for the report parameter for example, report=http://xyz.com/report.rptdesign. The report would be retrieved if the host indicated in the report parameter...
GHSA-4GRC-Q4FJ-45P8 Improper Input Validation In Eclipse BIRT
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...
Improper Input Validation In Eclipse BIRT
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...
CVE-2023-0100
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...
CVE-2023-0100
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...