42 matches found
CVE-2026-54430
liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...
UBUNTU-CVE-2026-54430
liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...
CVE-2026-54430 Server-Site Request Forgery in liboauth2
liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
EUVD-2021-22582
Malware in sbrugna...
EUVD-2025-27765
Malicious code in bioql PyPI...
EUVD-2022-31515
Malicious code in bioql PyPI...
EUVD-2025-9726
Malicious code in bioql PyPI...
Jank 安全漏洞
Jank is a lightweight blogging system by the individual developer Fender. Jank has a security vulnerability that stems from the use of hard-coded passwords for the parameters accessSecret/refreshSecret in the file internal/utils/jwtutils.go...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
CVE-2021-25118
The Yoast SEO WordPress plugin from versions 16.7 until 17.2 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities...
ROS-20250417-01
A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing the Nextcloud Nextcloud data warehouse is related to disclosure of internal website paths when the SMTP server is unavailable. Exploitation of the vulnerability could allow an attacker acting remotely ...
CVE-2025-0278
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2025-0278
CVE-2025-0278 affects HCL Traveler, a Windows application. The issue is an internal path disclosure where internal file paths may be revealed in error messages, debug logs, or responses to user requests. The CVE entry cites a MEDIUM severity (CVSS v3.1: 4.3, AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) w...
CVE-2025-0278 An internal path disclosure vulnerability affects HCL Traveler
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
CVE-2023-5515
Hitachi Energy eSOMS vulnerability CVE-2023-5515: exposure of internal resource paths via certain web query parameters. Affected product: eSOMS v6.3.13 and prior. Root cause: web responses reveal internal application structure, enabling information disclosure (CWE-497). Impact: potential disclosu...
Exploit for Improper Input Validation in Usememos Memos
CVE-2023-4698 Local File Inclusion LFI in usememos/memos...