Lucene search
K

13 matches found

NVD
NVD
added 2026/06/10 6:17 p.m.15 views

CVE-2026-46614

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object,...

9.8CVSS0.00353EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 5:19 p.m.20 views

CVE-2026-46614

CVE-2026-46614 affects Fission router prior to v1.23.0, where internal routes /fission-function/ and /fission-function// were registered on the same public listener as HTTPTriggers. This allowed any caller that could reach the router to invoke any Function by guessing metadata.name/namespace, byp...

9.8CVSS5.4AI score0.00353EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 5:19 p.m.9 views

EUVD-2026-36090

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object,...

9.8CVSS5.4AI score0.00353EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 访问控制错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a access control vulnerability. This vulnerability stemmed from routers registering internal routes for each Function object, allowing any caller who has access to the router...

9.8CVSS5.3AI score0.00353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42685

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The Fission router registers internal routes '/fission-function/' and '/fission-function//' for every function object, regardless of whether an HTTPTrigger exists. Because these routes are mounted o...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.7 views

Next.js Framework 9.5.x < 15.5.3 / 16.x < 16.1.7 HTTP Request Smuggling (GHSA-ggv3-7p47-pfv8)

The Next.js Framework on the remote host is affected by an HTTP request smuggling vulnerability: - A vulnerability exists in Next.js proxy rewrites where a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. An...

6.5CVSS5.9AI score0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3155

Malicious code in bioql PyPI...

6.8CVSS6.4AI score0.01173EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.3 views

gotribe-admin 安全漏洞

gotribe-admin is a Go + Vue developed small cms solution by gotribe open source. A security vulnerability exists in gotribe-admin version 1.0, which stems from the function InitRoutes in the file internal/app/routes/routes.go that causes deserialization...

9.8CVSS4.8AI score0.00827EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/05/17 5:17 a.m.24 views

Symfony Access Control Vulnerability

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...

6.8CVSS7AI score0.01173EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2012/12/27 11:47 a.m.19 views

CVE-2012-6432

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...

6.8CVSS6.6AI score0.01173EPSS
Exploits0References1
CVE
CVE
added 2012/12/27 11:0 a.m.82 views

CVE-2012-6432

Summary (concrete details from provided sources): CVE-2012-6432 affects Symfony 2.0.x up to 2.0.19, Symfony 2.1.x up to 2.1.4, and 2.2-dev, when the internal routes configuration is enabled. A vulnerability in the internal routing mechanism, via URIs starting with /_internal, allows an attacker t...

6.8CVSS6.8AI score0.01173EPSS
Exploits0References1Affected Software1
Symfony
Symfony
added 2012/12/20 12:0 a.m.30 views

Security release: Symfony 2.0.20 and 2.1.5 released

Log in to add a reaction to this post add a reaction ❤️ 👍 🚀 Symfony 2.0.20 and Symfony 2.1.5 have just been released and they both contain two security fixes. CVE-2012-6431: Routes behind a firewall are accessible even when not logged in Affected versions All versions from 2.0.0 to 2.0.19 are...

6.8CVSS6.5AI score0.01876EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2012/12/19 9:59 a.m.17 views

Code execution vulnerability via the "internal" routes

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.8CVSS7.2AI score0.01173EPSS
Exploits0Affected Software1
Rows per page
Query Builder