Lucene search
K

32 matches found

Snyk
Snyk
added 2026/04/16 10:28 p.m.4 views

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict in the resolveNormalizationOptions function's deprecated ignoreDuplicateSlashes configuration option. An attacker can bypass middleware by crafting URLs with...

9.1CVSS5.7AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 9:16 p.m.4 views

GHSA-V92G-XGXW-VVMM Mako: Path traversal via double-slash URI prefix in TemplateLookup

Summary TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations: - Template.init strips one leading / using if/slice - TemplateLookup.gettemplate strips all...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/02/19 9:20 p.m.149 views

Exploit for CVE-2026-25890

CVE-2026-25890 - FileBrowser Access Control Bypass !Authorh...

8.1CVSS5.7AI score0.00461EPSS
Exploits2
OSV
OSV
added 2026/02/17 6:9 p.m.3 views

GO-2026-4474 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser...

8.1CVSS5.5AI score0.00461EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/02/10 12:25 a.m.9 views

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

Summary An authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes e.g., //private/ to the path, the authorization check fails to match the rule, while the underlying filesystem resolves the path correctly, granting...

8.1CVSS5.6AI score0.00461EPSS
Exploits2References5Affected Software1
Snyk
Snyk
added 2026/02/10 12:25 a.m.3 views

Incorrect Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Authorization via improper normalization of URL paths in the rules. An attacker can gain unauthorized access to restricted files and perform unauthorized...

8.6CVSS5.6AI score0.00461EPSS
Exploits2References2
CVE
CVE
added 2026/02/09 9:21 p.m.35 views

CVE-2026-25890

Summary: CVE-2026-25890 affects File Browser prior to 2.57.1, where an authenticated user can bypass the file-path disallow rules by adding multiple slashes (e.g., //private/) to the request URL. The authorization check fails to match the rule while the underlying filesystem resolves the path, gr...

8.1CVSS5.5AI score0.00461EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/02/09 9:21 p.m.31 views

CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

8.1CVSS0.00461EPSS
Exploits2References3
OSV
OSV
added 2026/02/09 9:21 p.m.5 views

CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

8.1CVSS5.5AI score0.00461EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1974

Malware in sbrugna...

7.6CVSS6.5AI score0.00675EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/05/16 8:43 a.m.4 views

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

7.4CVSS6.8AI score0.0199EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/16 8:25 a.m.5 views

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

7.4CVSS6.8AI score0.0199EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.4 views

SUSE CVE-2015-0557

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive...

5.8CVSS7.2AI score0.03367EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.3 views

SUSE CVE-2015-2750

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...

6.1CVSS6.1AI score0.01376EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.2 views

SUSE CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

7.4CVSS9.1AI score0.0199EPSS
Exploits0References44
RedHat Linux
RedHat Linux
added 2022/11/15 10:30 a.m.5 views

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

7.4CVSS6.8AI score0.0199EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/03 3:25 p.m.4 views

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

7.4CVSS6.8AI score0.0199EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/08/25 7:0 a.m.4 views

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

...

7.4CVSS7.8AI score0.0199EPSS
Exploits0
OSV
OSV
added 2022/08/23 1:15 a.m.2 views

UBUNTU-CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

7.4CVSS6.8AI score0.0199EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/08/23 12:0 a.m.1 views

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

6.3AI score0.0199EPSS
Exploits0References18
Rows per page
Query Builder