Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50158

Name of the Vulnerable Software and Affected Versions Hugo versions 0.123.0 through 0.161.1 Description A regression in the virtual filesystem allows a symlink confinement bypass. The RootMappingFs.statRoot function calls Stat, which follows symlinks, instead of Lstat. This allows a direct lookup...

6.9CVSS6AI score0.00024EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/04 9:7 p.m.10 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to a race condition in the process that reads and verifies files before returning bytes. An attacker can access data outside the intend...

8.3CVSS5.8AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 5:19 p.m.1 views

CVE-2026-33490 h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

H3 is a minimal HTTP framework. In versions 2.0.0-0 through 2.0.1-rc.16, the mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next...

3.7CVSS5.9AI score0.00239EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 5:19 p.m.4 views

CVE-2026-33490 h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

H3 is a minimal HTTP framework. In versions 2.0.0-0 through 2.0.1-rc.16, the mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next...

3.7CVSS6AI score0.00239EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 8:50 p.m.3 views

GHSA-2J6Q-WHV2-GH6W h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

Summary The mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next character after the base is / or end-of-string, middleware...

3.7CVSS6AI score0.00239EPSS
Exploits1References3
Rows per page
Query Builder