CVE-2026-33732

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

srvx is vulnerable to middleware bypass via absolute URI in request line

Summary A pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Details When Node.js receives an absolute URI in the request line e.g. GET file://hehe?/internal/run...

h3 has a middleware bypass with one gadget

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

PT-2026-26194

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

react-native-url-preview (>=1.1.1 <=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=1.6.0 <=2.1.13)

link-preview-js NPM version =1.6.0, =1.1.1, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: OSV:GHSA-H9CW-7G8J-H66H...

react-native-url-preview (=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=2.0.4 <=2.1.13)

link-preview-js NPM version =2.0.4, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: SNYK:JS-LINKPREVIEWJS-2933520...