Lucene search
K

8 matches found

EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-43126

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the gettypetemplate function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

7.5CVSS6.5AI score
Exploits0References7
NVD
NVD
added 2025/04/02 1:15 p.m.40 views

CVE-2025-27556

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...

7.5CVSS0.00997EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/06/13 11:2 a.m.3 views

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

7.5CVSS7.2AI score0.01209EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.5 views

SUSE CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

7.5CVSS7AI score0.44244EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.4 views

SUSE CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

7.5CVSS8.8AI score0.90647EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/09/20 12:27 p.m.5 views

nodejs-normalize-url: ReDoS for data URLs

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

7.5CVSS7.3AI score0.01705EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.5 views

VMware vCenter Server 授权问题漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. An authorization issue vulnerability exists ...

5.3CVSS7.7AI score0.47642EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/06/10 7:23 p.m.3 views

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

8.1CVSS5.7AI score0.01571EPSS
Exploits0References4
Rows per page
Query Builder