Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1272 matches found

Github Security Blog
Github Security Blogadded 2026/01/07 12:31 p.m.9 views

OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS7AI score0.00163EPSS
Exploits0References6Affected Software1
NVD
NVDadded 2026/01/07 12:17 p.m.2 views

CVE-2026-0650

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS0.00163EPSS
Exploits0References3
Snyk
Snykadded 2026/01/07 4:55 a.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...

9.8CVSS7.1AI score0.00163EPSS
Exploits0References2
Snyk
Snykadded 2026/01/07 4:55 a.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via improper path normalization in the whitelist logic. An attacker can gain unauthorized access to protected API endpoints by sending crafted requests that bypass authentication checks. This...

9.8CVSS7.1AI score0.00163EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/07 4:29 a.m.20 views

CVE-2026-0650 OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS0.00163EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/07 4:29 a.m.2 views

CVE-2026-0650 OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

9.3CVSS6.6AI score0.00163EPSS
Exploits0References3
CVE
CVEadded 2026/01/07 4:29 a.m.10 views

CVE-2026-0650

OpenFlagr (github.com/openflagr/flagr) is affected by an authentication bypass in the HTTP middleware caused by improper path normalization in the whitelist logic. Affected versions are prior to and including 1.1.18. The vulnerability can allow unauthenticated access to protected API endpoints, w...

9.3CVSS6.6AI score0.00163EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/07 12:0 a.m.3 views

PT-2026-1559

Name of the Vulnerable Software and Affected Versions OpenFlagr versions prior to and including 1.1.18 Description The software contains an authentication bypass issue in the HTTP middleware. Improper path normalization within the whitelist logic allows crafted requests to bypass authentication,...

9.3CVSS6.7AI score0.00163EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2026/01/07 12:0 a.m.1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000171)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000171 advisory. An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence,...

7.5CVSS7.3AI score0.03582EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/01/07 12:0 a.m.2 views

flagr 安全漏洞

flagr is a monitoring service from openflagr open source. A security vulnerability exists in flagr version 1.1.18 and earlier, which stems from improper path normalization of the whitelisting logic in the HTTP middleware, which could lead to authentication bypass...

9.3CVSS6.5AI score0.00163EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/06 7:27 a.m.1 views

CVE-2025-69226

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. An attacker can exploit a vulnerability in the path normalization logic for static files to determine if specific absolute path components exist on the server. This information disclosure is possible if the...

6.3CVSS5.9AI score0.00053EPSS
Exploits0References5
OSV
OSVadded 2026/01/05 11:15 p.m.1 views

DEBIAN-CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

5.3CVSS7.5AI score0.00053EPSS
Exploits0References1
NVD
NVDadded 2026/01/05 11:15 p.m.1 views

CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS0.00053EPSS
Exploits0References2
OSV
OSVadded 2026/01/05 11:15 p.m.3 views

AZL-73526 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS7AI score0.00053EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/01/05 11:15 p.m.3 views

CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS7AI score0.00053EPSS
Exploits0References4
OSV
OSVadded 2026/01/05 11:15 p.m.0 views

UBUNTU-CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS6.2AI score0.00053EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/01/05 11:9 p.m.8 views

AIOHTTP vulnerable to brute-force leak of internal static file path components

Summary Path normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain the existence of absolute path components. Impact If an application uses web.static not recommended for production deployments, it may be possible for an attacker to ascertai...

6.3CVSS6.8AI score0.00053EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinuxadded 2026/01/05 10:52 p.m.2 views

CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS6.7AI score0.00053EPSS
Exploits0
OSV
OSVadded 2026/01/05 10:52 p.m.3 views

CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS6.5AI score0.00053EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/05 10:52 p.m.1 views

CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS6.2AI score0.00053EPSS
Exploits0References2
Rows per page
Query Builder