HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

PT-2025-49684

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.32 and 2.11.31 through 3.6.2 Description Traefik is an HTTP reverse proxy and load balancer. Requests using PathPrefix, Path, or PathRegex matchers can bypass path normalization. When Traefik uses path-based...

CVE-2025-66202

Astro (web framework) is affected by CVE-2025-66202: versions 5.15.7 and below are vulnerable to a double URL encoding bypass that lets unauthenticated attackers bypass middleware pathname checks and access protected routes. The fix for CVE-2025-64765 in 5.15.8 decodes URLs only once, leaving roo...

Use of Non-Canonical URL Paths for Authorization Decisions

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions due to improper URL decoding logic. The pathname validation used for...

PT-2025-48291

Name of the Vulnerable Software and Affected Versions Astro versions 5.15.7 and below Description Astro, a web framework, is affected by a double URL encoding bypass. This allows unauthenticated attackers to bypass path-based authentication checks in Astro middleware, potentially granting...

Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH

Summary The expected protocDigest is ignored when protoc is taken from the PATH. Details The documentation for the protocDigest parameter says: ... Users may wish to specify this if using a PATH-based binary ... However, when specifying PATH the protocDigest is not actually checked because the co...

GHSA-J2PC-V64R-MV4F Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH

Summary The expected protocDigest is ignored when protoc is taken from the PATH. Details The documentation for the protocDigest parameter says: ... Users may wish to specify this if using a PATH-based binary ... However, when specifying PATH the protocDigest is not actually checked because the co...

EUVD-2021-15220

Malware in sbrugna...

EUVD-2015-3257

Malware in sbrugna...

EUVD-2022-28983

Malicious code in bioql PyPI...

ROS-20250814-04

Vulnerability in the moddavsvn module of the Subversion centralized version control system is related to a bug in the path-based authorization rule lookup. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

CVE-2014-9362

Cross-site scripting XSS vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a...

SUSE CVE-2025-46569

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

Linux Distros Unpatched Vulnerability : CVE-2021-28544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured...

CVE-2024-10005

CVE-2024-10005 affects Consul and Consul Enterprise. The issue arises from using URL paths in L7 traffic intentions, allowing bypass of HTTP request path-based access rules. Evidence from multiple sources (NVD entry and industry advisories) confirms the vulnerability in Consul’s URL path handling...

HashiCorp Consul 安全漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp, USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A security vulnerability exists in HashiCorp Consul that stems from the use of UR...

BIT-MODSECURITY2-2024-1019 WAF bypass of the ModSecurity v3 release line

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

SUSE CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

Fedora 38 : libmodsecurity (2024-698e541c52)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-698e541c52 advisory. - Update to 3.0.12 - Security fix for CVE-2024-1019 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...