12 matches found
PT-2026-43445
Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...
Linux Distros Unpatched Vulnerability : CVE-2026-27590
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a...
CVE-2026-24895 FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...
CVE-2026-24895
FrankenPHP CGI path splitting bug before 1.11.2 uses lowercased path for split index and applies it to the original path, causing SCRIPT_NAME/SCRIPT_FILENAME to point to the wrong file and potentially execute an unintended file. Root cause: Go strings.ToLower can increase byte length for certain ...
PT-2026-21775
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 FrankenPHP versions prior to 1.11.2 Description Caddy and FrankenPHP are vulnerable to a path confusion issue due to incorrect handling of Unicode characters during case conversion in the FastCGI path splitting...
Fortinet FortiWeb Path Confusion in GUI (FG-IR-25-910)
The version of FortiWeb installed on the remote host is 7.0.x prior to 7.0.12, 7.2.x prior to 7.2.12, 7.4.x prior to 7.4.10, 7.6.x prior to 7.6.5, or 8.0.x prior to 8.0.2. It is, therefore, affected by a path confusion vulnerability as referenced in the FG-IR-25-910 advisory: - A relative path...
Path Confusion
Hono is vulnerable to path confusion leading to proxy-level ACL bypass. The vulnerability is due to reliance on fixed character offsets when parsing request URLs due to incorrect handling of malformed absolute-form Request-URIs; attackers can craft such malformed absolute-form Request-URIs to cau...
CVE-2025-58362
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
CVE-2025-58362
Hono web framework (versions 4.8.0–4.9.5) contains a flaw in the getPath utility (parsing in utils/url.ts) that can cause path confusion when handling certain malformed absolute-form Request-URIs, potentially bypassing proxy-level ACLs (e.g., Nginx location blocks). The root cause is reliance on ...
GHSA-9HP6-4448-45G2 Hono's flaw in URL path parsing could cause path confusion
Summary A flaw in the getPath utility function could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. Details The original implementation relied on fixed character offsets when parsing request URLs. Under certain malformed absolute-form Request-URIs, this...
GHSA-674J-7M97-J2P9 curl FTP path confusion leads to NIL byte out of bounds write
curl can be coerced into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen ...
Shopify: Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage
Shopify.com Web Cache Deception Vulnerability Matteo Golinelli, July 21, 2021. I am testing websites for possible Web Cache Deception vulnerabilities you can find more about it here and I discovered that shopify.com is vulnerable. Web cache deception WCD is an attack where an attacker tricks a...