Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

83 matches found

AstraLinux
AstraLinuxadded 5 days ago21 views

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...

10CVSS8.7AI score0.99945EPSS
Exploits46References2
Snyk
Snykadded 2026/06/17 12:0 a.m.3 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Snyk
Snykadded 2026/06/17 12:0 a.m.3 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Snyk
Snykadded 2026/06/17 12:0 a.m.4 views

Path Equivalence

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Snyk
Snykadded 2026/06/17 12:0 a.m.4 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Snyk
Snykadded 2026/06/17 12:0 a.m.4 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.14 views

PT-2026-50145

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.14 Description Deno's permission system on macOS enforces filesystem and execution restrictions by comparing requested paths against those supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. The...

7.3CVSS6AI score0.0001EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/10 6:31 p.m.4 views

EUVD-2026-10599

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

7.5CVSS5.8AI score0.01191EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/10 6:31 p.m.4 views

EUVD-2026-10598

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

7.5CVSS5.8AI score0.01191EPSS
Exploits0References2
NVD
NVDadded 2026/03/10 6:18 p.m.3 views

CVE-2026-23674

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

7.5CVSS0.01191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/10 5:5 p.m.2 views

CVE-2026-23674

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

7.5CVSS5.9AI score0.01191EPSS
Exploits0References2Affected Software21
Microsoft CVE
Microsoft CVEadded 2026/03/10 2:0 p.m.6 views

MapUrlToZone Security Feature Bypass Vulnerability

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

7.5CVSS5.8AI score0.01191EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/03/10 12:0 a.m.2 views

PT-2026-24277

Уязвимость метода MapUrlToZone операционных систем Windows связана с неправильным разрешением эквивалентности пути. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие механизмы безопасности...

7.8CVSS5.8AI score0.01191EPSS
Exploits0References7
Snyk
Snykadded 2025/12/16 9:22 p.m.3 views

Path Equivalence

Overview rou3 is a Lightweight and fast router for JavaScript. Affected versions of this package are vulnerable to Path Equivalence due to insufficient preservation of empty segments. An attacker can bypass access restrictions and rate limits by sending requests with multiple slashes in the URL...

7.3CVSS6.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/30 9:25 p.m.26 views

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' (Internal Dot) vulnerability (CVE-2025-24813).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' Internal Dot vulnerability CVE-2025-24813. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path...

10CVSS9.3AI score0.99945EPSS
Exploits46Affected Software1
OSV
OSVadded 2025/10/20 1:56 p.m.5 views

CLSA-2025-1760712981 Fix CVE(s): CVE-2025-24813

SECURITY UPDATE: path Equivalence leads to Remote Code Execution and/or Information disclosure - debian/patches/CVE-2025-24813.patch: Enhance lifecycle of temporary files used by partial PUT - CVE-2025-24813...

10CVSS5.8AI score0.99945EPSS
Exploits46References1
Snyk
Snykadded 2025/10/08 11:42 a.m.3 views

Path Equivalence

Overview melisplatform/melis-cms-slider is a Melis Platform slider module Affected versions of this package are vulnerable to Path Equivalence via the mcsdetailimg parameter. An attacker can execute arbitrary code on the server by uploading a malicious file through a POST request to...

9.8CVSS6.1AI score0.0254EPSS
Exploits3References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-15898

Malicious code in bioql PyPI...

7.4CVSS6.9AI score0.00973EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-3724

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.01227EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-27311

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00855EPSS
Exploits0References1
Rows per page
Query Builder