62 matches found
Astra Linux - уязвимость в tomcat9
Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions from 11.0.0-M1...
EUVD-2026-10599
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-10598
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-23674
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-23674
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
MapUrlToZone Security Feature Bypass Vulnerability
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
PT-2026-24277
Уязвимость метода MapUrlToZone операционных систем Windows связана с неправильным разрешением эквивалентности пути. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие механизмы безопасности...
Path Equivalence
Overview rou3 is a Lightweight and fast router for JavaScript. Affected versions of this package are vulnerable to Path Equivalence due to insufficient preservation of empty segments. An attacker can bypass access restrictions and rate limits by sending requests with multiple slashes in the URL...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' (Internal Dot) vulnerability (CVE-2025-24813).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' Internal Dot vulnerability CVE-2025-24813. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path...
Path Equivalence
Overview melisplatform/melis-cms-slider is a Melis Platform slider module Affected versions of this package are vulnerable to Path Equivalence via the mcsdetailimg parameter. An attacker can execute arbitrary code on the server by uploading a malicious file through a POST request to...
EUVD-2022-15898
Malicious code in bioql PyPI...
EUVD-2025-27311
Malicious code in bioql PyPI...
EUVD-2025-3724
Malicious code in bioql PyPI...
ROS-20250912-09
Vulnerability in the implementation of the CORS mechanism of the Python PyPi language software product repository is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. remotely to disclose protected...
CVE-2025-54107
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
CVE-2025-54107
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
MapUrlToZone Security Feature Bypass Vulnerability
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
CLSA-2025-1755272015 tomcat: Fix of CVE-2025-24813
CVE-2025-24813: fix path equivalence vulnerability leading to remote code execution and information disclosure...
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat [CVE-2025-24813]
Summary IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat, due to a Path Equivalence issue with 'file.Name' Internal Dot CVE-2025-24813. Apache Tomcat is used in our Speech microservices. This...