Lucene search
K

77 matches found

NVD
NVD
added 2026/04/15 7:16 p.m.5 views

CVE-2026-40256

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...

5CVSS0.00324EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 6:36 p.m.23 views

CVE-2026-40256

Weblate (localization tool) contains a defect in repository-boundary validation prior to version 5.17 where absolute path checks use a simple startswith against the repository root, not path-segment aware. This can be bypassed when an external path shares the same string prefix as the repository ...

5CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 6:36 p.m.10 views

CVE-2026-40256 Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...

5CVSS5.8AI score0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 6:36 p.m.24 views

CVE-2026-40256 Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...

5CVSS0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.14 views

PT-2026-33125

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17 Description Repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This process is not...

5CVSS5.9AI score0.00324EPSS
Exploits0References9
OSV
OSV
added 2026/04/08 12:4 a.m.3 views

GHSA-5Q48-Q4FM-G3M6 File Browser has an access rule bypass via HasPrefix without trailing separator in path matching

Hi, The Matches function in rules/rules.go uses strings.HasPrefix without a trailing directory separator when matching paths against access rules. A rule for /uploads also matches /uploadsbackup/, granting or denying access to unintended directories. Verified against v2.62.2 commit 860c19d. Detai...

6.3CVSS5.8AI score0.00392EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:4 a.m.7 views

File Browser has an access rule bypass via HasPrefix without trailing separator in path matching

Hi, The Matches function in rules/rules.go uses strings.HasPrefix without a trailing directory separator when matching paths against access rules. A rule for /uploads also matches /uploadsbackup/, granting or denying access to unintended directories. Verified against v2.62.2 commit 860c19d. Detai...

7.5CVSS5.9AI score0.00392EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/02 6:44 p.m.3 views

GHSA-H2JQ-G4CQ-5PPQ Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.8 views

CVE-2026-34451

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 10:51 p.m.4 views

EUVD-2026-17294

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:51 p.m.6 views

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/31 5:1 p.m.28 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS0.00272EPSS
Exploits1References2
NVD
NVD
added 2026/03/31 3:16 p.m.3 views

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 3:16 p.m.2 views

DEBIAN-CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS5.2AI score0.00153EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:47 p.m.3 views

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS5.7AI score0.00153EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 1:47 p.m.6 views

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an...

2.8CVSS5.2AI score0.00153EPSS
Exploits0
NVD
NVD
added 2026/03/31 3:15 a.m.5 views

CVE-2026-32716

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

8.1CVSS0.00389EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 1:31 a.m.4 views

CVE-2026-32716 SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

8.1CVSS5.8AI score0.00389EPSS
Exploits1References5
CVE
CVE
added 2026/03/31 1:31 a.m.14 views

CVE-2026-32716

Summary: SciTokens Enforcer prior to 1.9.6 validates scope paths with a simple prefix match, allowing a token for a path like /john to access sibling paths (/johnathan, /johnny), causing an Authorization Bypass. Affecting: SciTokens library (pre-1.9.6). Root cause: incorrect scope path validation...

8.1CVSS5.8AI score0.00389EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 1:31 a.m.21 views

CVE-2026-32716 SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

8.1CVSS0.00389EPSS
Exploits1References3
Rows per page
Query Builder