GHSA-2J6Q-WHV2-GH6W h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

Summary The mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next character after the base is / or end-of-string, middleware...

UBUNTU-CVE-2026-27837

Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...

CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()

Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...

CMSimple_XH 安全漏洞

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

CodeChecker open redirect when URL contains multiple slashes after the product name

Summary --- CodeChecker versions up to 6.24.5 contain an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL's path segment. This results in bypassing protections against CVE-2021-28861, leading to the same open redirect pathway. Detai...

PT-2024-40884 · Fastjson2 · Fastjson2

Name of the Vulnerable Software and Affected Versions: fastjson2 affected versions not specified Description: The issue is related to a security exception in the fastjson2 library. A crash occurs due to a cycle in the JSONPathSegment, specifically in the CycleNameSegment$MapLoop.accept method. Th...

PT-2022-19705 · Google · Android Google Search App

Name of the Vulnerable Software and Affected Versions: Android Google Search app versions prior to 13.41 Description: The issue is caused by the incorrect usage of uri.getLastPathSegment, allowing a symbolic encoded string to bypass path logic and access unintended directories. This could lead to...

Google Search 路径遍历漏洞

Google Search is an Internet search engine from Google, Inc. The Google Search application suffers from a path traversal vulnerability that stems from the misuse of its uri.getLastPathSegment resulting in a symbolically encoded string that can bypass the path logic to access an unintended directo...

CVE-2020-6085

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

DEBIAN-CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

UBUNTU-CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

CVE-2014-8828

Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path...

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...

apache -- Remote DoS bug in mod_cache and mod_dav

Apache ChangeLog reports: moddav, modcache: Fix Handling of requests without a path segment...

Mozilla/Netscape crossite scripting

If dot is present in the end of hostname Mozilla teat part of the path as a domain...