CVE-2026-29791

Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in...

CVE-2026-29791 Agentgateway: Missing parameter sanitization in MCP to OpenAPI conversion

Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in...

Apple Xcode 安全漏洞

Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from a denial of service vulnerability that originates from a process crash when handling too large a path value. An attacker can...

PT-2025-37859

Name of the Vulnerable Software and Affected Versions: Xcode version 26 Description: Processing an overly large path value may crash a process. This issue is fixed with improved checks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

resteasy: Error message exposes endpoint class information

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

Prototype Pollution

mpath is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into Object.prototype to add or modify the path values...

Directory Traversal

spring-webmvc is vulnerable to directory traversal attack. The vulnerability exists due to the improper sanitization of the path values which allows valid Windows files to be served as static resources. This vulnerability only affects spring-webmvc running on Windows which allows serving files wi...

PHP Multiple Function Security Bypass Vulnerabilities

PHP is a general-purpose web programming language. A security bypass vulnerability exists in the PHP setincludepath, tempnam, rmdir, and readlink functions, where by accepting null values in a path, a remote attacker can submit special values to bypass security controls on the path values...

PHP pcnt_exec() function security bypass vulnerability

PHP is a general-purpose web programming language. The PHP pcntexec function accepts null values in paths and is vulnerable to a security bypass vulnerability. A remote attacker can submit special values to bypass security controls on path values...

Cisco 9900 Series Phone Arbitrary File Download Vulnerability

A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phone's file system. The vulnerability is due to incomplete filtering of path values. An attacker could exploit this vulnerabilit...