5 matches found
CVE-2026-42882
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...
PT-2026-37288
Name of the Vulnerable Software and Affected Versions s3-proxy versions prior to 0.0.0-20260424211602-1320e4abd46a Description Inconsistent URL path normalization and routing logic lead to authorization bypasses, allowing unauthenticated access to protected objects. The issues stem from a mismatc...
wcurl 2024.12.08 < 2025.11.04 Path Traversal
The version of wcurl installed on the remote host is prior to 2025.11.04. It is, therefore, affected by a path traversal vulnerability when the URL contains a percent-encoded slash. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versi...
The vulnerability of the Mozilla Firefox browser and the Thunderbird email client relates to the presence of the %2F character in the URL address of the manifest file, which allows an attacker to disclose protected information.
The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to the presence of the slash character in the URL address of the manifest file. Exploiting this vulnerability can allow an attacker to disclose protected information...
UBUNTU-CVE-2020-12415
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox 78...