6 matches found
@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes
Impact @fastify/middie v9.3.1 and earlier incorrectly re-prefixes middleware paths when propagating them to child plugin scopes. When a child plugin is registered with a prefix that overlaps with a parent-scoped middleware path, the middleware path is modified during inheritance and silently fail...
PT-2025-46679
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121 Description An unauthenticated attacker could construct a malicious URL utilizing the retur...
CVE-2025-21040
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information...
PT-2025-38056
Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 9.3 Description: LDAP Account Manager LAM is a web frontend for managing entries stored in an LDAP directory. The application allows stored cross-site scripting in the Profile section via the profile nam...
CVE-2016-1783
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site...
Apple iOS HTTPProtocol Remote Code Execution Vulnerability
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in the implementation of the HTTPProtocol in iOS versions prior to 9.3 in nghttp2 versions prior to 1.6.0, which can lead to the...