Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/04/16 10:29 p.m.6 views

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

Impact @fastify/middie v9.3.1 and earlier incorrectly re-prefixes middleware paths when propagating them to child plugin scopes. When a child plugin is registered with a prefix that overlaps with a parent-scoped middleware path, the middleware path is modified during inheritance and silently fail...

9.1CVSS5.8AI score0.00498EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.13 views

PT-2025-46679

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121 Description An unauthenticated attacker could construct a malicious URL utilizing the retur...

6.1CVSS6.4AI score0.00205EPSS
Exploits0References6
OSV
OSV
added 2025/09/03 6:15 a.m.4 views

CVE-2025-21040

Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information...

3.3CVSS5.8AI score0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-38056

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 9.3 Description: LDAP Account Manager LAM is a web frontend for managing entries stored in an LDAP directory. The application allows stored cross-site scripting in the Profile section via the profile nam...

4.6CVSS5.4AI score0.00162EPSS
Exploits0References9
OSV
OSV
added 2016/03/24 1:59 a.m.5 views

CVE-2016-1783

WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site...

8.8CVSS6.1AI score0.03132EPSS
Exploits0References8
CNVD
CNVD
added 2016/01/08 12:0 a.m.2 views

Apple iOS HTTPProtocol Remote Code Execution Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in the implementation of the HTTPProtocol in iOS versions prior to 9.3 in nghttp2 versions prior to 1.6.0, which can lead to the...

10CVSS9AI score0.04073EPSS
Exploits0References1
Rows per page
Query Builder