Lucene search
+L

303 matches found

Snyk
Snyk
added 2026/04/16 10:29 p.m.6 views

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict in the propagation of middleware paths to child plugin scopes due to incorrect re-prefixing. An attacker can gain unauthorized access to protected routes by...

9.3CVSS5.7AI score0.00498EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:17 a.m.5 views

Improper Input Validation

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Input Validation via the getCookie function. An attacker can override legitimate cookies and bypass prefix protections by setting cookies with non-breaking space prefixes, leadin...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static...

7.5CVSS6.9AI score0.00387EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 6:44 p.m.5 views

EUVD-2026-18382

Rack::Static prefix matching can expose unintended files under the static root...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 5:16 p.m.1 views

DEBIAN-CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.2AI score0.00387EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:44 p.m.3 views

CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/31 7:48 a.m.3 views

CVE-2026-32716

A flaw was found in SciTokens. The Enforcer component incorrectly validates scope paths by using a simple prefix match. This allows an attacker with a valid token for a specific path to gain unauthorized access to sibling paths that share the same prefix. This authorization bypass can lead to...

8.1CVSS5.8AI score0.00389EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29401

Name of the Vulnerable Software and Affected Versions: SiYuan versions 3.6.0 through 3.6.1 Description: SiYuan is a personal knowledge management system. The SanitizeSVG function, introduced in version 3.6.0 to address XSS in the unauthenticated /api/icon/getDynamicIcon endpoint, can be bypassed ...

8.6CVSS5.9AI score0.00469EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.9 views

SUSE CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

7.1CVSS5.8AI score0.00298EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

7.1CVSS5.8AI score0.00298EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:37 a.m.3 views

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

7.1CVSS5.8AI score0.00298EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 3:37 a.m.36 views

CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

7.1CVSS0.00298EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.3 views

CVE-2026-22217

OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...

7.8CVSS6.5AI score0.00125EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/16 8:27 p.m.4 views

GO-2026-4697 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo

SFTPGo improperly sanitizes placeholders in group home directories/key prefixes in github.com/drakkan/sftpgo...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 7:4 p.m.26 views

CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS0.00309EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 7:4 p.m.17 views

CVE-2026-30915 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 6:56 p.m.6 views

EUVD-2026-12073

SFTPGo improperly sanitizes placeholders in group home directories/key prefixes...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.8 views

SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/13 6:56 p.m.7 views

GHSA-M83Q-5WR4-4GFP SFTPGo improperly sanitizes placeholders in group home directories/key prefixes

Impact SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the...

6.9CVSS5.8AI score0.00309EPSS
Exploits0References4
OSV
OSV
added 2026/03/04 6:58 p.m.3 views

GHSA-F6H3-846H-2R8W OpenClaw's elevated allowFrom accepted broader identity signals than specified within sender-scoped authorization

Summary In certain elevated-mode configurations, tools.elevated.allowFrom accepted broader identity signals than intended. The fix tightens matching to sender-scoped identity by default and makes mutable metadata matching explicit. Context OpenClaw is commonly used in 1:1 chats or trusted group...

5.3CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder