2 matches found
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
Framework Session package Arbitrary Code Execution Vulnerability
Joomla! Framework is the U.S. Open Source Matters team developed a set of Web applications written in PHP framework , Session is one of the packages used for the session layer . A security vulnerability exists in the Joomla! Framework Session package version 1.3.1 prior to version 1.x. A remote...