CVE-2026-53930

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

CVE-2026-40994

Summary: CVE-2026-40994 affects Spring Web Services where Wss4jSecurityInterceptor initializes its BSP flag to disable BSP enforcement on inbound data, weakening protocol-level WS-Security checks. Affected versions: Spring Web Services 5.0.0–5.0.1; 4.1.0–4.1.3; 4.0.0–4.0.18; 3.1.0–3.1.8. Impact (...

EUVD-2026-36204

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicio...

CVE-2025-44005

The CVE describes an Authorization bypass in Smallstep Step CA where ACME or SCEP provisioners can create certificates without completing certain protocol authorization checks. Affected component: Step CA (ACME/SCEP provisioners). Root cause: bypass of authorization checks. Impact: potential issu...

CVE-2025-44005

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...

URL Validation Bypass

validator.js is vulnerable to a URL Validation Bypass. The vulnerability is due to isURL using :// instead of : to parse protocols, allowing attackers to craft URLs that bypass protocol and domain checks and potentially enable XSS or open-redirect attacks...

F5 BIG-IP AFM Denial of Service Vulnerability (CNVD-2025-07319)

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A denial of service vulnerability exists in F5 BIG-IP AFM, which stems from a misconfiguration of protocol checks and can be exploited by an attacker to cause an increase in CPU resource utilization...

F5 BIG-IP AFM 安全漏洞

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A denial of service vulnerability exists in F5 BIG-IP AFM, which stems from a misconfiguration of protocol checks and can be exploited by an attacker to cause an increase in CPU resource utilization...

Snappy 代码问题漏洞

Snappy is a PHP library from the individual developers at KNP Labs that allows thumbnails, snapshots or PDFs to be generated from url or html pages. A code issue vulnerability exists in versions of Snappy prior to 1.4.2 that stems from a lack of protocol checks. An attacker can exploit this...

CVE-2022-23108

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

PT-2022-15850 · Jenkins · Jenkins Badge Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Badge Plugin versions 1.9 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape the description and does not check for allowed protocols when...

CVE-2012-2654

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

Vulnerabilities in kses-based HTML filters

Vulnerabilities in kses-based HTML filters ========================================== During internal code review performed by Allegro.pl, some weaknesses were discovered in kses - PHP HTML/XHTML filter. HTML filters using or based on kses are part of many popular projects, including WordPress,...