12 matches found
Splunk Enterprise 输入验证错误漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect when certain URLs with path values starting with // are processed. An attacker can redirect users to external domains by supplying specially crafted protocol-relative URLs. Note: Users that utilise Declarative Mode are not...
CVE-2026-41423
Summary: CVE-2026-41423 corresponds to an SSRF vulnerability in @angular/platform-server during SSR, where URL handling can cause the server to treat the attacker’s domain as the local origin. This occurs when a crafted request (e.g., GET /evil.com/ HTTP/1.1) is passed to Angular’s rendering func...
CVE-2026-21879 Kanboard vulnerable to Open Redirect via protocol-relative URLs
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the...
DEBIAN-CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...
OESA-2023-1884 vim security update
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...
Mozilla: Incorrect parsing of relative URLs starting with "///"
The Mozilla Foundation Security Advisory describes this flaw as: Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites...
Mozilla: Incorrect parsing of relative URLs starting with "///"
The Mozilla Foundation Security Advisory describes this flaw as: Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites...
SUSE CVE-2023-48235
Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...
DEBIAN-CVE-2023-48235
Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...
Vim Input Validation Error Vulnerability
Vim is a cross-platform text editor. An input validation error vulnerability exists in versions prior to Vim v9.0.2110, which stems from an overflow that can be inadvertently caused when parsing relative ex addresses...
Firefox arbitrary signed JAR code execution
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...