28 matches found
CVE-2026-45065
CVE-2026-45065 affects Symfony’s UrlGenerator in the Symfony PHP framework. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters with a pattern built as ^ + raw requirement + $, and ungrouped alternations can cause middle alternatives to match as unanchore...
Authentication Bypass
LiteLLM is vulnerable to Authentication Bypass. The vulnerability is due to improper Host header parsing during route validation, where the authentication layer derives the effective route from Host-influenced request metadata and may evaluate a different route than the one processed by FastAPI,...
PT-2026-45058
Name of the Vulnerable Software and Affected Versions PraisonAI Platform affected versions not specified Description A systemic object-level authorization flaw exists in workspace-scoped REST routes. An authenticated user can access, modify, or delete objects belonging to another workspace by...
CVE-2026-25882
Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...
Fiber 安全漏洞
Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain security vulnerabilities. These vulnerabilities stem from lack of validation during route registration and unbounded array writes during request matching, which may lead to application crashe...
PT-2026-8059
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'call by route name' function in the routing layer only validating user capabilities without enforci...
CVE-2025-60694
A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...
PT-2025-46868
Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 router firmware versions prior to 2.0.11.001 us Description A flaw exists in the validate static route function of the httpd binary. This function does not properly check the size of data when combining CGI parameters – route...
CVE-2025-52958 Junos OS and Junos OS Evolved: When route validation is enabled, BGP connection establishment failure causes RPD crash
A Reachable Assertion vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS.On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition...
CBL Mariner 2.0 Security Update: frr (CVE-2024-55553)
The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-55553 advisory. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update receiv...
Azure Linux 3.0 Security Update: frr (CVE-2024-55553)
The version of frr installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-55553 advisory. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update receiv...
Linux Distros Unpatched Vulnerability : CVE-2024-55553
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer...
Linux Distros Unpatched Vulnerability : CVE-2024-45239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a...
[SECURITY] [DLA 4029-1] frr security update
From: Arturo Borrero Gonzalez [email protected] To: [email protected] Subject: SECURITY DLA 4029-1 frr security update - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4029-1 [email protected]...
DEBIAN-CVE-2024-55553
In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than th...
AZL-55066 CVE-2024-55553 affecting package frr for versions less than 9.1.1-3
In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than th...
PT-2025-1316
Name of the Vulnerable Software and Affected Versions FRRouting versions 6.0 through 10.2.1 FRRouting versions prior to 10.3 Description The issue is related to the re-validation of routes in FRRouting. An attacker can trigger re-parsing of the RIB for FRR routers using RTR by causing more than t...
DEBIAN-CVE-2024-56170
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent...
DEBIAN-CVE-2024-45236
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...
DEBIAN-CVE-2024-45238
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...