SUSE CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

GO-2026-4486 FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP in github.com/dunglas/frankenphp

FrankenPHP's unicode case-folding length expansion causes incorrect splitpath index SCRIPTNAME/PATHINFO confusion in FrankenPHP in github.com/dunglas/frankenphp...

CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

GHSA-G966-83W7-6W38 FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP

Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower in Go can increase the...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $SERVER'SCRIPTNAME' leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is...

CVE-2021-4309 01-Scripts 01ACP cross site scripting

A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $SERVER'SCRIPTNAME' leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is...

CVE-2018-5337

Zoho ManageEngine Desktop Central is affected by CVE-2018-5337. The issue is a directory traversal vulnerability in the SCRIPT_NAME field when modifying existing scripts, present in versions 10.0.124 and 10.0.184. An attacker could exploit this vulnerability to read files. The connected CNVD/NVD ...

CVE-2018-5337

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPTNAME field when modifying existing scripts...

CVE-2018-10059

Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...

CVE-2018-10059

Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...

Joomla jr_tfb Directory Traversal

comjrtfb Directory Traversal Vulnerability Author : Fl0riX | Bug Researchers ! Greetz: All My Friends ! ScriptName: Joomla comjrtfb ! info : http://layout.in.ua/index.php?option=comjrsoftcatalog&view=jrsoft&id=1&Itemid=33 ! Demo :http://demo.layout.in.ua/ ! Example;...

Joomla Basdv Local File Inclusion / Directory Traversal

combsadv Directory Traversal Vulnerability Author : Fl0riX | Bug Researchers ! Greetz: Sakkure And All My Friends ! ScriptName: Joomla combsadv ! Demo :http://www.simons5.com/portal/ ! Example; /index.php?option=combsadv&controller=../../../../../../../../etc/passwd%00...

cpCommerce 1.2.x File Inclusion

!/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation: cpCommerce contains one flaw that allows an attacker to...