Lucene search
K

12 matches found

NVD
NVD
added 2026/06/26 1:16 p.m.7 views

CVE-2026-57920

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...

7.7CVSS0.0022EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 12:20 p.m.35 views

CVE-2026-57920

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...

7.7CVSS0.0022EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52699

Name of the Vulnerable Software and Affected Versions Peplink InControl 2 versions 2 through 2.14.2 Description An access control bypass exists in certain /rest/o/orgId endpoints. This issue allows the use of a semicolon to circumvent established access-control rules. Recommendations Update Pepli...

7.7CVSS5.9AI score0.0022EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:26 p.m.6 views

CVE-2026-50559

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS5.8AI score0.00451EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/05/04 5:20 p.m.9 views

Incorrect Authorization

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain...

8.8CVSS6AI score0.00444EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/05 2:51 p.m.4 views

CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

7.5CVSS6.8AI score0.00535EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-59830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still...

7.5CVSS6.6AI score0.00535EPSS
Exploits0References2
OSV
OSV
added 2025/09/26 12:0 a.m.5 views

UBUNTU-CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

7.5CVSS6.6AI score0.00535EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/25 4:39 p.m.9 views

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...

7.5CVSS6.8AI score0.00535EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/25 3:16 p.m.2 views

DEBIAN-CVE-2025-59830

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

7.5CVSS5.8AI score0.00535EPSS
Exploits0References1
RubySec
RubySec
added 2025/09/25 12:0 a.m.7 views

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...

7.5CVSS6.8AI score0.00535EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2014/10/25 10:55 p.m.2 views

DEBIAN-CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

6.8CVSS7.2AI score0.03101EPSS
Exploits0References1
Rows per page
Query Builder