10 matches found
EUVD-2020-26586
Malware in sbrugna...
Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes
Summary An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. Details In the matchesPattern function, url.startsWith can be deceived with ...
DRUPAL-CONTRIB-2025-055
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings...
Panels - Critical - Access bypass - SA-CONTRIB-2025-033
Panels enables administrators to add page variants within page manager, panelizer, etc to create custom pages. The module doesn't sufficiently protect sensitive routes, allowing an attacker to view and modify blocks within variants without requiring appropriate permission. This vulnerability is...
Exploit for CVE-2025-29927
CVE-2025-29927 Checker π Introduction This script checks for t...
PT-2022-9950 Β· Beego Β· Beego
Name of the Vulnerable Software and Affected Versions: beego versions prior to 1.12.11 beego versions through 2.0.1 Description: An issue was discovered in the route lookup process in beego that allows attackers to bypass access control. Recommendations: For versions prior to 1.12.11, update to...
CVE-2020-5417
Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially...
Design/Logic Flaw
Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially...
CVE-2020-5417 Cloud Controller may allow developers to claim sensitive routes
Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially...
CVE-2020-5417: Cloud Controller may allow developers to claim sensitive routes | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry CAPI Cloud Controller, versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain which is true in the default CF Deployment manifest, is vulnerable to developers maliciously or...