Lucene search
K

29 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 1:17 p.m.7 views

CVE-2026-10856

A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...

5.1CVSS5.7AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 10:22 p.m.6 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect when certain URLs with path values starting with // are processed. An attacker can redirect users to external domains by supplying specially crafted protocol-relative URLs. Note: Users that utilise Declarative Mode are not...

8.7CVSS5.9AI score0.00162EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 5:55 p.m.107 views

CVE-2026-40181

Summary: CVE-2026-40181 affects React Router. In versions 7.0.0–7.14.0 and 6.7.0–6.30.3, redirect() can produce an open redirect to an external domain when the URL starts with //, due to protocol-relative URL handling. Impact depends on application-side redirect validation and does not affect Dec...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/06 5:33 p.m.213 views

Exploit for CVE-2026-33186

CVE-2026-33186 gRPC-Go RBAC Authorization Policy Bypass via M...

9.1CVSS6AI score0.01557EPSS
Exploits1
OSV
OSV
added 2026/03/27 8:16 p.m.8 views

UBUNTU-CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

9.8CVSS5.8AI score0.00202EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/27 8:16 p.m.4 views

CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

9.8CVSS5.9AI score0.00202EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/03/20 10:23 p.m.5 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
EUVD
EUVD
added 2026/03/20 10:23 p.m.4 views

EUVD-2026-13830

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/27 7:30 a.m.24 views

CVE-2025-9909 Aap-gateway: improper path validation in gateway allows credential exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

6.7CVSS0.00167EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2025-54839

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gateway path. A malicious or socially engineered administrator can configure a...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References6
OSV
OSV
added 2026/02/23 6:23 p.m.4 views

GO-2026-4506 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path in github.com/open-policy-agent/opa-envoy-plugin

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsedpath in github.com/open-policy-agent/opa-envoy-plugin...

7.1CVSS5.3AI score0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/19 7:31 p.m.29 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS0.0038EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 7:31 p.m.14 views

CVE-2026-26205

CVE-2026-26205 affects the opa-envoy-plugin for Envoy (opa-envoy-plugun). Versions prior to 1.13.2-envoy-2 construct input.parsed_path by treating HTTP request paths as full URIs and interpreting leading segments with ‘//’ as authorities, which drops those segments from the parsed path. This crea...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 7:31 p.m.4 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 7:31 p.m.6 views

CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.7AI score0.0038EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/18 3:25 p.m.8 views

opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/18 3:25 p.m.3 views

GHSA-9F29-V6MM-PW6W opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20568

Name of the Vulnerable Software and Affected Versions opa-envoy-plugun versions prior to 1.13.2-envoy-2 Description The opa-envoy-plugun plugin has an issue in how the input.parsed path field is constructed. HTTP request paths are treated as full URIs during parsing, leading to the interpretation...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References115
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-3008

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw exists in Grafana’s datasource proxy API that permits bypassing authorization checks. This is achieved by including an additional slash character within the URL path. Users with limite...

5CVSS6AI score0.00027EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/16 9:22 p.m.3 views

EUVD-2025-203845

Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits...

6.5AI score
Exploits0References2
Rows per page
Query Builder