Lucene search
K

351 matches found

OSV
OSV
added 2026/04/25 11:29 p.m.5 views

GHSA-43JV-5J4X-QV67 Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation

Summary Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent %2f is not recognized and therefore not processed as expected when allowencodedslashes is set to off the default setting. Th...

7.8CVSS5.8AI score0.00396EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.10 views

PT-2026-37186

Name of the Vulnerable Software and Affected Versions Heimdall versions prior to 0.17.14 Description Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, whereas percent-encoding is defined as case-insensitive. When the allow encoded slashes variable is set to off the default...

7.8CVSS5.8AI score0.00396EPSS
Exploits0References11
OSV
OSV
added 2026/04/22 6:31 p.m.3 views

GHSA-VCHC-9GGH-3236 Duplicate Advisory: uutils coreutils has a Path Traversal issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89p7-7cq3-hhr2. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect t...

5.6CVSS6.1AI score0.00166EPSS
Exploits1References3
NVD
NVD
added 2026/04/22 5:16 p.m.6 views

CVE-2026-35363

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS0.00166EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.30 views

CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS0.00166EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.7 views

CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00166EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35363

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00166EPSS
Exploits1References2
CVE
CVE
added 2026/04/22 4:8 p.m.26 views

CVE-2026-35363

The CVE-2026-35363 entry concerns the rm utility in uutils coreutils. The issue: path normalization bug allows bypass of safeguards for the current directory. It correctly refuses . and .. but fails to recognize equivalent paths with trailing slashes (e.g., ./ or .///). An accidental/malicious ex...

5.6CVSS6AI score0.00166EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34499

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the rm utility allows the bypass of safeguard mechanisms designed to protect the current directory. Although the utility prevents the deletion of . or .., it does not...

5.6CVSS6AI score0.00166EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-35363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility...

5.6CVSS5.8AI score0.00166EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/16 10:28 p.m.4 views

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict in the resolveNormalizationOptions function's deprecated ignoreDuplicateSlashes configuration option. An attacker can bypass middleware by crafting URLs with...

9.1CVSS5.7AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 10:28 p.m.3 views

GHSA-V9WW-2J6R-98Q6 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/16 10:28 p.m.8 views

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

9.1CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/16 10:28 p.m.10 views

EUVD-2026-23235

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 9:16 p.m.4 views

GHSA-V92G-XGXW-VVMM Mako: Path traversal via double-slash URI prefix in TemplateLookup

Summary TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations: - Template.init strips one leading / using if/slice - TemplateLookup.gettemplate strips all...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References6
NVD
NVD
added 2026/04/16 3:17 p.m.6 views

CVE-2026-33804

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

9.1CVSS0.00278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:56 p.m.7 views

CVE-2026-33804

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/16 1:56 p.m.4 views

CVE-2026-33804 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 1:56 p.m.33 views

CVE-2026-33804 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

7.4CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 1:56 p.m.18 views

CVE-2026-33804

CVE-2026-33804 affects @fastify/middie v9.3.1 and earlier, where middleware bypass can occur when the deprecated top-level ignoreDuplicateSlashes option is enabled. The middleware’s path-matching does not account for duplicate-slash normalization performed by Fastify’s router, allowing requests w...

9.1CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder