GHSA-JWP7-WG77-3W9V Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

PT-2026-42037

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

CVE-2026-34938

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

CVE-2026-34938

PraisonAI contains a Python sandbox escape in the execute_code() function of praisonai-agents. Prior to version 1.5.90, the three-layer sandbox can be bypassed by passing a str subclass with an overridden startswith() to the _safe_getattr wrapper, enabling arbitrary OS command execution on the ho...

CVE-2026-27607

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...

RustFS: Missing Post Policy Validation leads to Arbitrary Object Write

Summary RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enables unauthorized file uploads exceeding size limits, uploads to arbitrary object keys, and content-type...

GHSA-MP4X-C34X-WV3X Feathers has an origin validation bypass via prefix matching

The origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed origin. The getAllowedOrigin function checks if the Referer header starts with any allowed origin: javascript //...

PT-2025-38750

Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager affected versions not specified Description The software exhibits a critical authentication flaw that permits bypassing login validation. Access is granted when the username is set to creabox and the password starts wi...

Code-Projects School Fees Payment System 安全漏洞

School Fees Payment System is a tuition payment system. The School Fees Payment System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter namestartsWith in the file /ajx.php. An attacker can exploit this...

CVE-2023-27481

Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directususers can extract the argon2 password hashes by brute forcing the export functionality combined with a startswith filter. This allow...

PT-2024-40659 · Unknown · Generatedjavaparser

Name of the Vulnerable Software and Affected Versions: GeneratedJavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the com.github.javaparser.GeneratedJavaParser.Expression class, the java.base/java.lang.String.startsWith method...

Online School Fees System SQL注入漏洞

Online School Fees System is an online tuition system. A SQL injection vulnerability exists in Online School Fees System v1.0, which originates from a lack of validation of the parameter namestartsWith for externally entered SQL statements in the file ajx.php in the component GET Parameter Handle...

PT-2022-28288 · Ransack +2 · Ransack +2

Name of the Vulnerable Software and Affected Versions: pageflow versions prior to 14.5.2 pageflow versions prior to 15.7.1 Description: The issue allows attackers to extract sensitive properties of database objects associated with users or entries belonging to an account they have access to. This...

CVE-2020-21526

An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

SQL Injection

tortoise orm is vulnerable to SQL injection. An attacker is able to inject and execute arbtirary SQL statements via the contains, startswith or endswith filters...

PYSEC-2020-144

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...

ALPINE-CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character...