32 matches found
CVE-2026-45554
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
CVE-2026-45554
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
EUVD-2026-19974
Emmett has a path traversal in internal assets handler...
PYSEC-2026-59
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-3050
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
PT-2026-21612
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...
actix-files has a possible exposure of information vulnerability
Summary When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files. Details The actix-files library exposes a Files struct that configures an actix service to serve the files in a folder as static assets. Below you can find the...
MAL-2024-9510 Malicious code in atlassian-static-assets-url-plugin (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in odn-static-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a49d8b382070675781a5628be927a75dfaa48ed927b0dbb4d39f49cde36bbc6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8461 Malicious code in odn-static-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a49d8b382070675781a5628be927a75dfaa48ed927b0dbb4d39f49cde36bbc6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2014-7818
Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when servestaticassets is enabled, allows remote attackers to determine the existence o...
SUSE CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestaticassets is enabled, allows remote attackers to determine the existence o...
dash-live 跨站脚本漏洞
dash-live is a library by Alex Ashley, a personal developer. Fake DASH Live profile endpoints using static assets. A cross-site scripting vulnerability exists in dash-live, which stems from a ready function in the static/js/media.js file of its DOM Node Handler component that allows an attacker t...
Design/Logic Flaw
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...
CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...
rust-embed directory traversal vulnerability
rust-embed is the embedding of static assets into rust binaries. rust-embed versions prior to 6.3.0 have security vulnerabilities that can be exploited by attackers in debug mode to cause directory traversal...
What’s the difference between a CDN and a Web Accelerator❓
A Content Delivery Network CDN is a network of servers that deliver static assets to the end-user, while a Web Accelerator is another way of saying a CDN with a different name. The CDN is a network that has, as its primary function, optimizing access to content that is in demand, usually in the...
Server secret was included in static assets and served to clients
Impact Server JWT signing secret was included in static assets and served to clients. This ALLOWS Flood's builtin authentication to be bypassed. Given Flood is granted access to rTorrent's SCGI interface which is unprotected and ALLOWS arbitrary code execution and usually wide-ranging privileges ...
Directory Traversal
Overview io.jooby:jooby is a modular web framework for Java and Kotlin. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System directory as in: assets"/static/", Paths.get"static" The class path...
Directory traversal vulnerability in actionpack
Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestaticassets is enabled, allows remote attackers to determine the existence o...