SUSE CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

CVE-2026-34786

A flaw was found in Rack. A remote attacker can exploit this vulnerability by sending a specially crafted request with a URL-encoded static path. This bypasses security-relevant response headers intended for static content, potentially leading to information disclosure or other unintended...

DEBIAN-CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

PT-2026-29915

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

MAL-2026-1856 Malicious code in static-content-cannabis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad874c892146b9bd12da1a27cfcf9bb790ac0fa7f7e82c795585e7343806eb1b The package static-content-cannabis was found to contain malicious code...

Malicious code in static-content-cannabis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad874c892146b9bd12da1a27cfcf9bb790ac0fa7f7e82c795585e7343806eb1b The package static-content-cannabis was found to contain malicious code...

CVE-2020-10112

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached...

EUVD-2024-33546

Malicious code in bioql PyPI...

EUVD-2023-35382

Malicious code in bioql PyPI...

EUVD-2022-52134

Malicious code in bioql PyPI...

CVE-2024-8483

The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the staticcontent function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information...

CVE-2022-4874

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a "fake logi...

CVE-2021-23016

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests t...

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

CVE-2024-10905

CVE-2024-10905 affects SailPoint IdentityIQ 8.2, 8.3, 8.4 and prior versions, where HTTP/HTTPS access to static content in the IdentityIQ application directory is improperly allowed. Root cause cited as improper handling of file names identifying virtual resources (CWE-66). Impact is high: potent...

CVE-2024-10905 IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

CVE-2024-10905 IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a security software from SailPoint, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in SailPoint IdentityIQ that originates from allowing HTTP access to static content in the application catalog that should be...