Lucene search
K

10 matches found

OSV
OSV
added 2026/06/05 9:47 p.m.7 views

GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

5.5AI score0.00044EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:17 p.m.5 views

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS5.5AI score0.00445EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 10:57 p.m.4 views

CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

6.5CVSS5.9AI score0.00718EPSS
Exploits1References4
OSV
OSV
added 2026/04/06 6:3 p.m.3 views

GHSA-V2WJ-Q39Q-566R Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References7
CVE
CVE
added 2025/03/24 5:3 p.m.400 views

CVE-2025-30208

CVE-2025-30208 (Vite) : In affected Vite versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10, an attacker can bypass file-access controls via URLs using trailing query markers (e.g., ?raw?? or ?import&raw??), causing arbitrary files to be exposed when the dev server is network-accessible. ...

7.5CVSS7.2AI score0.76736EPSS
Exploits28References6Affected Software1
CNVD
CNVD
added 2017/05/15 12:0 a.m.1 views

SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Riptide RG-WALL-160S Firewall

RG-WALL 160S is a 100 Gigabit firewall product launched by Ruijie Network. The RG-WALL-160S firewall has a SNMP protocol community string authentication privilege bypass vulnerability. It allows an attacker to bypass SNMP access control by utilizing arbitrary strings or integer values to write...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/05/12 12:0 a.m.2 views

SNMP String Bypass Vulnerability in Two ZTE ZXSS10 Voice Gateway Integrated Access Devices

ZXSS10 I524-FXS2400A and ZXSS10 I508-FXS0800B are two voice gateway integrated access devices from ZTE. An SNMP string bypass vulnerability exists in the ZTE ZXSS10 two voice gateway integrated access devices. An attacker can bypass SNMP access control by using arbitrary strings or integer values...

6.8AI score
Exploits0
CNVD
CNVD
added 2017/04/27 12:0 a.m.5 views

SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Some Vendor Devices

SNMP is a network management standard based on the TCP/IP protocol family and is a standard protocol for managing network nodes such as servers, workstations, routers, switches, etc. in an IP network. SNMP protocol community strings of some vendors' devices have authentication privilege bypass...

9.1CVSS7.5AI score0.17397EPSS
Exploits3References1
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.33 views

Captcha! CAPTCHA bypass

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Request Forgery и Insufficient Anti-automation уязвимостях в капче Captcha!. Это капча плагин для WordPress. Данная капча уязвима для CSRF и Null string bypass method. CSRF + Insufficient Anti-automation: Эксплоиты:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/11/14 12:0 a.m.36 views

Another vulnerability in PHP-Nuke captcha

Здравствуйте 3APA3A! Сообщаю вам о найденной мною другой Insufficient Anti-automation уязвимости в капче PHP-Nuke. Данная капча уязвима для Null string bypass method. Insufficient Anti-automation: Эксплоит: http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Nuke20CAPTCHA20bypass3.html Уязвима верси...

0.4AI score
Exploits0
Rows per page
Query Builder