10 matches found
GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points
Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...
CVE-2026-41428
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...
CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters
WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...
GHSA-V2WJ-Q39Q-566R Vite: `server.fs.deny` bypassed with queries
Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...
CVE-2025-30208
CVE-2025-30208 (Vite) : In affected Vite versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10, an attacker can bypass file-access controls via URLs using trailing query markers (e.g., ?raw?? or ?import&raw??), causing arbitrary files to be exposed when the dev server is network-accessible. ...
SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Riptide RG-WALL-160S Firewall
RG-WALL 160S is a 100 Gigabit firewall product launched by Ruijie Network. The RG-WALL-160S firewall has a SNMP protocol community string authentication privilege bypass vulnerability. It allows an attacker to bypass SNMP access control by utilizing arbitrary strings or integer values to write...
SNMP String Bypass Vulnerability in Two ZTE ZXSS10 Voice Gateway Integrated Access Devices
ZXSS10 I524-FXS2400A and ZXSS10 I508-FXS0800B are two voice gateway integrated access devices from ZTE. An SNMP string bypass vulnerability exists in the ZTE ZXSS10 two voice gateway integrated access devices. An attacker can bypass SNMP access control by using arbitrary strings or integer values...
SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Some Vendor Devices
SNMP is a network management standard based on the TCP/IP protocol family and is a standard protocol for managing network nodes such as servers, workstations, routers, switches, etc. in an IP network. SNMP protocol community strings of some vendors' devices have authentication privilege bypass...
Captcha! CAPTCHA bypass
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Request Forgery и Insufficient Anti-automation уязвимостях в капче Captcha!. Это капча плагин для WordPress. Данная капча уязвима для CSRF и Null string bypass method. CSRF + Insufficient Anti-automation: Эксплоиты:...
Another vulnerability in PHP-Nuke captcha
Здравствуйте 3APA3A! Сообщаю вам о найденной мною другой Insufficient Anti-automation уязвимости в капче PHP-Nuke. Данная капча уязвима для Null string bypass method. Insufficient Anti-automation: Эксплоит: http://websecurity.com.ua/uploads/2007/MoBiC/PHP-Nuke20CAPTCHA20bypass3.html Уязвима верси...