CVE-2026-47676

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the...

Authentication Bypass

Apache Camel is vulnerable to Authentication Bypass. The vulnerability is due to the authentication handler matching only the exact configured context path, not its subpaths, where unauthenticated requests to subpaths can reach protected business routes and management endpoints without being...

GHSA-27VM-5VPJ-RP5G Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

CVE-2026-40022

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

CVE-2026-40022

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

CVE-2024-48569

Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting XSS vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/...

PT-2024-14076

Name of the Vulnerable Software and Affected Versions Grafana JSON datasource plugin affected versions not specified Description The JSON datasource plugin for Grafana allows retrieving and processing JSON data from a remote endpoint. Due to inadequate sanitization of the dashboard-supplied path...

BuildKit possible race condition with accessing subpaths from cache mounts

...

Race Condition

buildkit is vulnerable to a Race Condition. The vulnerability is caused when two malicious build steps are ran in parallel, sharing the same cache mounts with subpaths. This issue can be exploited by an attacker to access files on the host filesystem...

BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts

Impact Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. Patches The issue has been fixed in v0.12.5 Workarounds Avoid using BuildKit frontend...

CVE-2024-23651 BuildKit possible race condition with accessing subpaths from cache mounts

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

Path Traversal

org.apache.shiro:shiro-web is vulnerable to Path Traversal. The vulnerability exists in InvalidRequestFilter.java because it does not properly validate downloaded files for subpaths, which allows an attacker to to write to a directory outside the restricted path...

Path Traversal

github.com/nothub/mrpack-install is vulnerable to Path Traversal. The vulnerability exists because it does not properly validate downloaded files for subpaths, which allows an attacker to access files outside the restricted directory...