22 matches found
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy was enforced on the raw filename string before the filesystem resolved it. As a result, policy rules such as /etc/ could be...
CVE-2026-33808
Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or...
CVE-2026-46724 Path Traversal in extension "Faceted Search" (ke_search)
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...
CVE-2026-42274 Heimdall: Authorization bypass via path normalization mismatch
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy ca...
PT-2026-33035
Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.5 Description An issue exists where the software fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows an unauthenticated...
CVE-2026-35668 OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...
CVE-2026-35668 OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...
CVE-2026-33494 Ory Oathkeeper has a path traversal authorization bypass
ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences...
CVE-2026-33494 Ory Oathkeeper has a path traversal authorization bypass
ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences...
CVE-2026-33494
ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences...
CVE-2026-33494 Ory Oathkeeper has a path traversal authorization bypass
ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences...
Takes 安全漏洞
Takes is an object-oriented Java web development framework by the individual developer Yegor Bugayenko. A security vulnerability exists in Takes 2.0-SNAPSHOT and earlier versions, which stems from an un-normalized HTTP request path that could lead to arbitrary file reading...
Directory Traversal
Internetarchive is vulnerable to Directory traversal. The vulnerability is due to improper sanitization and validation of user-supplied filenames due to File.download accepting unnormalized filenames; an attacker can provide names e.g. ../../../../windows/system32/file.txt to write outside the...
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...
Omise: Cache Pollution via Unkeyed GET Parameters on www.omise.co
The CDN serving the website appeared to cache pages based on the full URL, including arbitrary query parameters, without normalizing or properly keying them. This behavior resulted in cache pollution, where the cache was filled with redundant versions of the same page...
Aim 安全漏洞
Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in the bb76afe version of Aim, which stems from the LockManager.releaselocks function not normalizing user-controllable parameters, which could lead to arbitrary fil...
CVE-2024-32983 Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities
Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and impersonate the author...
Jenkins 后置链接漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins suffers from a backlink vulnerability that stems from an unnormalized path in the file path filter in the...
istio/envoy: Path traversal via URL Patch manipulation in HTTP/1.x header
A flaw was found in Envoy version 1.9.0 and older, where Envoy does not normalize HTTP URL paths. This flaw allows a remote attacker to craft a path with a relative path and to bypass access control. This issue results in a backend server with the ability to interpret the unnormalized path...
keycloak: Open Redirect in Login and Logout
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...