9876 matches found
vCenter Server - Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. id: CVE-2021-22017 info: name:...
LG Supersign EZ CMS - Remote Code Execution
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail. id: CVE-2018-17173 info: name: LG Supersign EZ CMS - Remote Code Execution author: pussycat0x severity: critical description: | LG SuperSign CMS allows remote attackers...
Solara <1.35.1 - Local File Inclusion
A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...
CVE-2026-62314
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP...
CVE-2026-62314
Anubis Web AI Firewall Utility vulnerable in versions 1.22.0–1.26.0-pre1 due to PathChecker.Check() trusting the client-controlled X-Original-URI header before r.URL.Path, enabling bypass of the challenge via ALLOW rules (e.g., ^/.well-known/.*$). A fixed release is 1.26.0-pre1; upgrade to mitiga...
CVE-2026-62314 Anubis: Policy bypass via client controlled X-Original-URI header
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP...
CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI
Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...
EUVD-2026-44628
Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...
CVE-2026-10672 Unterminated URI buffer causes out-of-bounds read in LwM2M firmware pull (Package URI)
subsys/net/lib/lwm2m/lwm2mpullcontext.c copied the firmware-update Package URI into a fixed static buffer context.uri, size CONFIGLWM2MSWMGMTPACKAGEURILEN, default 128 with memcpycontext.uri, uri, LWM2MPACKAGEURILEN, copying exactly the destination size with no length validation. The...
CVE-2026-10672
CVE-2026-10672 affects Zephyr LwM2M firmware pull: code copies the firmware-package URI into a fixed 128-byte buffer without length validation, using memcpy for an up-to 254-character URI. The server-supplied URI is stored in a 255-byte object buffer; only the first 128 bytes are copied into cont...
CVE-2026-10672 Unterminated URI buffer causes out-of-bounds read in LwM2M firmware pull (Package URI)
subsys/net/lib/lwm2m/lwm2mpullcontext.c copied the firmware-update Package URI into a fixed static buffer context.uri, size CONFIGLWM2MSWMGMTPACKAGEURILEN, default 128 with memcpycontext.uri, uri, LWM2MPACKAGEURILEN, copying exactly the destination size with no length validation. The...
CVE-2026-8384
CVE-2026-8384 describes a URI normalization issue in the context of Eclipse Jetty: a crafted HTTP URI like "/public;/../admin/secret.txt" yields an unresolved path "/public/../admin/secret.txt" instead of the expected "/admin/secret.txt". Jetty itself remains unaffected, since it won’t serve secr...
EUVD-2026-42964
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...
fast-uri: fast-uri: URI authority bypass due to improper delimiter handling
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...
fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...
CVE-2026-59892
A flaw was found in the @opentelemetry/propagator-jaeger component of OpenTelemetry JavaScript. This vulnerability allows an unauthenticated remote attacker to send specially crafted HTTP header values, specifically uber-trace-id and uberctx-. The component improperly decodes these values without...
Linux Distros Unpatched Vulnerability : CVE-2026-59882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing...
CVE-2026-59802 PasswordPusher < 2.8.1 - Redirect-Based XSS via data URI in URL Push Payload
PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...
CVE-2026-59802 PasswordPusher < 2.8.1 - Redirect-Based XSS via data URI in URL Push Payload
PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...