Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

Snyk
Snykadded 2026/04/17 10:20 p.m.0 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the service invocation access control process. An attacker can bypass access control policies and invoke unauthorized methods by submitting specially crafted method paths containing encoded path traversal...

8.6CVSS5.8AI score0.00035EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/05/22 8:11 a.m.3 views

CVE-2019-10771

Characters in the GET url path are not properly escaped and can be reflected in the server response...

6.1CVSS6.8AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/06 8:56 p.m.11 views

CVE-2024-50345 Open redirect via browser-sanitized URLs in symfony/http-foundation

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class...

3.1CVSS6.7AI score0.00394EPSS
Exploits0References2
OSV
OSVadded 2024/04/16 12:30 a.m.14 views

GHSA-J62R-WXQQ-F3GF mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

7.5CVSS7.3AI score0.0009EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/02/15 3:59 a.m.1 views

SUSE CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

8.8CVSS8.4AI score0.00204EPSS
Exploits0References4
WPVulnDB
WPVulnDBadded 2021/08/30 12:0 a.m.17 views

User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String

The plugin does not escape the $SERVER'QUERYSTRING' before outputting it back in attributes, which could lead to Reflected Cross-Site Scripting in web browsers which do not encode URL characters. PoC With a web browser which does not encode characters or use burp suite and decode the URL via the...

1.4AI score
Exploits0Affected Software1
Debian CVE
Debian CVEadded 2020/07/09 2:46 p.m.24 views

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

8.8CVSS9.5AI score0.00204EPSS
Exploits0
NVD
NVDadded 2007/12/12 12:46 a.m.9 views

CVE-2007-6314

BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a 1 + plus, 2 . dot, or 3 %80 and similar characters to the file name in the URL...

5CVSS6.8AI score0.06327EPSS
Exploits1References6
securityvulns
securityvulnsadded 2004/04/01 12:0 a.m.29 views

squid URL ACL protection bypass

By escaping URL characters it's possible to bypass URL filtering...

3.1AI score
Exploits0References1Affected Software1
exploitpack
exploitpackadded 2004/03/01 12:0 a.m.11 views

Squid Proxy 2.42.5 - NULL URL Character Unauthorized Access

Squid Proxy 2.42.5 - NULL URL Character Unauthorized Access source: https://www.securityfocus.com/bid/9778/info It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to...

0.5AI score
Exploits0
NVD
NVDadded 1999/12/31 5:0 a.m.18 views

CVE-1999-1223

IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / forward slash characters...

5CVSS6.5AI score0.15527EPSS
Exploits0References2
Rows per page
Query Builder