Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/04/03 8:41 p.m.3 views

CVE-2026-34786

A flaw was found in Rack. A remote attacker can exploit this vulnerability by sending a specially crafted request with a URL-encoded static path. This bypasses security-relevant response headers intended for static content, potentially leading to information disclosure or other unintended...

6.5CVSS5.8AI score0.00195EPSS
Exploits0References4
EUVD
EUVDadded 2026/01/20 4:35 p.m.6 views

EUVD-2026-3320

@fastify/express vulnerable to Improper Handling of URL Encoding Hex Encoding...

8.4CVSS5.3AI score0.00321EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/01/20 3:27 p.m.3 views

CVE-2026-22031

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...

8.8CVSS5.5AI score0.00457EPSS
Exploits1References1
F5 Networks
F5 Networksadded 2023/02/21 6:53 p.m.131 views

K93278412: Python and Jython vulnerabilities CVE-2014-1912 and CVE-2014-4650

Security Advisory Description CVE-2014-1912 Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. CVE-2014-4650 It was discovered...

9.8CVSS8.6AI score0.28112EPSS
Exploits12
NVD
NVDadded 2020/11/09 5:15 p.m.20 views

CVE-2020-14366

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...

7.5CVSS6.7AI score0.0136EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2015/07/20 2:0 p.m.4 views

python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...

9.8CVSS7AI score0.24148EPSS
Exploits5References4
Mageia
Mageiaadded 2014/07/08 10:35 p.m.57 views

Updated python & python3 packages fix two vulnerabilities

Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...

9.8CVSS7.1AI score0.24148EPSS
Exploits6References4
Rows per page
Query Builder