CVE-2026-44588

SiYuan (desktop) contains a DOM-based RCE chain stemming from CVE-2026-44588. In versions < 3.7.0, tooltip text is produced by escaping only certain HTML chars with escapeAriaLabel, leaving %XX sequences intact. The aria-label attribute thus stores a URL-escaped payload like %3Cimg...%3E. The ...

CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

GHSA-3X2W-63FP-3QVW SciTokens has an Authorization Bypass via Path Traversal in Scope Validation

Summary The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path from the token and the requested path from the...

Interpretation Conflict

github.com/traefik/traefik is vulnerable to Interpretation Conflict. The vulnerability is due to improper path normalization when handling Path, PathPrefix, or PathRegex matchers, which allows an attacker to use URL-encoded characters to bypass middleware and access unintended backend services...

CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-69211

CVE-2025-69211 affects Nest.js applications using the Fastify platform integration before version 11.1.11. The issue is a bypass in the Fastify URL encoding middleware that can skip security checks implemented via NestMiddleware (via MiddlewareConsumer) or app.use(), particularly when middleware ...

EUVD-2024-21409

Malicious code in bioql PyPI...

CVE-2025-40927 CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...

CVE-2025-4302

The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path...

PT-2025-23052 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.13.0 through 2.1.0 Description: The issue is related to the deserialization of untrusted data in Apache InLong, which can lead to the bypass of JDBC URL encoding and backspace. This can potentially cause security...

CVE-2024-36498 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

DEBIAN-CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...