CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

EUVD-2024-43127

Malicious code in bioql PyPI...

CVE-2025-47952

Traefik (HTTP reverse proxy/load balancer) had a path-matching bypass vulnerability prior to 2.11.25 and 3.4.1 when a URL with an encoded path string could bypass the middleware chain and target a backend exposed via another router. Affected versions: <2.11.25 and

CVE-2024-48866 QTS, QuTS hero

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

CVE-2024-48866 QTS, QuTS hero

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

CVE-2004-1165

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command...

Squid < 2.5.STABLE5 %xx URL Encoding ACL Bypass

Binary data 1212.prm...

CVE-2002-2145

Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space %20 and a '.' %2e at the end of the filename...