540 matches found
CVE-2026-16117 @fastify/http-proxy vulnerable to prefix escape via URL-encoded characters
Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string...
Gradio - Open Redirect
Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. id: CVE-2024-8021 info: name: Gradio - Open Redirect author: DhiyaneshDK severity: medium description: | Gradio...
EUVD-2026-43638
Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...
Apache Tomcat 10.1.0.M1 < 10.1.57 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.57. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.57security-10 advisory. - Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allow...
Apache Tomcat 11.0.0.M1 < 11.0.24 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 11.0.24. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.24security-11 advisory. - Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allow...
UBUNTU-CVE-2026-57211
RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...
CVE-2026-57211
RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...
EUVD-2026-39122
SiYuan: Path Traversal via Double URL Encoding in /assets/path publish mode arbitrary file─read, Incomplete fix of CVE-2026-41894...
CVE-2026-57955
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...
EUVD-2026-40140
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...
CVE-2026-45807
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...
EUVD-2026-39605
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...
CVE-2026-50745
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...
PT-2026-52978
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.43 Kestra versions prior to 1.3.19 Description An authenticated user can perform a path traversal attack to read arbitrary files on the host filesystem that the process has access to, such as /etc/passwd or mounted...
CVE-2026-54066
SiYuan
CVE-2026-54066 SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...
PT-2026-52107
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An unauthenticated remote attacker can read arbitrary files within the WorkspaceDir when the system is in publish mode, which is an anonymous read-only HTTP endpoint. This is achieved by using...
CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-8100
Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...