Lucene search
K

531 matches found

CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Heimdall 安全漏洞

Heimdall is an open-source application panel and launcher developed by LinuxServer.io. Versions of Heimdall prior to 0.17.10 contained security vulnerabilities. These vulnerabilities were caused by errors in encoding URL strings, which could lead to rule bypasses...

8.2CVSS6.4AI score0.003EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

WordPress plugin wpDiscuz 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.6AI score0.00161EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 12:36 a.m.2 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SCIM API when URL-encoded path values are used. An attacker can access sensitive user information, including names, email addresses, phone numbers, addresses, external IDs,...

8.7CVSS5.8AI score0.00584EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 9:37 p.m.27 views

CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

7.5CVSS0.00584EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 9:37 p.m.4 views

CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

7.5CVSS5.8AI score0.00584EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/11 12:26 a.m.5 views

Improper Encoding or Escaping of Output

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the setReturnUrl function. An attacker can execute arbitrary JavaScript in the context of the application by supplying a crafted return URL...

6.9CVSS6AI score0.00185EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/03/03 6:42 p.m.19 views

USN-8062-2: curl vulnerabilities

USN-8062-1 fixed vulnerabilities in curl. This update provides the corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224 for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that curl incorrectly handled...

6.3CVSS6AI score0.00457EPSS
Exploits2
Snyk
Snyk
added 2026/02/10 6:44 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitation of paths received from SCP servers. An attacker can access or modify files outside the intended directory by sending specially crafted file paths. Note: Libssh maintainers strongly discourage...

6.3CVSS6.9AI score0.00408EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.5 views

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

9.6CVSS5.4AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 4:15 a.m.4 views

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

9.6CVSS5.7AI score0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 4:15 a.m.5 views

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

9.6CVSS0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 3:6 a.m.5 views

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

2.1CVSS5.3AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 3:6 a.m.27 views

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

2.1CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 3:6 a.m.12 views

CVE-2025-66606

CVE-2025-66606 affects Yokogawa FAST/TOOLS (R9.01–R10.04) with multiple packages listed (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB). The vulnerability arises from improper URL encoding, enabling an attacker to tamper with web pages or execute malicious scripts. Connected sources confirm the affected ...

9.6CVSS5.3AI score0.00217EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the Yokogawa FAST/TOOLS R9.01 version up to R10.04. These vulnerabilities stem from improper URL encoding, allowing attackers to...

9.6CVSS5.8AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 1:16 p.m.27 views

CVE-2026-1523 Path Traversal in Digitek from Grupo Azkoyen

Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U Azkoyen Group. This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http:///..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. By manipulating...

8.7CVSS0.01087EPSS
Exploits0References1
CVE
CVE
added 2026/02/05 1:16 p.m.12 views

CVE-2026-1523

CVE-2026-1523 affects Digitek ADT1100 and Digitek DT950 from Primion Digitek (Azkoyen Group). The Red Hat/NVD/PT-SEC reports describe a path traversal vulnerability that allows an attacker to access arbitrary files on the server by manipulating input with URL-encoded directory traversal sequences...

8.7CVSS5.6AI score0.01087EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 1:50 p.m.8 views

USN-7977-1 git-lfs vulnerabilities

Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for URL-encoded characters. An attacker could possibly use this issue to learn sensitive information. CVE-2024-53263 It was discovered that Git LFS could have its git lfs checkout and git lfs...

8.6CVSS7.2AI score0.0104EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/01/26 1:50 p.m.12 views

USN-7977-1: Git LFS vulnerabilities

Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for URL-encoded characters. An attacker could possibly use this issue to learn sensitive information. CVE-2024-53263 It was discovered that Git LFS could have its git lfs checkout and git lfs...

8.6CVSS7.1AI score0.0104EPSS
Exploits0
OSV
OSV
added 2026/01/20 4:35 p.m.3 views

GHSA-G6Q3-96CP-5R5M @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

Summary A security vulnerability exists in @fastify/express where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the middleware engine fails to match the encoded path and skips execution, the underlying Fastif...

8.4CVSS5.6AI score0.00321EPSS
Exploits0References5
Rows per page
Query Builder