Lucene search
K

531 matches found

Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.6 views

PT-2025-53755

Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.11 Description Nest is a framework used for building scalable Node.js server-side applications. A flaw exists where the Fastify URL encoding middleware can be bypassed. This impacts applications utilizing...

9.1CVSS6.4AI score0.00355EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2025/12/26 2:6 p.m.156 views

cl-cybersec-pysxss

XSS WAF Lab – Payload Generator This project studies how Web...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.3 views

Qnap QTS and QuTS hero Improper Handling of URL Encoding (CVE-2024-48866)

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

5.3CVSS5.5AI score0.00431EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

Astro 安全漏洞

Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions 5.15.7 and below, which stems from a double URL encoding bypass that could allow an unauthenticated attacker to access protected routes...

6.5CVSS6.5AI score0.00273EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/08 4:26 p.m.9 views

Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765

Authentication Bypass via Double URL Encoding in Astro Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- Summary A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. Whi...

6.9CVSS7.3AI score0.0047EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/25 2:20 p.m.10 views

body-parser is vulnerable to denial of service when url encoding is used

Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...

6.9CVSS6.7AI score0.00342EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/20 9:3 a.m.4 views

BIT-GITLAB-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

3.5CVSS6.8AI score0.00263EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/15 8:3 a.m.10 views

CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

3.1CVSS0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/15 8:3 a.m.2 views

CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

3.1CVSS6.2AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 2025/11/11 1:26 p.m.8 views

CLSA-2025-1762867600 git-lfs: Fix of CVE-2024-53263

CVE-2024-53263: fix issue where Git LFS could expose user credentials via URL- encoded control characters in host's URL...

8.5CVSS7.1AI score0.0104EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/27 1:58 p.m.5 views

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1580

Malware in sbrugna...

5.3CVSS5.3AI score0.01316EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-1309

Malware in sbrugna...

2.5CVSS3.8AI score0.00286EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2003-0102

Malware in sbrugna...

7.5CVSS6.4AI score0.01392EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-4229

Malware in sbrugna...

4.3CVSS6.1AI score0.01197EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2015-1146

Malware in sbrugna...

6.4CVSS6.4AI score0.01374EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-4119

Malware in sbrugna...

9.8CVSS6.5AI score0.04151EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-0673

Malware in sbrugna...

5CVSS6.4AI score0.07522EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-8010

Malware in sbrugna...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2003-0312

Malware in sbrugna...

7.5CVSS6.4AI score0.05989EPSS
Exploits1References2
Rows per page
Query Builder