531 matches found
PT-2025-53755
Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.11 Description Nest is a framework used for building scalable Node.js server-side applications. A flaw exists where the Fastify URL encoding middleware can be bypassed. This impacts applications utilizing...
cl-cybersec-pysxss
XSS WAF Lab – Payload Generator This project studies how Web...
Qnap QTS and QuTS hero Improper Handling of URL Encoding (CVE-2024-48866)
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
Astro 安全漏洞
Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions 5.15.7 and below, which stems from a double URL encoding bypass that could allow an unauthenticated attacker to access protected routes...
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Authentication Bypass via Double URL Encoding in Astro Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- Summary A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. Whi...
body-parser is vulnerable to denial of service when url encoding is used
Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...
BIT-GITLAB-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...
CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...
CVE-2025-11990 Improper Handling of URL Encoding (Hex Encoding) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...
CLSA-2025-1762867600 git-lfs: Fix of CVE-2024-53263
CVE-2024-53263: fix issue where Git LFS could expose user credentials via URL- encoded control characters in host's URL...
Cross-site Scripting
dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...
EUVD-2021-1580
Malware in sbrugna...
EUVD-2021-1309
Malware in sbrugna...
EUVD-2003-0102
Malware in sbrugna...
EUVD-2011-4229
Malware in sbrugna...
EUVD-2015-1146
Malware in sbrugna...
EUVD-2019-4119
Malware in sbrugna...
EUVD-2010-0673
Malware in sbrugna...
EUVD-2019-8010
Malware in sbrugna...
EUVD-2003-0312
Malware in sbrugna...