Lucene search
K

533 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.6 views

CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

6.5CVSS6.7AI score0.00625EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.3 views

CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...

5.3CVSS5.6AI score0.01103EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:11 p.m.6 views

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

8.8CVSS6.2AI score0.0102EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 a.m.7 views

CVE-2019-5590

The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML form...

6.1CVSS7.3AI score0.00965EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 a.m.7 views

CVE-2019-18209

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...

6.1CVSS6.1AI score0.00679EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 a.m.6 views

CVE-2012-6431

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string...

6.4CVSS6.8AI score0.01876EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:47 p.m.9 views

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

6.1CVSS6.6AI score0.00723EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.5 views

GHSA-7V2W-H4GH-W5CV Gradio Vulnerable to Open Redirect

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

5.4CVSS6.8AI score0.00723EPSS
Exploits1References3
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

6.1CVSS0.00723EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:11 a.m.99 views

CVE-2024-8021

CVE-2024-8021 is an open redirect vulnerability in gradio-app/gradio identified across multiple sources. The issue allows an attacker to trigger a 302 redirect to a malicious site by exploiting URL encoding, effectively steering users to attacker-controlled destinations via crafted requests. Affe...

6.1CVSS6.6AI score0.00723EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.12 views

CVE-2024-8021 Open Redirect in gradio-app/gradio

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

5.4CVSS0.00723EPSS
Exploits1References1
OSV
OSV
added 2025/03/13 2:45 p.m.7 views

USN-7351-1 resteasy vulnerabilities

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. CVE-2020-10688 Mirko Selber discovered that RESTEasy improperly validated user input...

7.5CVSS7.3AI score0.02023EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2025/03/13 2:45 p.m.13 views

USN-7351-1: RESTEasy vulnerabilities

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. CVE-2020-10688 Mirko Selber discovered that RESTEasy improperly validated user input...

7.5CVSS7.2AI score0.02023EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.11 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : RESTEasy vulnerabilities (USN-7351-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7351-1 advisory. Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could...

7.5CVSS7.3AI score0.02023EPSS
Exploits1References7
Amazon
Amazon
added 2025/02/21 12:0 a.m.6 views

Important: git-lfs

Issue Overview: Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it...

8.5CVSS7AI score0.0104EPSS
Exploits0
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.10 views

Astra Linux – Vulnerability in Apache2

A encoding issue in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. Users are recommended to upgrade to version 2.4.60, which fix...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/06 4:20 a.m.10 views

CVE-2021-4452

The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...

7.1CVSS6AI score0.00471EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 1:34 p.m.14 views

CVE-2020-26226

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a U...

8.1CVSS6.4AI score0.01384EPSS
Exploits0
OSV
OSV
added 2025/01/14 8:15 p.m.6 views

AZL-55644 CVE-2024-53263 affecting package git-lfs for versions less than 3.5.1-4

Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...

8.5CVSS7AI score0.0104EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 8:15 p.m.16 views

AZL-55670 CVE-2024-53263 affecting package git-lfs for versions less than 3.6.1-1

Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...

8.5CVSS7AI score0.0104EPSS
Exploits0References1
Rows per page
Query Builder