533 matches found
CVE-2023-47106
Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...
CVE-2020-11821
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...
CVE-2020-12409
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...
CVE-2019-5590
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML form...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2012-6431
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string...
CVE-2024-8021
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...
GHSA-7V2W-H4GH-W5CV Gradio Vulnerable to Open Redirect
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...
CVE-2024-8021
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...
CVE-2024-8021
CVE-2024-8021 is an open redirect vulnerability in gradio-app/gradio identified across multiple sources. The issue allows an attacker to trigger a 302 redirect to a malicious site by exploiting URL encoding, effectively steering users to attacker-controlled destinations via crafted requests. Affe...
CVE-2024-8021 Open Redirect in gradio-app/gradio
An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...
USN-7351-1 resteasy vulnerabilities
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. CVE-2020-10688 Mirko Selber discovered that RESTEasy improperly validated user input...
USN-7351-1: RESTEasy vulnerabilities
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. CVE-2020-10688 Mirko Selber discovered that RESTEasy improperly validated user input...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : RESTEasy vulnerabilities (USN-7351-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7351-1 advisory. Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could...
Important: git-lfs
Issue Overview: Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it...
Astra Linux – Vulnerability in Apache2
A encoding issue in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. Users are recommended to upgrade to version 2.4.60, which fix...
CVE-2021-4452
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary we...
CVE-2020-26226
In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a U...
AZL-55644 CVE-2024-53263 affecting package git-lfs for versions less than 3.5.1-4
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...
AZL-55670 CVE-2024-53263 affecting package git-lfs for versions less than 3.6.1-1
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...