Lucene search
K

328 matches found

Nuclei
Nuclei
added yesterday54 views

Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

7.5CVSS6.7AI score0.02289EPSS
Exploits1References2
NVD
NVD
added 3 days ago7 views

CVE-2026-29519

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS0.00386EPSS
Exploits1References2
CVE
CVE
added 3 days ago11 views

CVE-2026-29519

CVE-2026-29519 affects Lucee CFML Server across 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. It describes a reflected cross-site scripting vulnerability in URL path parsing, where unauthenticated remote attackers can cause arbitrary JavaScript to execute in a victim’s browser by embedding payloa...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42906

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS0.00386EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57164

Name of the Vulnerable Software and Affected Versions Lucee CFML Server versions 5.3.x Lucee CFML Server versions 6.1.x Lucee CFML Server versions 6.2.x Lucee CFML Server versions 7.0.x Description Reflected cross-site scripting occurs during URL path parsing, allowing unauthenticated remote...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References4
NVD
NVD
added last week7 views

CVE-2026-54893

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS0.00143EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week10 views

CVE-2026-54893

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added last week5 views

EUVD-2026-41876

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 4:15 p.m.8 views

EUVD-2026-39800

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/23 8:8 a.m.10 views

Improper Access Control

LangGraph Python SDK is vulnerable to Improper Access Control. The vulnerability is due to unsafe URL path construction using unsanitized user-supplied identifiers, where special characters in identifier values can alter the intended request path and target unintended resources, allowing attacker...

9.1CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:14 p.m.25 views

CVE-2017-20269 Joomla! Component KissGallery 1.0.0 SQL Injection

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

8.8CVSS0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:14 p.m.6 views

CVE-2017-20269

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49066

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description An issue exists where the software fails to properly normalize file paths when creating zip or tar archives on Linux hosts. Specifically, the getFiles function uses filepath.ToSlash, which does...

6.8CVSS6AI score0.00189EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.15 views

CVE-2026-8362

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 1:15 p.m.8 views

GHSA-86QP-5C8J-P5MR Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

6.5CVSS5.9AI score0.01438EPSS
Exploits2References9
EUVD
EUVD
added 2026/05/27 7:42 p.m.10 views

EUVD-2026-32643

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome...

9.8CVSS6.1AI score0.00316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:40 p.m.16 views

CVE-2026-8363

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

9.8CVSS6.1AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 7:40 p.m.17 views

CVE-2026-8363

CVE-2026-8363: A stack-based buffer overflow in WOSDeviceDropFolder.dll occurs when processing a long URL path starting with /resources. Documented under Gladinet Triofox; affected component is WOSDeviceDropFolder.dll. CVSS v3.1 shows a critical base score of 9.8 (Network, No user interaction, pr...

9.8CVSS6.1AI score0.00335EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 12:47 a.m.16 views

HTTP Request Smuggling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to HTTP Request Smuggling via the request.url reconstruction process. An attacker can bypass path-based security checks by supplying a malformed Host header that causes request.url.path t...

6.9CVSS5.5AI score0.01438EPSS
Exploits2References2
Rows per page
Query Builder