CVE-2025-47952 Traefik allows path traversal using url encoding

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...

traefik -- Path traversal vulnerability

The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it...

Debian DLA-2188-1 : php5 security update

Three issues have been found in php5, a server-side, HTML-embedded scripting language. CVE-2020-7064 A one byte out-of-bounds read, which could potentially lead to information disclosure or crash. CVE-2020-7066 An URL containing zero \0 character will be truncated at it, which may cause some...

Code injection

Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service application crash via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters...

CVE-2008-4381

The CVE-2008-4381 entry describes a vulnerability in Microsoft Internet Explorer 7 where remote attackers can cause an application crash (DoS) by running Javascript that calls alert with a URL-encoded string containing a large number of invalid characters. The core issue is a DoS condition trigge...