CVE-2025-56499

Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...

CVE-2025-56499

Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...

mihomo 安全漏洞

mihomo is an open source API interface for MetaCubeX. A security vulnerability exists in mihomo version v1.19.11, which stems from improper access control and could lead to reading arbitrary files...

PT-2025-47393

Name of the Vulnerable Software and Affected Versions mihomo version 1.19.11 Description An access control issue exists in mihomo version 1.19.11. Authenticated attackers with limited privileges can read arbitrary files with higher privileges. This is achieved by obtaining an external control key...

CVE-2025-56499

Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...

CVE-2025-56499

VULNERABILITY: CVE-2025-56499 affects mihomo v1.19.11. Description: an access-control issue allows authenticated attackers with low privileges to read arbitrary files with elevated privileges by obtaining the external control key from the configuration file. Impact: elevated read access (confiden...

GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

PT-2025-43549

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.16.27 HashiCorp Vault Enterprise versions prior to 1.16.27 HashiCorp Vault versions prior to 1.19.11 HashiCorp Vault Enterprise versions prior to 1.19.11 HashiCorp Vault versions prior to 1.20.5 HashiCorp...

SUSE-SU-2023:2845-1 Security update for go1.19

This update for go1.19 fixes the following issues: go was updated to version 1.19.11 bsc1200441: - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http bsc1213229...

GHSA-3VJF-82FF-P4R3 Incorrect protocol extraction via \r, \n and \t characters

\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11. This can lead to XSS when the module is used to prevent passing in malicious javascript: links into HTML or Javascript see following example:...

GHSA-G694-M8VQ-GV9H URL Confusion When Scheme Not Supplied in medialize/uri.js

Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...

URL Confusion When Scheme Not Supplied in medialize/uri.js

Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...

CVE-2022-1233

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...